[
https://issues.apache.org/jira/browse/SLING-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790445#comment-13790445
]
Ian Boston commented on SLING-3154:
-----------------------------------
I am thinking of a different approach.
Embed everything inside the discovery implementation (it is an implementation
after all) and support whitelist or signing with optional encryption of the
payload.
This should make it much simpler for anyone to configure.
Adding a SPI only becomes relevant if the internal impl doesn't cover whats
needed, and if there is an SPI, then the impl becomes more complex.
> Add Topology Message Verification to the Discovery service.
> -----------------------------------------------------------
>
> Key: SLING-3154
> URL: https://issues.apache.org/jira/browse/SLING-3154
> Project: Sling
> Issue Type: Improvement
> Components: General
> Affects Versions: Discovery Impl 1.0.0
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: Discovery Impl 1.0.2
>
>
> The discovery service provides support for whitelisting sources of topology
> information, but in a cluster where the topology this creates a
> re-configuration load of order M*(n*(n-1)) where n is the number of nodes in
> the topology and M is the number of changes. That load rises rapidly as the
> number of changes and/or nodes increases.
> To address this there are 2 proposals.
> 1. To provide an SPI exported from the Discovery Impl bundle that allows
> implementors to implement whitelisting based on the request. This will need
> to support creating the request and validating the request.
> 2. Embed functionality within the Discovery Impl bundle that supports
> validation and encryption of topology requests.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
