accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Vines (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1681) Adjust Authorizor Interface to validate auths instead of retrieving a list
Date Wed, 11 Sep 2013 17:22:55 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13764523#comment-13764523
] 

John Vines commented on ACCUMULO-1681:
--------------------------------------

{quote}
What I'd really like is for us to come up with a comprehensive solution that implements all
these improvements and push for it to be a major feature of an upcoming release (1.7? maybe
call it 2.0?). Without that comprehensive solution, I'm reluctant to get on board for this
in 1.6.
{quote}

The problem is we really won't be able to come up with a comprehensive solution working in
a bubble. We need to iteratively work on this, not push it down the road and say it will be
super duper good by then. 
                
> Adjust Authorizor Interface to validate auths instead of retrieving a list
> --------------------------------------------------------------------------
>
>                 Key: ACCUMULO-1681
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1681
>             Project: Accumulo
>          Issue Type: Bug
>          Components: tserver
>            Reporter: John Vines
>            Assignee: John Vines
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1681.patch, ACCUMULO-1681.v2.patch
>
>
> Currently the Authorizor interface is used to request a set of authorizations which then
get checked against the authorizations a user is attempting to use. However, some security
systems only support the ability to validate authorizations/permissions/roles and not provide
a list. That makes these systems (entirely) incompatible with Accumulo when they don't have
to be.
> We should switch the behavior of Accumulo to ask the Authorizor (via SecurityOperations)
if the auths are valid. The existing getAuths functionality will still use that call and would
have potentially limited support, similar to the potentially limited support of any of the
set operations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message