incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Zlatanov <...@lifelogs.com>
Subject Re: Cassandra access control
Date Wed, 02 Dec 2009 19:28:17 GMT
On Wed, 2 Dec 2009 15:13:11 +0000 Mark Robson <markxr@gmail.com> wrote: 

MR> I'd be against moving to a stateful protocol.

Noted, I'd like to see some more votes.  I'm agnostic: I think it will
work fine either way.  Eric and Jonathan are definitely on the stateful
side so it's 2-1 right now.  I think Robin is also on the stateful side
from his earlier notes so it may be 3-1.

On Wed, 02 Dec 2009 11:59:56 -0600 Eric Evans <eevans@rackspace.com> wrote: 

EE> I'm thinking...

EE> void login(1:required string keyspace, 2:optional map<string, string>
EE> authentication) throws AuthenticationException, AuthorizationException

EE> You're always going to want the keyspace supplied, but depending on how
EE> the cluster is configured, you may not need anything else (so make the
EE> map the second argument, and make it optional).

I was going to use an empty map to signify no credentials.  Optional
works just as well.  Thus the Thrift definition is:

# invalid authentication request (user does not exist or credentials invalid)
exception AuthenticationException {
    1: required string why
}

# invalid authorization request (user does not have access to keyspace)
exception AuthorizationException {
    1: required string why
}

struct AuthenticationRequest {
    1: required map<string, string> credentials,
}

service Cassandra {
...
  void login(1: required string keyspace, 
             2: optional AuthenticationRequest auth_request) 
       throws (1:AuthenticationException aux, 2: AuthorizationException azx),
...
}

Ted


Mime
View raw message