> https://cwiki.apache.org/confluence/display/KAFKA/Security
Interesting. I'm curious what people are doing in the interim. We'd been chewing on options for secure communication and mutual authentication like stunnel. Actually imposing discretionary controls on the activity of clients using this model would require an server-side proxy if not done inside Kafka itself which on a first pass seemed like it would be invasive. TLS with client certificates takes advantage of the in-place infrastructure (and allows a variety of reporting and options like pinning, ...) as well as making the client mostly self describing (permissions as extensions, mostly as patterns and mostly about topic access); that actually would be nicer for some scenarios than putting the information in Zookeeper.
