incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Evans <eev...@rackspace.com>
Subject Re: Cassandra access control
Date Wed, 02 Dec 2009 17:59:56 GMT
On Wed, 2009-12-02 at 08:52 -0600, Ted Zlatanov wrote:
> On Tue, 01 Dec 2009 16:58:50 -0600 Eric Evans <eevans@rackspace.com>
> wrote: 
> 
> EE> On Tue, 2009-12-01 at 15:38 -0600, Ted Zlatanov wrote:
> >> I disagree, why would you want to forbid switching the keyspace?
> That's
> >> turning off a currently working feature.  Also, connections are not
> >> free, especially across WAN links.
> 
> EE> Because it makes a mess out of an API that already confuses
> people. And
> EE> again, I posit that this is a corner case, something that very few
> EE> people will actually want to do. We should be optimizing for the
> common
> EE> case.
> 
> On Tue, 1 Dec 2009 17:13:24 -0600 Jonathan Ellis <jbellis@gmail.com>
> wrote: 
> 
> JE> It's a currently working feature that (a) only exists in the first
> JE> place because it was less bad than postponing 0.4 until we could
> add
> JE> something like this auth feature, and (b) is of entirely
> theoretical
> JE> benefit in the sense that nobody who wants to keep it actually has
> an
> JE> app using it, to the best of my knowledge.
> 
> JE> Let's correct our error, and only add functionality that we know
> is
> JE> really needed -- and even then, only if the benefit outweighs the
> JE> complexity price -- rather than waving our hands and saying "maybe
> JE> someone will need it, someday."  That way leads to clutter and
> bloat.
> 
> OK.  So what should the API be?  Just one method, as Robin suggested?
> 
> void login( Map<String, String> credentials, String keyspace ) 
>  throws AuthenticationException, AuthorizationException

I'm thinking...

void login(1:required string keyspace, 2:optional map<string, string>
authentication) throws AuthenticationException, AuthorizationException

You're always going to want the keyspace supplied, but depending on how
the cluster is configured, you may not need anything else (so make the
map the second argument, and make it optional).

> This means the keyspace parameter will be removed from all the current
> Thrift API calls and application will need to remember what keyspace
> they requested.  It will definitely not make 0.5.

Right, but I think that's for the best anyway though.

-- 
Eric Evans
eevans@rackspace.com


Mime
View raw message