I've updated the Jira for having network/bufferserver level encryption. ~ Chinmay.
On Thu, Dec 17, 2015 at 12:39 PM, Chinmay Kolhatkar <[email protected] > wrote: > Agreed with Vlad and Gurav that encryption should be at Network and Buffer > server levels. > > But as Amol mentioned the configuration for enabling it can be set as a > stream attribute OR an app wide attribute. > > ~ Chinmay. > > On Thu, Dec 17, 2015 at 5:43 AM, Amol Kekre <[email protected]> wrote: > >> Makes sense to make it stream attribute. >> >> Thks >> Amol >> >> >> On Wed, Dec 16, 2015 at 11:34 AM, Vlad Rozov <[email protected]> >> wrote: >> >> > +1 - support should be at the network and buffer server levels. >> > >> > Vlad >> > >> > >> > On 12/15/15 00:10, Timothy Farkas wrote: >> > >> >> I think encryption of data sent across the wire and operator logic are >> >> orthogonal. The user should just have to set DAG level attribute to >> >> enable/disable encryption, without having to write any encryption >> related >> >> code. I think this would require changes to the Buffer Server publisher >> >> and >> >> subscriber though. >> >> >> >> On Mon, Dec 14, 2015 at 11:27 PM, Chandni Singh < >> [email protected]> >> >> wrote: >> >> >> >> When we are dealing with secured data, the usual scenarios are that you >> >>> get >> >>> encrypted data. >> >>> This data need to decrypt and then perform other functions on it. The >> >>> output of the dag is then encrypted. >> >>> >> >>> In the past we have solved these use cases by performing >> >>> decryption/encryption in the operator. >> >>> IMO the operator approach works better because these processes may >> >>> require >> >>> invoking utilities and also operators can be configured easily using >> >>> properties. >> >>> >> >>> Chandni >> >>> >> >>> On Mon, Dec 14, 2015 at 10:34 PM, Sandesh Hegde < >> [email protected] >> >>> > >> >>> wrote: >> >>> >> >>> Well we have committers from bank, their feedback will be really >> >>>> >> >>> valuable. >> >>> >> >>>> On Mon, Dec 14, 2015 at 10:30 PM Priyanka Gugale < >> >>>> >> >>> [email protected] >> >>> >> >>>> wrote: >> >>>> >> >>>> Sounds good. This is good feature for banks and security domain. >> >>>>> One suggestion: We can do key management ourself at application >> (may be >> >>>>> >> >>>> by >> >>>> >> >>>>> providing default keys) and there should be an option to override >> keys >> >>>>> >> >>>> if >> >>> >> >>>> user really want to do so. >> >>>>> >> >>>>> -Priyanka >> >>>>> >> >>>>> On Tue, Dec 15, 2015 at 11:37 AM, Chinmay Kolhatkar < >> >>>>> [email protected] >> >>>>> >> >>>>>> wrote: >> >>>>>> Hi All, >> >>>>>> >> >>>>>> I wanted to propose an idea using which one can have encrypted >> stream >> >>>>>> flowing in a DAG. >> >>>>>> >> >>>>>> Basically, the idea is to create a new EncryptedInputPort which >> will >> >>>>>> >> >>>>> extend >> >>>>> >> >>>>>> from DefaultInputPort and will return a StreamCodec object which >> will >> >>>>>> >> >>>>> take >> >>>>> >> >>>>>> care of encryption/decryption. >> >>>>>> As the same StreamCodec object will be used at OutputPort, the >> >>>>>> >> >>>>> encryption >> >>>> >> >>>>> can be done in toByteArray method at Output port and decryption can >> >>>>>> >> >>>>> be >> >>> >> >>>> done >> >>>>> >> >>>>>> in fromByteArray at Input port. >> >>>>>> >> >>>>>> By default we can support some basic encryption algorithms like RSA >> >>>>>> >> >>>>> and >> >>> >> >>>> DSA >> >>>>> >> >>>>>> where user need to provide the key(s) to EncryptedInputPort. >> >>>>>> >> >>>>>> Any thoughts? >> >>>>>> >> >>>>>> ~ Chinmay. >> >>>>>> >> >>>>>> >> > >> > >
