[jira] [Commented] (SLING-3154) Add Topology Message Verification to the Discovery service.

Wed, 09 Oct 2013 09:19:12 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790563#comment-13790563
 ] 

Ian Boston commented on SLING-3154:
-----------------------------------

Hi [~egli]
I need the ability to have a single shared configuration for an entire topology 
that allows automated and secure discovery of all active members of that 
topology without any whitelisting. That configuration should be static and not 
dependent on the topology itself or reference anything in the physical topology.

"Regarding encrypting/decrypting: do we have all the APIs on the Sling level 
for this?"

I might be missing something but last time I looked the JDK supported 
encrypting/decrypting. It may not have a huge range of algorithms, but 
HmacSHA256 and AES/CBC/PKCS5Padding is probably good enough for this.

I have working code that doesn't do anything to the existing IP whitelisting 
unless configured to be active.

Best Regards
Ian

> Add Topology Message Verification to the Discovery service.
> -----------------------------------------------------------
>
>                 Key: SLING-3154
>                 URL: https://issues.apache.org/jira/browse/SLING-3154
>             Project: Sling
>          Issue Type: Improvement
>          Components: General
>    Affects Versions: Discovery Impl 1.0.0
>            Reporter: Ian Boston
>            Assignee: Ian Boston
>             Fix For: Discovery Impl 1.0.2
>
>
> The discovery service provides support for whitelisting sources of topology 
> information, but in a cluster where the topology this creates a 
> re-configuration load of order M*(n*(n-1)) where n is the number of nodes in 
> the topology and M is the number of changes. That load rises rapidly as the 
> number of changes and/or nodes increases. 
> To address this there are 2 proposals.
> 1. To provide an SPI exported from the Discovery Impl bundle that allows 
> implementors to implement whitelisting based on the request. This will need 
> to support creating the request and validating the request.
> 2. Embed functionality within the Discovery Impl bundle that supports 
> validation and encryption of topology requests.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to