Hello all, Friendly reminder regarding the deadline to rise concerns and/or objections regarding the *OQL Method InvocationSecurity Proposal [1]*, I'll go ahead and move it to *Development* on July 13th. Best regards.
[1]: https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-PriorArt On Mon, Jul 8, 2019 at 3:29 PM Juan José Ramos <jra...@pivotal.io> wrote: > Done [1]!. > Please remember that, if no major concerns arise before Friday this week, > I'll go ahead and move the proposal to *Development* on July 13th. > Best regards. > > [1]: > https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-PriorArt > > On Fri, Jul 5, 2019 at 3:48 PM Jacob Barrett <jbarr...@pivotal.io> wrote: > >> Can you please add a Prior Art section to your proposal discussing these >> alternative solutions and why they are insufficient? >> >> Thanks, >> Jake >> >> >> > On Jul 5, 2019, at 10:41 AM, Juan José Ramos <jra...@pivotal.io> wrote: >> > >> > Hello Jake, >> > >> > I've replied something similar *here [1]*. >> > Long story short, I haven't found anything that really applies to our >> use >> > case. The "most similar solution" is *Spring Method Security [2]*, which >> > basically implies annotating methods with explicit configuration about >> the >> > roles required to execute them. The same goes for *Shiro >> **Annotation-based >> > Authorization [3]*. The *AnnotationBasedMethodAuthorize**r [3]* approach >> > from the proposal is somewhat similar to this, but I've discarded it >> > because if forces the user to annotate classes with our own annotations, >> > basically forcing them to modify their domain model. >> > The proposal basically allows our users to use one of the default of the >> > box implementations and, if they don't like them for whatever reason, is >> > flexible enough so they can ultimately provide their own. >> > Hope this helps. >> > Cheers. >> > >> > [1]: >> > >> https://markmail.org/message/ekons7ixtz4jtf7n#query:+page:1+mid:snxgpsqd3yuppmsc+state:results >> > [2]: >> > >> https://docs.spring.io/spring-security/site/docs/5.1.5.RELEASE/reference/html/jc.html#jc-method >> > [3]: >> > >> https://shiro.apache.org/authorization.html#Authorization-AnnotationbasedAuthorization >> > [4]: >> > >> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-AnnotationBasedMethodAuthorizer >> > >> > On Fri, Jul 5, 2019 at 1:46 PM Jacob Barrett <jbarr...@pivotal.io> >> wrote: >> > >> >> So if we don’t want to use the Java built in SecurityManager to solve >> >> this, because we feel it's too big or too inflexible for our needs, >> have >> >> other projects implemented something we can borrow? We can’t be the >> first >> >> to need something like this if Java’s solution isn’t a good fit. >> >> >> >> Again I want to avoid inventing something new. What prior art is out >> there? >> >> >> >> >> >>> On Jul 4, 2019, at 1:29 PM, Juan José Ramos <jra...@pivotal.io> >> wrote: >> >>> >> >>> Hello all, >> >>> >> >>> If you haven't added my email to the spam folder already :-), then I'd >> >> like >> >>> to let you know that I've update again the *Proposal [1]* and >> >> incorporated >> >>> most of the feedback provided, along with some additional information >> and >> >>> context I missed on the previous versions, thanks all that brought >> >> concerns >> >>> and suggestions to the discussion. Please take some time to review it >> >>> thoroughly, adding comments and/or concerns *only on this email >> thread*, >> >>> all feedback is more than welcome. >> >>> If no major concerns arise before July 12th 2019, I'll go ahead and >> mark >> >>> move the proposal to *Development* on July 13th. >> >>> Best regards. >> >>> >> >>> [1]: >> >>> >> >> >> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security >> >> >> >> >> > >> > -- >> > Juan José Ramos Cassella >> > Senior Technical Support Engineer >> > Email: jra...@pivotal.io >> > Office#: +353 21 4238611 >> > Mobile#: +353 87 2074066 >> > After Hours Contact#: +1 877 477 2269 >> > Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT >> > How to upload artifacts: >> > https://support.pivotal.io/hc/en-us/articles/204369073 >> > How to escalate a ticket: >> > https://support.pivotal.io/hc/en-us/articles/203809556 >> > >> > [image: support] <https://support.pivotal.io/> [image: twitter] >> > <https://twitter.com/pivotal> [image: linkedin] >> > <https://www.linkedin.com/company/3048967> [image: facebook] >> > <https://www.facebook.com/pivotalsoftware> [image: google plus] >> > <https://plus.google.com/+Pivotal> [image: youtube] >> > < >> https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl> >> >> > > -- > Juan José Ramos Cassella > Senior Technical Support Engineer > Email: jra...@pivotal.io > Office#: +353 21 4238611 > Mobile#: +353 87 2074066 > After Hours Contact#: +1 877 477 2269 > Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT > How to upload artifacts: > https://support.pivotal.io/hc/en-us/articles/204369073 > How to escalate a ticket: > https://support.pivotal.io/hc/en-us/articles/203809556 > > [image: support] <https://support.pivotal.io/> [image: twitter] > <https://twitter.com/pivotal> [image: linkedin] > <https://www.linkedin.com/company/3048967> [image: facebook] > <https://www.facebook.com/pivotalsoftware> [image: google plus] > <https://plus.google.com/+Pivotal> [image: youtube] > <https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl> > -- Juan José Ramos Cassella Senior Technical Support Engineer Email: jra...@pivotal.io Office#: +353 21 4238611 Mobile#: +353 87 2074066 After Hours Contact#: +1 877 477 2269 Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT How to upload artifacts: https://support.pivotal.io/hc/en-us/articles/204369073 How to escalate a ticket: https://support.pivotal.io/hc/en-us/articles/203809556 [image: support] <https://support.pivotal.io/> [image: twitter] <https://twitter.com/pivotal> [image: linkedin] <https://www.linkedin.com/company/3048967> [image: facebook] <https://www.facebook.com/pivotalsoftware> [image: google plus] <https://plus.google.com/+Pivotal> [image: youtube] <https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl>