kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Rodgers <rsrodg...@gmail.com>
Subject Re: [DISCUSS] Kafka Security Specific Features
Date Tue, 03 Jun 2014 20:03:05 GMT
... client specific presented information, signed in some way, listing topic permissions. 
read, write, list.

TLS lends itself to client certificates.


On Jun 3, 2014, at 12:57 PM, Joe Stein <joe.stein@stealth.ly> wrote:

> 4) Authorization
> 
> We should have a policy of "404" for data, topics, partitions (etc) if
> authenticated connections do not have access.  In "secure mode" any non
> authenticated connections should get a "404" type message on everything.
> Knowing "something is there" is a security risk in many uses cases.  So if
> you don't have access you don't even see it.  Baking "that" into Kafka
> along with some interface for entitlement (access management) systems
> (pretty standard) is all that I think needs to be done to the core project.
> I want to tackle item later in the year after summer after the other three
> are complete.


Mime
View raw message