[jira] Commented: (THRIFT-876) Add SASL support

Tue, 31 Aug 2010 11:53:16 -0700 

    [ 
https://issues.apache.org/jira/browse/THRIFT-876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12904724#action_12904724
 ] 

Aaron T. Myers commented on THRIFT-876:
---------------------------------------

bq. Overall I like it.

Glad to hear it.

bq. 1/ As usual, I don't think we should specify UTF-8. SASL is an 
octet-oriented system. Let's just define all of the messages as bytes.

I'll defer to Todd on this one, as it was his idea to specify this.

bq. 2/ The COMPLETE message should be allowed to contain a payload. What SASL 
calls "additional data with success". (Why it doesn't allow additional data 
with failure is beyond me.)

Very good point. I will amend and post a patch of the spec.

bq. 3/ Are you planning on using QOP soon? If not, we should just drop the last 
paragraph until someone is ready to implement it. If so, why is the extra 
framing necessary?

The patch I've posted already does indeed use the negotiated QOP, and the tests 
exercise it. The additional framing is necessary because, for example, if the 
QOP does integrity assurance, it may do some hashing of the message payload and 
then include this computed hash in the amended message. The entire message, 
including this hash, must be read by the receiving end so that it may be passed 
to the underlying security mechanism for integrity verification.

> Add SASL support
> ----------------
>
>                 Key: THRIFT-876
>                 URL: https://issues.apache.org/jira/browse/THRIFT-876
>             Project: Thrift
>          Issue Type: New Feature
>          Components: Java - Library
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: thrift-876.txt, thrift-876.txt.2, thrift-876.txt.3, 
> thrift-sasl-spec.txt
>
>
> It'd be nice if there were some way of securing Thrift communication in a 
> pluggable fashion. SASL is the implementation chosen by Hadoop for this. 
> Seems like a good option for Thrift, too.
> I'll start with a Java implementation, then move on to support the other 
> language bindings.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to