[ https://issues.apache.org/jira/browse/MESOS-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14496583#comment-14496583 ]
Benjamin Mahler commented on MESOS-2620: ---------------------------------------- Hm, accessing the doc requires requesting access, can you open it up? > Implement a mechanism which allows access control of endpoints > -------------------------------------------------------------- > > Key: MESOS-2620 > URL: https://issues.apache.org/jira/browse/MESOS-2620 > Project: Mesos > Issue Type: Improvement > Components: libprocess, master, slave > Affects Versions: 0.21.1 > Reporter: Alexander Rojas > Assignee: Alexander Rojas > Labels: mesosphere, security > > h2. Rationale > As is currently implemented, libprocess processes are able to provide HTTP > endpoints to serve some client's requests. Any security requirement are left > to the actual endpoint handler to be implemented. Moreover, some common > security checks (e.g., requiring the connection to be perform over a secure > channel or controlling the source of the connection) cannot be performed at > all since this attributes are not made available to the endpoint's handlers. > h2. Goal > Implement a mechanism which allows users of libprocess to install _firewall_ > like rules which can be easily applied to any incoming connection, decoupling > the endpoint's handler from the security layer. > Provide at least on rule which allow the selective disabling of endpoints. > This also requires mesos users to be able to manipule such rules. -- This message was sent by Atlassian JIRA (v6.3.4#6332)