kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mayuresh Gharat <gharatmayures...@gmail.com>
Subject Re: [DISCUSS] KIP-189: Improve principal builder interface and add support for SASL
Date Fri, 25 Aug 2017 17:48:23 GMT
Hi Jason,

Thanks a lot for the KIP and sorry for the delayed response.

I had a few questions :


   - The KIP says that a user can have a class that extends KafkaPrincipal.
   Would this extended class be used when constructing the Session object in
   the SocketServer instead of constructing a new KafkaPrincipal?


   - The KIP says "A principal is always identifiable by a principal type
   and a name. Nothing else should ever be required." This might not be true
   always, right? For example, we might have a custom third party ACL library
   that creates a custom Principal from the passed in cert (this is done in
   PrincipalBuilder/KafkaPrincipalBuilder) and the custom Authorizer might
   use this third party library to authorize using this custom Principal
   object. The developer who is implementing the Kafka Authorizer should
   not be caring about what the custom Principal would look like and its
   details, since it will just pass it to the third party library in Kafka
   Authorizer's authorize() call.


Thanks,

Mayuresh


On Thu, Aug 24, 2017 at 10:21 AM, Mayuresh Gharat <
gharatmayuresh15@gmail.com> wrote:

> Sure.
>
> Thanks,
>
> Mayuresh
>
> On Wed, Aug 23, 2017 at 5:07 PM, Jun Rao <jun@confluent.io> wrote:
>
>> Hi, Mayuresh,
>>
>> Since this KIP covers the requirement in KIP-111, could you review it too?
>>
>> Thanks,
>>
>> Jun
>>
>>
>> On Tue, Aug 22, 2017 at 3:04 PM, Jason Gustafson <jason@confluent.io>
>> wrote:
>>
>>> Bump. I'll open a vote in a few days if there are no comments.
>>>
>>> Thanks,
>>> Jason
>>>
>>> On Sat, Aug 19, 2017 at 12:28 AM, Ismael Juma <ismael@juma.me.uk> wrote:
>>>
>>> > Thanks for the KIP Jason. It seems reasonable and cleans up some
>>> > inconsistencies in that area. It would be great to get some feedback
>>> from
>>> > Mayuresh and others who worked on KIP-111.
>>> >
>>> > Ismael
>>> >
>>> > On Thu, Aug 17, 2017 at 1:21 AM, Jason Gustafson <jason@confluent.io>
>>> > wrote:
>>> >
>>> > > Hi All,
>>> > >
>>> > > I've added a new KIP to improve and extend the principal building API
>>> > that
>>> > > Kafka exposes:
>>> > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-
>>> > > 189%3A+Improve+principal+builder+interface+and+add+support+for+SASL
>>> > > .
>>> > >
>>> > > As always, feedback is appreciated.
>>> > >
>>> > > Thanks,
>>> > > Jason
>>> > >
>>> >
>>>
>>
>>
>
>
> --
> -Regards,
> Mayuresh R. Gharat
> (862) 250-7125
>



-- 
-Regards,
Mayuresh R. Gharat
(862) 250-7125

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message