Hi Jun
Thanks for your response. The token architecture looks good. I am not sure what
level of authentication is supported at the Registry level. It would be good if
it is a pluggable module so that we can support different authentication
schemes.
> The good news is, the core team are planning to provide support for
> connection authentication and building secure connection, and i believe this
> feature along with others will come soon.
This will be really helpful. We are doing a small PoC to see whether it
addresses our core requirement. If it does, I am happy to contribute towards
the design/implementation of authentication/authorization.
Thanks
Bosco
On 2/25/18, 6:36 PM, "Jun Liu" <ken.lj...@gmail.com> wrote:
Hi, Bosco
At present, we do provide some security control strategies, but mainly on
service registration and service discovery level:
1. Token Verification. You can check here for details:
http://dubbo.io/books/dubbo-user-book-en/demos/token-authorization.html
2. The accreditation capacity of the registration center itself. For
example, authentication provided by ZooKeeper.
As for the connection level, we haven't provided support for initial
connection authentication, and also do not support secure connections e.g.
SSL. Because for our initial purpose, Dubbo was designed to be used in
organization internally. We made an assumption that the data communication
environment is secure.
The good news is, the core team are planning to provide support for
connection authentication and building secure connection, and i believe
this feature along with others will come soon.
On Mon, Feb 26, 2018 at 10:26 AM, Huxing Zhang <hux...@apache.org> wrote:
> Hi,
>
> Welcome to Dubbo community!
>
> This is probably the first thread regarding Dubbo development -:
>
> As the mailing list is just established, the core developers are just
> start subscribing.
>
> Replying to this thread so more people could see it.
>
>
> On Sat, Feb 24, 2018 at 5:41 PM, Don Bosco Durai <bo...@apache.org> wrote:
> > Hello Everyone
> >
> >
> >
> > I was looking into Dubbo project and it’s very interesting. Also, it
> meets most of my requirement.
> >
> >
> >
> > I need support for authentication during establishing the initial
> connection. I couldn’t find any reference to it. I went through
> http://dubbo.io/books/dubbo-user-book-en/ and http://dubbo.io/books/dubbo-
> admin-book-en/
> >
> >
> >
> > Does Dubbo support security? Any pointers is appreciated.
> >
> >
> >
> > Thanks
> >
> >
> >
> > Bosco
> >
> >
> >
>
>
>
> --
> Best Regards!
> Huxing
>
