Return-Path: Delivered-To: apmail-incubator-cassandra-user-archive@minotaur.apache.org Received: (qmail 62289 invoked from network); 2 Dec 2009 21:34:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Dec 2009 21:34:54 -0000 Received: (qmail 92549 invoked by uid 500); 2 Dec 2009 21:34:53 -0000 Delivered-To: apmail-incubator-cassandra-user-archive@incubator.apache.org Received: (qmail 92529 invoked by uid 500); 2 Dec 2009 21:34:53 -0000 Mailing-List: contact cassandra-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cassandra-user@incubator.apache.org Delivered-To: mailing list cassandra-user@incubator.apache.org Received: (qmail 92519 invoked by uid 99); 2 Dec 2009 21:34:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2009 21:34:53 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jbellis@gmail.com designates 209.85.219.220 as permitted sender) Received: from [209.85.219.220] (HELO mail-ew0-f220.google.com) (209.85.219.220) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2009 21:34:45 +0000 Received: by ewy20 with SMTP id 20so353457ewy.20 for ; Wed, 02 Dec 2009 13:34:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=6DXHbcQmr7uK5Wfo54d5DqSsgwpS0G1HG8QkHaNuArs=; b=iX5jSi8TvL84f1uebbYBuNgQsAYIqE6EHa9Wzk4JET0F+0Jxgqr8Tq35xU896bxFoQ v/7XdoL5A8G31wPlO80h/BNvoAQ3dZcudl0nIaUpWNXeKUtObQWjYnorLMxes9alJgcW iItw0r15mc9gR+hYfm7LaV9rsAjUn9U8YnUkM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=KIEKLQfVMb9k4xRzfiS2DSycsUKtw0IwvSOlBfm4opm6qDc7o6LEtX0q7fRc6176FF we0Py+Fa9oNkw3iJYRmwf1tb5C+OyieFHdLpzJSVwOakcepbu9TeMVODEVLvuFluBHKZ E/mWPvR+QrftJ5E0cf8KPszfiUlC2TO7qSpjs= MIME-Version: 1.0 Received: by 10.216.86.3 with SMTP id v3mr212255wee.165.1259789665152; Wed, 02 Dec 2009 13:34:25 -0800 (PST) In-Reply-To: <87r5rdhxsr.fsf@lifelogs.com> References: <87eio6p7pb.fsf@lifelogs.com> <87fx7ul6id.fsf@lifelogs.com> <1259708330.19220.59.camel@achilles> <87638pl96u.fsf@lifelogs.com> <87ljhljhv2.fsf@lifelogs.com> <1259784893.10676.32.camel@achilles> <87zl61i0kn.fsf@lifelogs.com> <1259786109.10676.35.camel@achilles> <87r5rdhxsr.fsf@lifelogs.com> From: Jonathan Ellis Date: Wed, 2 Dec 2009 15:32:35 -0600 Message-ID: Subject: Re: Cassandra access control To: cassandra-user@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org 2009/12/2 Ted Zlatanov : > I'd still rather pass something back. =A0As I said, it allows backends to > maintain state when it makes sense to do so and can alleviate the > problem of redundant auth queries in the future. That makes no sense whatsoever. Backends can maintain state or not either way; adding a token you have to pass back makes just adds an extra layer of mapping token -> real state in the simple case of token-is-only-valid-per-connection and an unreasonable amount of complexity if you try to make it valid across more than one. I'm -1 in the apache veto sense on the token idea. -Jonathan