I agree. If we can really do pluggable authorization (and even pluggable
authentication), it would not actually be hard to effectively implement a
multi-tenant solution. I am hoping to attempt to implement something like
this once there is code / patches for KIP-11 and KIP-12. So I wonder if we
If we can't disable it, then can we use the tried and true method of using
-1 to indicate that no throttling should take place?
On Tue, Apr 21, 2015 at 4:38 PM, Joel Koshy jjkosh...@gmail.com wrote:
In either approach I'm not sure we considered being able to turn it
off completely. IOW, no it
Sorry for jumping in late, but I have been trying to follow this chain as
well as the updates to the KIP. I don't mean to seem critical and I may be
misunderstanding the proposed implementation, but there seems to be some
confusion around terminology (at least from my perspective) and I am not
Not sure if my newbie vote will count, but I think you are getting pretty
close here.
Couple of things:
1) I know the Session object is from a different JIRA, but I think that
Session should take a Subject rather than just a single Principal. The
reason for this is because a Subject can have
about the confusion on this as I am testing out multiple options and trying
to decide right one.
Thanks,
Harsha
On April 24, 2015 at 8:37:09 AM, Gari Singh (gari.r.si...@gmail.com)
wrote:
Sorry for jumping in late, but I have been trying to follow this chain as
well as the updates
) What about actually caching authorization decisions? I know ACLs will
be cached, but the actual authorize decision can be expensive as well?
On Fri, Apr 24, 2015 at 1:27 PM, Gari Singh gari.r.si...@gmail.com wrote:
Not sure if my newbie vote will count, but I think you are getting
pretty close
types of authentication which may each want to populate the Subject
with one or more Principals and perhaps even credentials (this could be used in
the future to hold encryption keys or perhaps the raw info prior to
authentication).
- Gari Singh
On Oct. 26, 2014, 5:37 a.m., Gwen Shapira wrote
this will be ok.
On Fri, Apr 24, 2015 at 2:18 PM, Parth Brahmbhatt
pbrahmbh...@hortonworks.com wrote:
Thanks for your comments Gari. My responses are inline.
Thanks
Parth
On 4/24/15, 10:36 AM, Gari Singh gari.r.si...@gmail.com wrote:
Sorry - fat fingered send ...
Not sure if my newbie vote
Hi Gwen -
I tend to agree with your proposal. As you mention the exact details /
interfaces would need to be worked out, but this would be more in line with
how JAAS and JACC work in the Java / JEE worlds.
I do think that it might be nice to include / provide some helper APIs /
methods for