Return-Path: Delivered-To: apmail-incubator-cassandra-user-archive@minotaur.apache.org Received: (qmail 5016 invoked from network); 12 Nov 2009 17:00:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Nov 2009 17:00:50 -0000 Received: (qmail 19581 invoked by uid 500); 12 Nov 2009 17:00:49 -0000 Delivered-To: apmail-incubator-cassandra-user-archive@incubator.apache.org Received: (qmail 19561 invoked by uid 500); 12 Nov 2009 17:00:49 -0000 Mailing-List: contact cassandra-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cassandra-user@incubator.apache.org Delivered-To: mailing list cassandra-user@incubator.apache.org Received: (qmail 19552 invoked by uid 99); 12 Nov 2009 17:00:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Nov 2009 17:00:49 +0000 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=RCVD_NUMERIC_HELO,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of gcdcu-cassandra-user@m.gmane.org designates 80.91.229.12 as permitted sender) Received: from [80.91.229.12] (HELO lo.gmane.org) (80.91.229.12) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Nov 2009 17:00:40 +0000 Received: from list by lo.gmane.org with local (Exim 4.50) id 1N8d1u-0003fJ-Q0 for cassandra-user@incubator.apache.org; Thu, 12 Nov 2009 18:00:18 +0100 Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Nov 2009 18:00:18 +0100 Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Nov 2009 18:00:18 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: cassandra-user@incubator.apache.org From: Ted Zlatanov Subject: Re: Cassandra access control Date: Thu, 12 Nov 2009 10:59:52 -0600 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Lines: 31 Message-ID: <87fx8jptkn.fsf@lifelogs.com> References: <87eio6p7pb.fsf@lifelogs.com> <20091112001409.GC12953@alumni.caltech.edu> <878webssu6.fsf_-_@lifelogs.com> <87iqdfrba9.fsf@lifelogs.com> <5B7ECCB8-BF96-4EA1-AAB7-B8C27B824FDF@quagility.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1.50 (gnu/linux) Cancel-Lock: sha1:vWX/rxefxwdZVcRFkyBRMPPvg30= Sender: news X-Virus-Checked: Checked by ClamAV on apache.org On Thu, 12 Nov 2009 10:49:59 -0600 Jonathan Ellis wrote: JE> On Thu, Nov 12, 2009 at 10:42 AM, Jonathan Mischo wrote: >> > Let's keep it simple. �Forcing multiple connections from a purely >> > hypothetical use case is a no-brainer tradeoff. �Connections are not >> > expensive. >> Even if we can do it sensibly? Connections aren't hugely expensive, but >> they're not free, either. JE> I suppose, but if it requires sending a keyspace param w/ each call, JE> then it's not sensible. You waste far more overhead for that in the JE> common case -- serializing, deserializing, checking that it's been JE> authed -- than you gain from not having another connection in the JE> uncommon one. JE> I would be okay with being able to send a 2nd auth call to an existing JE> connection to switch the "current" keyspace, similar to how rdbmses JE> only have one active schema at a time. How about: login(Map credentials) throws CassandraAuthenticationSecurityException setKeyspace(String keyspace) throws CassandraAuthorizationSecurityException and then all the existing API calls won't have a Keyspace parameter as previously discussed. This works for everyone, I think, and separates authentication from authorization nicely. Ted