apex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chinmay Kolhatkar <chin...@datatorrent.com>
Subject Re: Encrypted Streams
Date Thu, 17 Dec 2015 07:10:19 GMT
I've updated the Jira for having network/bufferserver level encryption.

~ Chinmay.

On Thu, Dec 17, 2015 at 12:39 PM, Chinmay Kolhatkar <chinmay@datatorrent.com
> wrote:

> Agreed with Vlad and Gurav that encryption should be at Network and Buffer
> server levels.
>
> But as Amol mentioned the configuration for enabling it can be set as a
> stream attribute OR an app wide attribute.
>
> ~ Chinmay.
>
> On Thu, Dec 17, 2015 at 5:43 AM, Amol Kekre <amol@datatorrent.com> wrote:
>
>> Makes sense to make it stream attribute.
>>
>> Thks
>> Amol
>>
>>
>> On Wed, Dec 16, 2015 at 11:34 AM, Vlad Rozov <v.rozov@datatorrent.com>
>> wrote:
>>
>> > +1 - support should be at the network and buffer server levels.
>> >
>> > Vlad
>> >
>> >
>> > On 12/15/15 00:10, Timothy Farkas wrote:
>> >
>> >> I think encryption of data sent across the wire and operator logic are
>> >> orthogonal. The user should just have to set DAG level attribute to
>> >> enable/disable encryption, without having to write any encryption
>> related
>> >> code. I think this would require changes to the Buffer Server publisher
>> >> and
>> >> subscriber though.
>> >>
>> >> On Mon, Dec 14, 2015 at 11:27 PM, Chandni Singh <
>> chandni@datatorrent.com>
>> >> wrote:
>> >>
>> >> When we are dealing with secured data, the usual scenarios are that you
>> >>> get
>> >>> encrypted data.
>> >>> This data need to decrypt and then perform other functions on it. The
>> >>> output of the dag is then encrypted.
>> >>>
>> >>> In the past we have solved these use cases by performing
>> >>> decryption/encryption in the operator.
>> >>> IMO the operator approach works better because these processes may
>> >>> require
>> >>> invoking utilities and also operators can be configured easily using
>> >>> properties.
>> >>>
>> >>> Chandni
>> >>>
>> >>> On Mon, Dec 14, 2015 at 10:34 PM, Sandesh Hegde <
>> sandesh@datatorrent.com
>> >>> >
>> >>> wrote:
>> >>>
>> >>> Well we have committers from bank, their feedback will be really
>> >>>>
>> >>> valuable.
>> >>>
>> >>>> On Mon, Dec 14, 2015 at 10:30 PM Priyanka Gugale <
>> >>>>
>> >>> priyanka@datatorrent.com
>> >>>
>> >>>> wrote:
>> >>>>
>> >>>> Sounds good. This is good feature for banks and security domain.
>> >>>>> One suggestion: We can do key management ourself at application
>> (may be
>> >>>>>
>> >>>> by
>> >>>>
>> >>>>> providing default keys) and there should be an option to override
>> keys
>> >>>>>
>> >>>> if
>> >>>
>> >>>> user really want to do so.
>> >>>>>
>> >>>>> -Priyanka
>> >>>>>
>> >>>>> On Tue, Dec 15, 2015 at 11:37 AM, Chinmay Kolhatkar <
>> >>>>> chinmay@datatorrent.com
>> >>>>>
>> >>>>>> wrote:
>> >>>>>> Hi All,
>> >>>>>>
>> >>>>>> I wanted to propose an idea using which one can have encrypted
>> stream
>> >>>>>> flowing in a DAG.
>> >>>>>>
>> >>>>>> Basically, the idea is to create a new EncryptedInputPort
which
>> will
>> >>>>>>
>> >>>>> extend
>> >>>>>
>> >>>>>> from DefaultInputPort and will return a StreamCodec object
which
>> will
>> >>>>>>
>> >>>>> take
>> >>>>>
>> >>>>>> care of encryption/decryption.
>> >>>>>> As the same StreamCodec object will be used at OutputPort,
the
>> >>>>>>
>> >>>>> encryption
>> >>>>
>> >>>>> can be done in toByteArray method at Output port and decryption
can
>> >>>>>>
>> >>>>> be
>> >>>
>> >>>> done
>> >>>>>
>> >>>>>> in fromByteArray at Input port.
>> >>>>>>
>> >>>>>> By default we can support some basic encryption algorithms
like RSA
>> >>>>>>
>> >>>>> and
>> >>>
>> >>>> DSA
>> >>>>>
>> >>>>>> where user need to provide the key(s) to EncryptedInputPort.
>> >>>>>>
>> >>>>>> Any thoughts?
>> >>>>>>
>> >>>>>> ~ Chinmay.
>> >>>>>>
>> >>>>>>
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message