Return-Path: Delivered-To: apmail-incubator-cassandra-user-archive@minotaur.apache.org Received: (qmail 66065 invoked from network); 13 Nov 2009 00:25:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Nov 2009 00:25:24 -0000 Received: (qmail 39192 invoked by uid 500); 13 Nov 2009 00:25:24 -0000 Delivered-To: apmail-incubator-cassandra-user-archive@incubator.apache.org Received: (qmail 39180 invoked by uid 500); 13 Nov 2009 00:25:24 -0000 Mailing-List: contact cassandra-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cassandra-user@incubator.apache.org Delivered-To: mailing list cassandra-user@incubator.apache.org Received: (qmail 39171 invoked by uid 99); 13 Nov 2009 00:25:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Nov 2009 00:25:24 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of robin.coe@bluecoat.com designates 216.52.23.28 as permitted sender) Received: from [216.52.23.28] (HELO whisker.bluecoat.com) (216.52.23.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Nov 2009 00:25:15 +0000 Received: from bcs-mail04.internal.cacheflow.com (bcsmail04.internal.cacheflow.com [10.2.2.56] (may be forged)) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id nAD0N8CC019754 for ; Thu, 12 Nov 2009 16:24:53 -0800 (PST) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CA63F7.9F666789" Subject: RE: Re: Cassandra access control Date: Thu, 12 Nov 2009 16:24:11 -0800 Message-ID: <764B352CF55C514F816B4B14BD2450D8019A1D56@bcs-mail04.internal.cacheflow.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: <764B352CF55C514F816B4B14BD2450D8019A1D56@bcs-mail04.internal.cacheflow.com> Thread-Topic: Re: Cassandra access control Thread-Index: AcpjucFPQdw6eSnuTwakYa+hqGT6lwAPNDLk References: <87eio6p7pb.fsf@lifelogs.com><20091112001409.GC12953@alumni.caltech.edu><878webssu6.fsf_-_@lifelogs.com><87iqdfrba9.fsf@lifelogs.com><5B7ECCB8-BF96-4EA1-AAB7-B8C27B824FDF@quagility.com> A<87fx8jptkn.fsf@lifelogs.com> From: "Coe, Robin" To: X-Virus-Checked: Checked by ClamAV on apache.org This is a multi-part message in MIME format. ------_=_NextPart_001_01CA63F7.9F666789 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Ted, Why pass a map of credentials? Why not follow the standard approach of = opening the connection with the credentials, as in tr.open( uid, passwd = )? For now, that can be an overloaded method call that would leave the = existing API as-is. Robin. -----Original Message----- From: news on behalf of Ted Zlatanov Sent: Thu 12/11/2009 08:59 To: cassandra-user@incubator.apache.org Subject: Re: Cassandra access control =20 On Thu, 12 Nov 2009 10:49:59 -0600 Jonathan Ellis = wrote:=20 JE> On Thu, Nov 12, 2009 at 10:42 AM, Jonathan Mischo = wrote: >> > Let's keep it simple. =A0Forcing multiple connections from a purely >> > hypothetical use case is a no-brainer tradeoff. =A0Connections are = not >> > expensive. >> Even if we can do it sensibly? Connections aren't hugely expensive, = but >> they're not free, either. JE> I suppose, but if it requires sending a keyspace param w/ each call, JE> then it's not sensible. You waste far more overhead for that in the JE> common case -- serializing, deserializing, checking that it's been JE> authed -- than you gain from not having another connection in the JE> uncommon one. JE> I would be okay with being able to send a 2nd auth call to an = existing JE> connection to switch the "current" keyspace, similar to how rdbmses JE> only have one active schema at a time. How about: login(Map credentials) throws = CassandraAuthenticationSecurityException setKeyspace(String keyspace) throws = CassandraAuthorizationSecurityException and then all the existing API calls won't have a Keyspace parameter as previously discussed. This works for everyone, I think, and separates authentication from authorization nicely. Ted ------_=_NextPart_001_01CA63F7.9F666789 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 eJ8+IjUAAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAIgAAAFJFOiAgUmU6IENhc3NhbmRy YSBhY2Nlc3MgY29udHJvbABlCwEFgAMADgAAANkHCwAMABAAGAALAAQALgEBIIADAA4AAADZBwsA DAAQABgACwAEAC4BAQmAAQAhAAAAMDY0OENBOThCNkI0NkM0MUEzQTYzRUU2OTM0Qjk2Q0IARwcB A5AGAFwOAAA5AAAAAwAmAAAAAAADADYAAAAAAEAAOQCJZ2af92PKAR4APQABAAAABgAAAFJFOiAg AAAAAgFHAAEAAAA2AAAAYz1VUzthPSA7cD1DQUNIRUZMT1c7bD1CQ1MtTUFJTDA0LTA5MTExMzAw MjQxMVotNzY3ODEAAAAeAEkAAQAAAB4AAAAgUmU6IENhc3NhbmRyYSBhY2Nlc3MgY29udHJvbAAA AEAATgAAtAyNuWPKAR4AWgABAAAABQAAAG5ld3MAAAAAAgFbAAEAAAA1AAAAAAAAAIErH6S+oxAZ nW4A3QEPVAIAAAAAbmV3cwBTTVRQAG5ld3NAZ2VyLmdtYW5lLm9yZwAAAAACAVwAAQAAABgAAABT TVRQOk5FV1NAR0VSLkdNQU5FLk9SRwAeAF0AAQAAAA0AAABUZWQgWmxhdGFub3YAAAAAAgFeAAEA AAA7AAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAAAVGVkIFpsYXRhbm92AFNNVFAAdHp6QGxpZmVs b2dzLmNvbQAAAgFfAAEAAAAWAAAAU01UUDpUWlpATElGRUxPR1MuQ09NAAAAHgBmAAEAAAAFAAAA U01UUAAAAAAeAGcAAQAAABMAAABuZXdzQGdlci5nbWFuZS5vcmcAAB4AaAABAAAABQAAAFNNVFAA AAAAHgBpAAEAAAARAAAAdHp6QGxpZmVsb2dzLmNvbQAAAAAeAHAAAQAAAB4AAAAgUmU6IENhc3Nh bmRyYSBhY2Nlc3MgY29udHJvbAAAAAIBcQABAAAAGwAAAAHKY7nBT0HcOnkp7k8GpGGvoahk+pcA DzQy5AAeAHQAAQAAACQAAABjYXNzYW5kcmEtdXNlckBpbmN1YmF0b3IuYXBhY2hlLm9yZwAeABoM AQAAAAsAAABDb2UsIFJvYmluAAAeAB0OAQAAAB0AAABSZTogQ2Fzc2FuZHJhIGFjY2VzcyBjb250 cm9sAAAAAAIBCRABAAAAhAUAAIAFAACvCAAATFpGdZPDldADAAoAcmNwZzEyNeIyA0N0ZXgFQQED AfdPCoACpAPjAgBjaArAc/BldDAgBxMCgA/zAFB/BFYIVQeyEcUOUQMBEMcy9wYABsMRxTMERhDJ EtsR09sI7wn3Oxi/DjA1EcIMYM5jAFALCQFkMzYRUAumdCBUCYAsCqIKhAqAV5hoeSAKsAQRYSAA wOBwIG9mIAUACYAJ8EJ0BzFzPyAgHpJuNm8FQAIQbBhQB+B0aMhlIHMBkG5kCxEfECxwcANgANBo H3JvcJsJ8AuAZyFzBaBubgWQeyAQAiAgA/AhgCOEH8gsTx8QBCALgCFwci4jEihYIHVpHbAew3ci MCltIGFGBbEg0HclwCGAYTUFQGMDkWIhoAORb3b7BJAYUGEBACIwB4AhgARwVyihITAoVHcIYGwi MGz8ZWEpYCFzDsAEACAQI2GoQVBJJdEtBAAuHdpdCABiC4AtOx3ULS+CTz0FEGcLgAdABdAHkHNh rGdlL4Md1EYDYTogwN8H0AQgJFEo8BDwbCLxH5D5HZEgWgtgIdEpUB3UBmBDAjAxwFRodSAOIC8I MTEvAdAwOSAwkDg6NTkd1FRvMcCHKLAwgSHwcmEtdREgxHJAC4BjdWIogAWwli4fUCKhZSZgcmcz xV03gGokETHAB/BlMcBD8zZ2HxBjYzBxI8ImQAbw9x3UCuMKgE8DoDSBJcAOIAsHsClQIDUjMTA6 NGI5NZEgLTAc0BFQSm8CICiAEPADoEUhMAQAIMw8aijwPvJAZwDAAxDyLgWgbT4kcANgDrAxwPkd 2kpFQGA8JjzSDiAlwM81IyiBPWIU4EFNJcA+V1ZNBAAQ4G8/MW1Es0DccXUwoAMQJJB5QCod1FY+ QGBAYEwRMCcEIGv/CeAfYCSQIbAHcAtQOEADMKgnYTAn0WMjUm0rML8gEEixI8kEIANSHxFwCHDt P3B5RvkeoHAg4CGQIBD/KnEmwBEgNlIhoD8RHyAg0PwtYjbQC4ATISZAKbEfgP5mSOQIUEp4CsAh oCDRRvm/DsAjIQCQKWAtO0dRRSlg3wOgBpAkcE2CA6BkRPBIUptR4gJgeSBgT91uJwVAnzSQMLBL wFGoJcBidVD4eSGBeSdQpEsBCeAlwGWfJJEEkC07QbIswHN1ImB+bxEgV2NTgkhRGMBFoGl3GMAE IFSRZCNSHyBIAHkuczgBIaAKsWFLQHcv/ywAIqIqch3FQbIhgVNxR8LnINJUlUjRIFkIYCRwHuD/ DrAhAArBBGBQoSlSIZApsP8hAU7RKHImEiGQQVhAMQRgnwOgTaMvgFSBByJpeiNRzyXAAQBlizgh Y2sjVGNi70fCKPAJ8EFYYVeQIZAiMOtlUT6TeWFRZwtxSwQg0n0Q8HZc8yDRWZEjymOedX83YGSk AiBSPFqUKxQo8W/8a2EesCSDKPBc82DhIXD3RPBcsh8RMnIiaWEqZUTw/wORLBZj+iP3cdIkgSKx IYLKIjdwclYBdCJdRyXAf0iBAxAKwXHRKjAH4AsgYv5tESAQsEFnAiBWoWthYlHfJAA6YSAQK6FE wWUAwEMy7x8gIBAHgC07SCFRAaAIYE80UB3aGFAwAShNH1A8vlMmQGYDfsRkcR/IKSFx9wNgMgE5 10FpYiABKLAkMucGYHZxRgFFeDqQBTAkQesd2hEhS11lKH7EXUeAf/+BgwWwZeCCL4M/IeFfpCqE /yv9KnIEICsQViMrkh8ghHa/XdQRMBMhHuAd1CJwZWuAfQhgc1ahXOAE8DcAESBkz2ERNIA/ESsQ cmtK8QWx/46QBJBqQCQAJcAswCGAC4D+ayXBciERIF3iDrB49WlT/4HnSwWHKiDADeBLsS07HZEJ Lm8KfZfgHgA1EAEAAABNAAAAPDc2NEIzNTJDRjU1QzUxNEY4MTZCNEIxNEJEMjQ1MEQ4MDE5QTFE NTZAYmNzLW1haWwwNC5pbnRlcm5hbC5jYWNoZWZsb3cuY29tPgAAAAAeADkQAQAAAD0CAAA8ODdl aW82cDdwYi5mc2ZAbGlmZWxvZ3MuY29tPjxlMDY1NjM4ODA5MTExMTE0NTVnYzlmNWMxMGcxODYz YmJhY2RjZWFkMzQ4QG1haWwuZ21haWwuY29tPjwyMDA5MTExMjAwMTQwOS5HQzEyOTUzQGFsdW1u aS5jYWx0ZWNoLmVkdT48ODc4d2Vic3N1Ni5mc2ZfLV9AbGlmZWxvZ3MuY29tPjxlMDY1NjM4ODA5 MTExMjA3MTJtNzUwNTFlMGJ2OWRmZWMzMWNiNjM0ZGQ5NUBtYWlsLmdtYWlsLmNvbT48ODdpcWRm cmJhOS5mc2ZAbGlmZWxvZ3MuY29tPjxlMDY1NjM4ODA5MTExMjA4MDZ3NzBiZWNmNmV1NTBlZmVm MGVmY2Q3MmE4OEBtYWlsLmdtYWlsLmNvbT48NUI3RUNDQjgtQkY5Ni00RUExLUFBQjctQjhDMjdC ODI0RkRGQHF1YWdpbGl0eS5jb20+PGUwNjU2Mzg4MDkxMTEyMDgzOHI2MDM1ZWFjMHJkMzgwZTYy NDM4OTQ1NzQ0QG1haWwuZ21haWwuY29tPjxEQzY4MzBDOC1FODhDLTREMkYtQjRFMi1BNjMwODg1 OTlEMDFAcXVhZ2lsaXR5LmNvbT48ZTA2NTYzODgwOTExMTIwODQ5cDRkZWVhNjhkajRjYzk1YmM5 NTMxYzYyZDBAbWFpbC5nbWFpbC5jb20+IEE8ODdmeDhqcHRrbi5mc2ZAbGlmZWxvZ3MuY29tPgAA AAAeAEcQAQAAAA8AAABtZXNzYWdlL3JmYzgyMgAACwDyEAEAAAAfAPMQAQAAAFQAAABSAEUAJQAz AEEAIAAgAFIAZQAlADMAQQAgAEMAYQBzAHMAYQBuAGQAcgBhACAAYQBjAGMAZQBzAHMAIABjAG8A bgB0AHIAbwBsAC4ARQBNAEwAAAALAPYQAAAAAEAABzDBSRmS9mPKAUAACDDx8G+f92PKAQMA3j+v bwAAAwDxPwkIAAAeAPg/AQAAAAsAAABDb2UsIFJvYmluAAACAfk/AQAAAE4AAAAAAAAA3KdAyMBC EBq0uQgAKy/hggEAAAAAAAAAL089Q0FDSEVGTE9XL09VPUNGLUJBWS9DTj1SRUNJUElFTlRTL0NO PVJPQklOLkNPRQAAAB4A+j8BAAAAFQAAAFN5c3RlbSBBZG1pbmlzdHJhdG9yAAAAAAIB+z8BAAAA HgAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAuAAAAAwD9P+QEAAADABlAAAAAAAMAGkAA AAAAAwAdQAAAAAADAB5AAAAAAB4AMEABAAAACgAAAFJPQklOLkNPRQAAAB4AMUABAAAACgAAAFJP QklOLkNPRQAAAB4AMkABAAAAEwAAAG5ld3NAZ2VyLmdtYW5lLm9yZwAAHgAzQAEAAAARAAAAdHp6 QGxpZmVsb2dzLmNvbQAAAAAeADhAAQAAAAoAAABST0JJTi5DT0UAAAAeADlAAQAAAAIAAAAuAAAA AwB2QP////8LACkAAAAAAAsAIwAAAAAAAwAGEHlTlLYDAAcQbAUAAAMAEBAAAAAAAwAREAAAAAAe AAgQAQAAAGUAAABURUQsV0hZUEFTU0FNQVBPRkNSRURFTlRJQUxTP1dIWU5PVEZPTExPV1RIRVNU QU5EQVJEQVBQUk9BQ0hPRk9QRU5JTkdUSEVDT05ORUNUSU9OV0lUSFRIRUNSRURFTlRJQUxTAAAA AAIBfwABAAAATQAAADw3NjRCMzUyQ0Y1NUM1MTRGODE2QjRCMTRCRDI0NTBEODAxOUExRDU2QGJj cy1tYWlsMDQuaW50ZXJuYWwuY2FjaGVmbG93LmNvbT4AAAAAd/I= ------_=_NextPart_001_01CA63F7.9F666789--