incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Robson <mar...@gmail.com>
Subject Re: Cassandra access control
Date Wed, 02 Dec 2009 15:13:11 GMT
2009/12/2 Ted Zlatanov <tzz@lifelogs.com>

> OK.  So what should the API be?  Just one method, as Robin suggested?
>
> void login( Map<String, String> credentials, String keyspace )
>  throws AuthenticationException, AuthorizationException
>
> In this model the backend would still have login() and
> setKeyspace()/getKeyspace() separately to distinguish between
> authentication and authorization but the frontend API would merge them.
>

I'd be against moving to a stateful protocol.

Currently there isn't any per-connection state held by the API (correct me
someone, if I'm wrong), which means you can transparently reconnect (perhaps
to a different server) on error and retry (updates are always safely
repeatable in Cassandra without any bad effects, right?)

Adding a session state means that the application would need to handle
reconnection at a higher level.

Given that only a small proportion of the Cassandra users are likely to want
authentication (immediately), why not leave the keyspace parameter in all
existing methods, but allow the server to throw a AuthenticationException if
you aren't authorised for that keyspace (yet).

Then applications which need to authentication wouldn't need to change.

Mark

Mime
View raw message