atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nigel Jones <jon...@uk.ibm.com>
Subject Re: Rename trait to classification
Date Mon, 03 Oct 2016 10:21:41 GMT
On 03/10/2016 09:10, David Radley wrote:
> Hi Suma and Mandy,
> I am looking to crystalize what changes we want to make here. How about:

The suggestions make sense to me David.

I'm also thinking about enforcement of governance actions driven by 
atlas -- for example via ranger.

A few thoughts on this:

* Since a classification can also contain sub-classifications (for 
example Mandy's point on confidentiality) and is no longer a flat 
space,n when we retrieve the classifications applied to an entity we 
need to also have easy access to the classification hierarchy - since 
different policies could take effect on different levels of the 
hierachy. Confidential vs Partner confidential for example. This affects 
the API & ranger's tagsync process (and possibly the way ranger tags 
work too). The simplest way to address this today might be to implicitly 
tag the entity when retrieved via API with all levels of the hierarchy, 
ie both confidential and partner confidential. Not the most efficient, 
but minimal change right now to ranger?

* we could only make use of classifications in the atlas/ranger tag 
synchronization process, not annotations as most likely it is the formal 
classifications that are used for policy enforcement. However we'd have 
to allow for this to revert to the old behaviour in configuration 
potentally to avoid breakage.

Nigel.



Mime
View raw message