kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ron Dagostino <rndg...@gmail.com>
Subject Re: [VOTE] KIP-255: OAuth Authentication via SASL/OAUTHBEARER
Date Thu, 10 May 2018 16:51:00 GMT
HI again, everyone.  Still looking for 2 more binding votes.  PR is now
available at https://github.com/apache/kafka/pull/4994.

Ron

On Tue, May 8, 2018 at 9:45 AM, Ron Dagostino <rndgstn@gmail.com> wrote:

> HI everyone.  Can we get 2 more binding votes on this KIP (and non-binding
> votes, too)?
>
> Ron
>
> On Fri, May 4, 2018 at 11:53 AM, Rajini Sivaram <rajinisivaram@gmail.com>
> wrote:
>
>> Hi Ron,
>>
>> +1 (binding)
>>
>> Thanks for the KIP!
>>
>> Regards,
>>
>> Rajini
>>
>> On Fri, May 4, 2018 at 4:55 AM, Ron Dagostino <rndgstn@gmail.com> wrote:
>>
>> > Hi everyone.  I would like to start the vote for KIP-255:
>> > https://cwiki.apache.org/confluence/pages/viewpage.action?
>> pageId=75968876
>> >
>> > This KIP proposes to add the following functionality related to
>> > SASL/OAUTHBEARER:
>> >
>> > 1) Allow clients (both brokers when SASL/OAUTHBEARER is the inter-broker
>> > protocol as well as non-broker clients) to flexibly retrieve an access
>> > token from an OAuth 2 authorization server based on the declaration of a
>> > custom login CallbackHandler implementation and have that access token
>> > transparently and automatically transmitted to a broker for
>> authentication.
>> >
>> > 2) Allow brokers to flexibly validate provided access tokens when a
>> client
>> > establishes a connection based on the declaration of a custom SASL
>> Server
>> > CallbackHandler implementation.
>> >
>> > 3) Provide implementations of the above retrieval and validation
>> features
>> > based on an unsecured JSON Web Token that function out-of-the-box with
>> > minimal configuration required (i.e. implementations of the two types of
>> > callback handlers mentioned above will be used by default with no need
>> to
>> > explicitly declare them).
>> >
>> > 4) Allow clients (both brokers when SASL/OAUTHBEARER is the inter-broker
>> > protocol as well as non-broker clients) to transparently retrieve a new
>> > access token in the background before the existing access token expires
>> in
>> > case the client has to open new connections.
>> >
>> > Thanks,
>> >
>> > Ron
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message