incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Coe, Robin" <robin....@bluecoat.com>
Subject RE: Re: Cassandra access control
Date Wed, 02 Dec 2009 19:59:57 GMT
Once a connection is opened with credentials, then as long as I hold that connection open,
I shouldn't need to pass auth checks with every transaction.

On the other hand, if there was a way to use a token in lieu of credentials, to provide SSO
capabilities to any node, then I could see their use.  Checking whether a token exists in
a local collection would be much faster than having to pass through an authentication/authorization
framework.  However, as there's no way to ensure immediate consistency of tokens across all
nodes, it's probably not worth the effort of making Cassandra "token aware", since an application
would have to provide fall-back logic to authenticate with credentials, if the token fails.
 So, tokens would probably just add complexity without much benefit. 

Robin.

-----Original Message-----
From: news [mailto:news@ger.gmane.org] On Behalf Of Ted Zlatanov
Sent: December 2, 2009 2:28 PM
To: cassandra-user@incubator.apache.org
Subject: Re: Cassandra access control

On Wed, 2 Dec 2009 15:13:11 +0000 Mark Robson <markxr@gmail.com> wrote: 

MR> I'd be against moving to a stateful protocol.

Noted, I'd like to see some more votes.  I'm agnostic: I think it will
work fine either way.  Eric and Jonathan are definitely on the stateful
side so it's 2-1 right now.  I think Robin is also on the stateful side
from his earlier notes so it may be 3-1.

On Wed, 02 Dec 2009 11:59:56 -0600 Eric Evans <eevans@rackspace.com> wrote: 

EE> I'm thinking...

EE> void login(1:required string keyspace, 2:optional map<string, string>
EE> authentication) throws AuthenticationException, AuthorizationException

EE> You're always going to want the keyspace supplied, but depending on how
EE> the cluster is configured, you may not need anything else (so make the
EE> map the second argument, and make it optional).

I was going to use an empty map to signify no credentials.  Optional
works just as well.  Thus the Thrift definition is:

# invalid authentication request (user does not exist or credentials invalid)
exception AuthenticationException {
    1: required string why
}

# invalid authorization request (user does not have access to keyspace)
exception AuthorizationException {
    1: required string why
}

struct AuthenticationRequest {
    1: required map<string, string> credentials,
}

service Cassandra {
...
  void login(1: required string keyspace, 
             2: optional AuthenticationRequest auth_request) 
       throws (1:AuthenticationException aux, 2: AuthorizationException azx),
...
}

Ted

Mime
View raw message