gaborgsomogyi commented on pull request #14841: URL: https://github.com/apache/flink/pull/14841#issuecomment-891919782
@tillrohrmann Thanks for pinging, this is definitely interesting topic because proper DT handling is a key feature to many ppls including us. @JackWangCS since this one is a big feature I would like to take a look at the FLIP. Where can I find it? As I see you've partially copy/pasted the Spark DT handling which is good. What I lack is the DT lifecycle description. The most important parts: * Who and when renews/re-obtains/propagates DTs? * How is it made sure that DTs are propagated in a secure way to workers? * Can you share what is the lifecycle of `HadoopDelegationTokenManager`? * Will this be run as a standalone multi-tenant service? Or once per Flink job? Or something else? BTW since I have quite some knowledge in security area I've already a 99% done FLIP for this. All in all w/o knowing at least the mentioned questions I don't think it should go in. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org