Hi team, Happy to be here and hope I can provide quality additions in the future.
Thank you all for helpful the suggestions! Considering them the FLIP has been modified and the work continues on the already existing Jira. BR, G On Wed, Jun 2, 2021 at 11:23 AM Márton Balassi <balassi.mar...@gmail.com> wrote: > Thanks, Chesney - I totally missed that. Answered on the ticket too, let > us continue there then. > > Till, I agree that we should keep this codepath as slim as possible. It is > an important design decision that we aim to keep the list of authentication > protocols to a minimum. We believe that this should not be a primary > concern of Flink and a trusted proxy service (for example Apache Knox) > should be used to enable a multitude of enduser authentication mechanisms. > The bare minimum of authentication mechanisms to support consequently > consist of a single strong authentication protocol for which Kerberos is > the enterprise solution and HTTP Basic primary for development and > light-weight scenarios. > > Added the above wording to G's doc. > > https://docs.google.com/document/d/1NMPeJ9H0G49TGy3AzTVVJVKmYC0okwOtqLTSPnGqzHw/edit > > > > On Tue, Jun 1, 2021 at 11:47 AM Chesnay Schepler <ches...@apache.org> > wrote: > >> There's a related effort: >> https://issues.apache.org/jira/browse/FLINK-21108 >> >> On 6/1/2021 10:14 AM, Till Rohrmann wrote: >> > Hi Gabor, welcome to the Flink community! >> > >> > Thanks for sharing this proposal with the community Márton. In general, >> I >> > agree that authentication is missing and that this is required for using >> > Flink within an enterprise. The thing I am wondering is whether this >> > feature strictly needs to be implemented inside of Flink or whether a >> proxy >> > setup could do the job? Have you considered this option? If yes, then it >> > would be good to list it under the point of rejected alternatives. >> > >> > I do see the benefit of implementing this feature inside of Flink if >> many >> > users need it. If not, then it might be easier for the project to not >> > increase the surface area since it makes the overall maintenance harder. >> > >> > Cheers, >> > Till >> > >> > On Mon, May 31, 2021 at 4:57 PM Márton Balassi <mbala...@apache.org> >> wrote: >> > >> >> Hi team, >> >> >> >> Firstly I would like to introduce Gabor or G [1] for short to the >> >> community, he is a Spark committer who has recently transitioned to the >> >> Flink Engineering team at Cloudera and is looking forward to >> contributing >> >> to Apache Flink. Previously G primarily focused on Spark Streaming and >> >> security. >> >> >> >> Based on requests from our customers G has implemented Kerberos and >> HTTP >> >> Basic Authentication for the Flink Dashboard and HistoryServer. >> Previously >> >> lacked an authentication story. >> >> >> >> We are looking to contribute this functionality back to the community, >> we >> >> believe that given Flink's maturity there should be a common code >> solution >> >> for this general pattern. >> >> >> >> We are looking forward to your feedback on G's design. [2] >> >> >> >> [1] http://gaborsomogyi.com/ >> >> [2] >> >> >> >> >> https://docs.google.com/document/d/1NMPeJ9H0G49TGy3AzTVVJVKmYC0okwOtqLTSPnGqzHw/edit >> >> >> >>
