Agreed with Vlad and Gurav that encryption should be at Network and Buffer server levels.
But as Amol mentioned the configuration for enabling it can be set as a stream attribute OR an app wide attribute. ~ Chinmay. On Thu, Dec 17, 2015 at 5:43 AM, Amol Kekre <[email protected]> wrote: > Makes sense to make it stream attribute. > > Thks > Amol > > > On Wed, Dec 16, 2015 at 11:34 AM, Vlad Rozov <[email protected]> > wrote: > > > +1 - support should be at the network and buffer server levels. > > > > Vlad > > > > > > On 12/15/15 00:10, Timothy Farkas wrote: > > > >> I think encryption of data sent across the wire and operator logic are > >> orthogonal. The user should just have to set DAG level attribute to > >> enable/disable encryption, without having to write any encryption > related > >> code. I think this would require changes to the Buffer Server publisher > >> and > >> subscriber though. > >> > >> On Mon, Dec 14, 2015 at 11:27 PM, Chandni Singh < > [email protected]> > >> wrote: > >> > >> When we are dealing with secured data, the usual scenarios are that you > >>> get > >>> encrypted data. > >>> This data need to decrypt and then perform other functions on it. The > >>> output of the dag is then encrypted. > >>> > >>> In the past we have solved these use cases by performing > >>> decryption/encryption in the operator. > >>> IMO the operator approach works better because these processes may > >>> require > >>> invoking utilities and also operators can be configured easily using > >>> properties. > >>> > >>> Chandni > >>> > >>> On Mon, Dec 14, 2015 at 10:34 PM, Sandesh Hegde < > [email protected] > >>> > > >>> wrote: > >>> > >>> Well we have committers from bank, their feedback will be really > >>>> > >>> valuable. > >>> > >>>> On Mon, Dec 14, 2015 at 10:30 PM Priyanka Gugale < > >>>> > >>> [email protected] > >>> > >>>> wrote: > >>>> > >>>> Sounds good. This is good feature for banks and security domain. > >>>>> One suggestion: We can do key management ourself at application (may > be > >>>>> > >>>> by > >>>> > >>>>> providing default keys) and there should be an option to override > keys > >>>>> > >>>> if > >>> > >>>> user really want to do so. > >>>>> > >>>>> -Priyanka > >>>>> > >>>>> On Tue, Dec 15, 2015 at 11:37 AM, Chinmay Kolhatkar < > >>>>> [email protected] > >>>>> > >>>>>> wrote: > >>>>>> Hi All, > >>>>>> > >>>>>> I wanted to propose an idea using which one can have encrypted > stream > >>>>>> flowing in a DAG. > >>>>>> > >>>>>> Basically, the idea is to create a new EncryptedInputPort which will > >>>>>> > >>>>> extend > >>>>> > >>>>>> from DefaultInputPort and will return a StreamCodec object which > will > >>>>>> > >>>>> take > >>>>> > >>>>>> care of encryption/decryption. > >>>>>> As the same StreamCodec object will be used at OutputPort, the > >>>>>> > >>>>> encryption > >>>> > >>>>> can be done in toByteArray method at Output port and decryption can > >>>>>> > >>>>> be > >>> > >>>> done > >>>>> > >>>>>> in fromByteArray at Input port. > >>>>>> > >>>>>> By default we can support some basic encryption algorithms like RSA > >>>>>> > >>>>> and > >>> > >>>> DSA > >>>>> > >>>>>> where user need to provide the key(s) to EncryptedInputPort. > >>>>>> > >>>>>> Any thoughts? > >>>>>> > >>>>>> ~ Chinmay. > >>>>>> > >>>>>> > > >
