Return-Path: 
 <dev-return-3174-apmail-apex-dev-archive=apex.apache.org@apex.incubator.apache.org>
X-Original-To: apmail-apex-dev-archive@minotaur.apache.org
Delivered-To: apmail-apex-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9FD3518607
	for <apmail-apex-dev-archive@minotaur.apache.org>;
 Thu, 17 Dec 2015 00:13:54 +0000 (UTC)
Received: (qmail 15228 invoked by uid 500); 17 Dec 2015 00:13:54 -0000
Delivered-To: apmail-apex-dev-archive@apex.apache.org
Received: (qmail 15160 invoked by uid 500); 17 Dec 2015 00:13:54 -0000
Mailing-List: contact dev-help@apex.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@apex.incubator.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apex.incubator.apache.org>
List-Post: <mailto:dev@apex.incubator.apache.org>
List-Id: <dev.apex.incubator.apache.org>
Reply-To: dev@apex.incubator.apache.org
Delivered-To: mailing list dev@apex.incubator.apache.org
Received: (qmail 15148 invoked by uid 99); 17 Dec 2015 00:13:54 -0000
Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Dec 2015 00:13:54 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id 9C6BA1A10BD
	for <dev@apex.apache.org>; Thu, 17 Dec 2015 00:13:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.98
X-Spam-Level: **
X-Spam-Status: No, score=2.98 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=3,
	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001,
	URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key)
	header.d=datatorrent-com.20150623.gappssmtp.com
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id 45tZvGf37F-6 for <dev@apex.apache.org>;
	Thu, 17 Dec 2015 00:13:47 +0000 (UTC)
Received: from mail-yk0-f169.google.com (mail-yk0-f169.google.com
 [209.85.160.169])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTPS id C533F2059D
	for <dev@apex.incubator.apache.org>; Thu, 17 Dec 2015 00:13:46 +0000 (UTC)
Received: by mail-yk0-f169.google.com with SMTP id 140so190605ykp.0
        for <dev@apex.incubator.apache.org>;
 Wed, 16 Dec 2015 16:13:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=datatorrent-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=9KE76E77axPrSjd3bzy+CAA5srA7YUpRngg3DXjYUGs=;
        b=Qw8+hKug221UhJPBxkFtFIoq2fCybESGjMxeguqkQoU7EvUzXjdt0FsfoPq12gEUPY
         8fdrZ17GoEOKn/PAYmQOCOlZ24Y1O62ELDgaamwW6CxJtjh0MRgcB4tJh2ZRRe4YCHb4
         FL+yvmWw4w1Do5Kk0qCPdP3xJpE+t+b/8ruTH1KSIL3G9ghPn9q5VIuC6v8+qwanK5Wa
         9T4ihIJTaVoP7MhdsV7wjfSP+1GDPlwi9kCkgsz+mpVpYWQygHnm/L5nPJgXLVvnAfOL
         CQp+5fz0GZfA/s7vJ9bNo1HLwrT6NACvMvabLsBAy28uF9o0ozHkNPSTd57JvcO6o5wY
         +ZnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type;
        bh=9KE76E77axPrSjd3bzy+CAA5srA7YUpRngg3DXjYUGs=;
        b=fk3y6lHfZrlayGodj8/KqHLUm6t1LnxMVVSPeeQbPLYjJJXaJ4Cd2s5xAeTypp675q
         CYjF/q1SIcg24zlEq8fZuQP54SaGNf4RqcKe7Uz9hcqv1i/q9WB6tKRe3TtNrVHux8J+
         suvOebWxr4TtDEeJp+5wHTAKbVSyF7YnCyv6A6dDAjKsWYmqFDhXL6YlhsgI/PUHBspb
         8POapLsgtSehZkfEWV8YaQm0XpSwZihg7tSlkH5dFL6fgnaWHmU8qnWmbS/cGvGtmNel
         OQPrVSURjU6XgmN+Pr8b6nxSGVhWpWtLsnlorCcOIUVgRgPUUm+Pr/I/OWZi8/v8HFZ1
         3agw==
X-Gm-Message-State: 
 ALoCoQnZ0LALt01ARlrJtWej8+9phl8ATilRc/i7Q+Bh7hRrjtUlsm+3QrOoBQTMgzcUrQ8wrSruuIyxALc1VYnBodyUnK/2fy5uWUzzbnZU0Cg2P/RU9eo=
MIME-Version: 1.0
X-Received: by 10.129.96.67 with SMTP id u64mr189208ywb.344.1450311220469;
 Wed, 16 Dec 2015 16:13:40 -0800 (PST)
Received: by 10.13.204.3 with HTTP; Wed, 16 Dec 2015 16:13:40 -0800 (PST)
In-Reply-To: <5671BCCB.60705@datatorrent.com>
References: 
 <CABAipVYWBALcswJDBJ=vs_o5+CaWcE3BTGguh-UFGYzU-QNBkA@mail.gmail.com>
	<CAKt=akG3=YerwQ2E3E3B-QAgg8tR31JAtAD4-R9sDJQnP5=AOw@mail.gmail.com>
	<CAJhKGzoH2tdJqwG0HjRSE3cOnuiFr8zCsnRe1awRDxidawnevw@mail.gmail.com>
	<CAKaBFBnYqMXfMw22Diyuv2bn0s=ROh+mff+qHPkqnngj2JZaHw@mail.gmail.com>
	<CADS+zCtd9iWXTFA+Jz+c12ESKYULaey2SNSEa9YsSu=77giHdA@mail.gmail.com>
	<5671BCCB.60705@datatorrent.com>
Date: Wed, 16 Dec 2015 16:13:40 -0800
Message-ID: 
 <CAMaZnT5BAtSUCQb_YbuAda+9-EXSgjfbsS_8AvsG549gFE2d_w@mail.gmail.com>
Subject: Re: Encrypted Streams
From: Amol Kekre <amol@datatorrent.com>
To: dev@apex.incubator.apache.org
Content-Type: multipart/alternative; boundary=001a114941381c539d05270ce58e

--001a114941381c539d05270ce58e
Content-Type: text/plain; charset=UTF-8

Makes sense to make it stream attribute.

Thks
Amol


On Wed, Dec 16, 2015 at 11:34 AM, Vlad Rozov <v.rozov@datatorrent.com>
wrote:

> +1 - support should be at the network and buffer server levels.
>
> Vlad
>
>
> On 12/15/15 00:10, Timothy Farkas wrote:
>
>> I think encryption of data sent across the wire and operator logic are
>> orthogonal. The user should just have to set DAG level attribute to
>> enable/disable encryption, without having to write any encryption related
>> code. I think this would require changes to the Buffer Server publisher
>> and
>> subscriber though.
>>
>> On Mon, Dec 14, 2015 at 11:27 PM, Chandni Singh <chandni@datatorrent.com>
>> wrote:
>>
>> When we are dealing with secured data, the usual scenarios are that you
>>> get
>>> encrypted data.
>>> This data need to decrypt and then perform other functions on it. The
>>> output of the dag is then encrypted.
>>>
>>> In the past we have solved these use cases by performing
>>> decryption/encryption in the operator.
>>> IMO the operator approach works better because these processes may
>>> require
>>> invoking utilities and also operators can be configured easily using
>>> properties.
>>>
>>> Chandni
>>>
>>> On Mon, Dec 14, 2015 at 10:34 PM, Sandesh Hegde <sandesh@datatorrent.com
>>> >
>>> wrote:
>>>
>>> Well we have committers from bank, their feedback will be really
>>>>
>>> valuable.
>>>
>>>> On Mon, Dec 14, 2015 at 10:30 PM Priyanka Gugale <
>>>>
>>> priyanka@datatorrent.com
>>>
>>>> wrote:
>>>>
>>>> Sounds good. This is good feature for banks and security domain.
>>>>> One suggestion: We can do key management ourself at application (may be
>>>>>
>>>> by
>>>>
>>>>> providing default keys) and there should be an option to override keys
>>>>>
>>>> if
>>>
>>>> user really want to do so.
>>>>>
>>>>> -Priyanka
>>>>>
>>>>> On Tue, Dec 15, 2015 at 11:37 AM, Chinmay Kolhatkar <
>>>>> chinmay@datatorrent.com
>>>>>
>>>>>> wrote:
>>>>>> Hi All,
>>>>>>
>>>>>> I wanted to propose an idea using which one can have encrypted stream
>>>>>> flowing in a DAG.
>>>>>>
>>>>>> Basically, the idea is to create a new EncryptedInputPort which will
>>>>>>
>>>>> extend
>>>>>
>>>>>> from DefaultInputPort and will return a StreamCodec object which will
>>>>>>
>>>>> take
>>>>>
>>>>>> care of encryption/decryption.
>>>>>> As the same StreamCodec object will be used at OutputPort, the
>>>>>>
>>>>> encryption
>>>>
>>>>> can be done in toByteArray method at Output port and decryption can
>>>>>>
>>>>> be
>>>
>>>> done
>>>>>
>>>>>> in fromByteArray at Input port.
>>>>>>
>>>>>> By default we can support some basic encryption algorithms like RSA
>>>>>>
>>>>> and
>>>
>>>> DSA
>>>>>
>>>>>> where user need to provide the key(s) to EncryptedInputPort.
>>>>>>
>>>>>> Any thoughts?
>>>>>>
>>>>>> ~ Chinmay.
>>>>>>
>>>>>>
>

--001a114941381c539d05270ce58e--