Return-Path: X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C543F10B60 for ; Wed, 11 Sep 2013 17:22:56 +0000 (UTC) Received: (qmail 48626 invoked by uid 500); 11 Sep 2013 17:22:56 -0000 Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org Received: (qmail 48528 invoked by uid 500); 11 Sep 2013 17:22:56 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 48032 invoked by uid 99); 11 Sep 2013 17:22:55 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Sep 2013 17:22:55 +0000 Date: Wed, 11 Sep 2013 17:22:55 +0000 (UTC) From: "John Vines (JIRA)" To: notifications@accumulo.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ACCUMULO-1681) Adjust Authorizor Interface to validate auths instead of retrieving a list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-1681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13764523#comment-13764523 ] John Vines commented on ACCUMULO-1681: -------------------------------------- {quote} What I'd really like is for us to come up with a comprehensive solution that implements all these improvements and push for it to be a major feature of an upcoming release (1.7? maybe call it 2.0?). Without that comprehensive solution, I'm reluctant to get on board for this in 1.6. {quote} The problem is we really won't be able to come up with a comprehensive solution working in a bubble. We need to iteratively work on this, not push it down the road and say it will be super duper good by then. > Adjust Authorizor Interface to validate auths instead of retrieving a list > -------------------------------------------------------------------------- > > Key: ACCUMULO-1681 > URL: https://issues.apache.org/jira/browse/ACCUMULO-1681 > Project: Accumulo > Issue Type: Bug > Components: tserver > Reporter: John Vines > Assignee: John Vines > Fix For: 1.6.0 > > Attachments: ACCUMULO-1681.patch, ACCUMULO-1681.v2.patch > > > Currently the Authorizor interface is used to request a set of authorizations which then get checked against the authorizations a user is attempting to use. However, some security systems only support the ability to validate authorizations/permissions/roles and not provide a list. That makes these systems (entirely) incompatible with Accumulo when they don't have to be. > We should switch the behavior of Accumulo to ask the Authorizor (via SecurityOperations) if the auths are valid. The existing getAuths functionality will still use that call and would have potentially limited support, similar to the potentially limited support of any of the set operations. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira