[jira] [Commented] (TINKERPOP3-576) Gremlin Server Authentication

Tue, 07 Jul 2015 10:13:02 -0700 

    [ 
https://issues.apache.org/jira/browse/TINKERPOP3-576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14617001#comment-14617001
 ] 

stephen mallette commented on TINKERPOP3-576:
---------------------------------------------

Just some quick thoughts on this as I've not had more than quick thoughts on 
this issue. :)  This issue was about authentication for requests to gremlin 
server and not authorization as to what graphs one might have access to, but 
perhaps authorization is tied into this in some way.  I hadn't thought that far 
ahead.  

Users currently have methods open to them to implement their own 
authentication/authorization schemes.  You just have to implement your own 
{{Channelizer}} implementation to inject your custom security handler and 
configure it in the yaml file.  To some degree, I wonder if adding specific 
"authentication" and "authorization" extension points to Gremlin Server 
infrastructure can make that process any easier. For authentication, I suppose 
there could be some out-of-the-box security handlers for openid, ldap, 
whatever, and they could be configured via some secure implementation of a 
{{Channelizer}} or maybe even the existing ones somehow with new configuration 
capabilities there.

I don't think the protocol would have to change.  I think we can just pass 
username/password as keys in the {{RequestMessage}} arguments...simple enough.

Going back to authorization, that's a bit more tricky because all graphs get 
bound to the {{ScriptEngine}} for every request.  I suppose there would be room 
to have an authorization mechanism be consulted to determine which {{Graph}} 
and/or {{TraversalSource}} bindings were supplied given an authenticated user.  

> Gremlin Server Authentication
> -----------------------------
>
>                 Key: TINKERPOP3-576
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP3-576
>             Project: TinkerPop 3
>          Issue Type: Improvement
>          Components: server
>            Reporter: stephen mallette
>
> Provide some method to allow for authentication to Gremlin Server.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to