Hi everyone, I´m working on a concept to use Kafka with self-contained tokens (instead of ACL).
The idea: - A client requests access to a certain topic (in some kind of portal) - The owner of the topic approves the request (in some kind of portal) - The client receives a signed tokens which contains the topic (in some kind of portal) - The client sends the token when he connects to Kafka - Kafka validates the token and grants access Token Format: - List of Topics and methods o E.g. read /topic1 - Expire Date - Signature Implementation Idea: - Create a custom Authorization Class which checks the signature - Implement the possibility to send arbitrary data (key->value) along with the request when the client connects to the cluster I´m looking forward for feedback on this approach and would be happy if you could give me a starting where to start with the implementation (or if there already is a way to send arbitrary data to a custom Authorizer). Kind Regards, Peter ----------------------------------------------------------------- ATTENTION: The information in this e-mail is confidential and only meant for the intended recipient. If you are not the intended recipient, don't use or disclose it in any way. Please let the sender know and delete the message immediately. -----------------------------------------------------------------
