Return-Path: <user-return-6480-archive-asf-public=cust-asf.ponee.io@ignite.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 1B54B200B5C
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 11 Aug 2016 15:54:58 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 1A4CF160A93; Thu, 11 Aug 2016 13:54:58 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 3FA26160A90
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 11 Aug 2016 15:54:57 +0200 (CEST)
Received: (qmail 29475 invoked by uid 500); 11 Aug 2016 13:54:56 -0000
Mailing-List: contact user-help@ignite.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@ignite.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@ignite.apache.org>
List-Post: <mailto:user@ignite.apache.org>
List-Id: <user.ignite.apache.org>
Reply-To: user@ignite.apache.org
Delivered-To: mailing list user@ignite.apache.org
Received: (qmail 29464 invoked by uid 99); 11 Aug 2016 13:54:56 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Aug 2016 13:54:56 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id F113118625C
	for <user@ignite.apache.org>; Thu, 11 Aug 2016 13:54:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.879
X-Spam-Level: *
X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx2-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id DzKUqEiYjReV for <user@ignite.apache.org>;
	Thu, 11 Aug 2016 13:54:54 +0000 (UTC)
Received: from mail-yw0-f173.google.com (mail-yw0-f173.google.com [209.85.161.173])
	by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with ESMTPS id 69D5960E51
	for <user@ignite.apache.org>; Thu, 11 Aug 2016 13:54:53 +0000 (UTC)
Received: by mail-yw0-f173.google.com with SMTP id u134so2570501ywg.3
        for <user@ignite.apache.org>; Thu, 11 Aug 2016 06:54:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=ulFnFu9krvGS93/TzsKfMXk8lT+3tDHsWsNUiHbW4hw=;
        b=MUy54tEvvwUXFAyoOAOt7Xr1BxilwKI0vWlR/Agz94T06O5H33XwwKA4uwDjmDS/ss
         7T4vEFffkHFg7CFxC83k7Wie7tWtbNL0G5rvK3uWLy1zpM3Wwt+WlR8M73s7l5G757VO
         GFChvIFSvy7Rb/QNwyWgM4xKN1hGbzhExJQH46dggUt0qb6sPc2Z8444fhI/PwwmHSC3
         pQeNkLsqdm+OVo3OHfXYw9J6dVkrHPywoeDm2qq+PxF3P/y6QjBq2DHFJMr0qYU+l+nL
         wcGg9Pg1lDhIi+oBM/50K+h2OMshNg6WrK0ZQSl6KG82JDT5wmH8KXSX9beeUoMW7xTa
         54Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=ulFnFu9krvGS93/TzsKfMXk8lT+3tDHsWsNUiHbW4hw=;
        b=MfONAt+YDy9/QPNKNmAMXf0MC//DsqBt9S1xtrVrkLpdemXPjTGV4BEiXxP/uk6UVq
         8fwAZZ9mU7FOkiczP9AJuY7a/xuQEqIhNIf+sy3TWAb1b28RIWHEa+H+FQ5On2l2O59I
         uQn5KkEv2iQj5BaH863+PZDfPmHs97jgwjyMixs+NwbX1HCw39wQ17XbRqZWai14BHX6
         ZWYtQR067NhYIDKefZiJBU1iE0OsJfvhJ+T1RwfPAVeCLW0hgj6JEg80f1ZnDkET6SSv
         IPZe29M2QWD/Tc1jqHrxZMomQUeIKMe14oYxC1DosIpYtQpuha75onC1iqp+R0I9zfcj
         xTBA==
X-Gm-Message-State: AEkoouvawTicvBbBAmhH0ljjqNP+3Hvpi9i16nqTqYk1umTaUCaXQ0xXpmuKU1UMfxerExJcQ2oqEa+SosEyJw==
X-Received: by 10.129.137.68 with SMTP id z65mr6810229ywf.215.1470923692420;
 Thu, 11 Aug 2016 06:54:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.31.136 with HTTP; Thu, 11 Aug 2016 06:54:51 -0700 (PDT)
In-Reply-To: <1470919976127-6976.post@n6.nabble.com>
References: <1470664526128-6853.post@n6.nabble.com> <CADez4_UsQvtVfTXYNNKpL0opC3-xCPMQk800ca1RZY19sjkP+g@mail.gmail.com>
 <1470691112982-6860.post@n6.nabble.com> <1470919976127-6976.post@n6.nabble.com>
From: Vladislav Pyatkov <vldpyatkov@gmail.com>
Date: Thu, 11 Aug 2016 16:54:51 +0300
Message-ID: <CADez4_Ux0ZM79-6MgS+ob9sEEFJCpdgVGxZdtZoDOFWD4LdVDQ@mail.gmail.com>
Subject: Re: Node authentication using security credentials
To: user@ignite.apache.org
Content-Type: multipart/alternative; boundary=94eb2c064ac02de58b0539cc1c16
archived-at: Thu, 11 Aug 2016 13:54:58 -0000

--94eb2c064ac02de58b0539cc1c16
Content-Type: text/plain; charset=UTF-8

Hi,

Authentication process protects access to grid in first, but authorization
allow to determine list of authorized permissions.
In other word you can have some clients with difference rights. Any user
can have or have not permission to grid functionality. Description of the
permission you can see in the enum
org.apache.ignite.plugin.security.SecurityPermission.

On Thu, Aug 11, 2016 at 3:52 PM, pragmaticbigdata <amits.84@gmail.com>
wrote:

> When you mention "Ignite has all the hooks in the code" I think you are
> referring the the plugin support that ignite provides and the classes under
> the package "org.apache.ignite.plugin.security".
>
> What could be the reasons of having a security layer given that ignite
> would
> be deployed on a private aws network (VPC)? I do not foresee a need of
> having client authentication but just wanted to know your thoughts.
>
>
>
> --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/Node-authentication-using-security-
> credentials-tp6853p6976.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>



-- 
Vladislav Pyatkov

--94eb2c064ac02de58b0539cc1c16
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi,</div><div><br></div><div>Authentication process p=
rotects access to grid in first, but authorization allow to determine list =
of authorized permissions.</div><div>In other word you can have some client=
s with difference rights. Any user can have or have not permission to grid =
functionality. Description of the permission you can see in the enum org.ap=
ache.ignite.plugin.security.SecurityPermission.</div></div><div class=3D"gm=
ail_extra"><br><div class=3D"gmail_quote">On Thu, Aug 11, 2016 at 3:52 PM, =
pragmaticbigdata <span dir=3D"ltr">&lt;<a href=3D"mailto:amits.84@gmail.com=
" target=3D"_blank">amits.84@gmail.com</a>&gt;</span> wrote:<br><blockquote=
 class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc soli=
d;padding-left:1ex">When you mention &quot;Ignite has all the hooks in the =
code&quot; I think you are<br>
referring the the plugin support that ignite provides and the classes under=
<br>
the package &quot;org.apache.ignite.plugin.<wbr>security&quot;.<br>
<br>
What could be the reasons of having a security layer given that ignite woul=
d<br>
be deployed on a private aws network (VPC)? I do not foresee a need of<br>
having client authentication but just wanted to know your thoughts.<br>
<br>
<br>
<br>
--<br>
View this message in context: <a href=3D"http://apache-ignite-users.70518.x=
6.nabble.com/Node-authentication-using-security-credentials-tp6853p6976.htm=
l" rel=3D"noreferrer" target=3D"_blank">http://apache-ignite-users.<wbr>705=
18.x6.nabble.com/Node-<wbr>authentication-using-security-<wbr>credentials-t=
p6853p6976.html</a><br>
<div class=3D"HOEnZb"><div class=3D"h5">Sent from the Apache Ignite Users m=
ailing list archive at Nabble.com.<br>
</div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=
<div class=3D"gmail_signature" data-smartmail=3D"gmail_signature">Vladislav=
 Pyatkov</div>
</div>

--94eb2c064ac02de58b0539cc1c16--