>>> Pluging in Apache Shiro can be an option but it still means that you still have duplicate identities, groups, roles etc Don't understand this, why it would have duplicated identities, groups ? Currently only shiro authentication is integrated in zeppelin, as long we integrate shiro authorization, there should be only one central place for authentication and authorization.
Batista, Mario (Nokia - PT/Amadora) <[email protected]>于2017年3月27日周一 下午5:50写道: > You dont need to remove Shiro but it would be nice if you had a way to set > Zeppelin to use external Authentication & Authorization servers. > > Of course that requires that Zeppelin is able to interpret and enforce the > policies that are stored in the central authorization server. > > > > Pluging in Apache Shiro can be an option but it still means that you still > have duplicate identities, groups, roles etc > > > > So the ideia was to put the permission handling logic inside zeppelin and > you could use whatever authorization server you might use….as long as you > use the standard protocols… > > > > > > > > ------------------------------------------------------- > > *Mário Batista* > > NOKIA > > Product Owner > > MN GS DE Tools NPO Automation > > ------------------------------------------------------- > > > > *From:* Jeff Zhang [mailto:[email protected]] > *Sent:* Friday, March 24, 2017 2:37 AM > *To:* [email protected] > > > *Subject:* Re: Zeppelin should support standard protocols for authN and > AuthZ > > > > > > Do you mean to remove shiro ? shiro is pluggable, maybe it supports the > protocols you mentioned > > > > Batista, Mario (Nokia - PT/Amadora) <[email protected]>于2017年3月24日周五 > 上午2:04写道: > > Hi, > > > > Yes of course. > > > > Currently as far as I understand Authentication and authorization is > implemented by making use of Apache Shiro, correct? > > The intention here is to detach or not-bind Zeppelin to a specific > solution by making use of standard protocols for Authentication and > Authorization. > > > > Example use case: > > > > > > > > ------------------------------------------------------- > > *Mário Batista* > > NOKIA > > Product Owner > > MN GS DE Tools NPO Automation > > ------------------------------------------------------- > > > > *From:* Jongyoul Lee [mailto:[email protected]] > *Sent:* Monday, March 20, 2017 11:22 AM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: Zeppelin should support standard protocols for authN and > AuthZ > > > > Hi, > > > > Can you explain or give me an idea for it more detail? > > > > > > > > On Mon, Mar 20, 2017 at 7:02 PM, mbatista <[email protected]> wrote: > > In order to make Zeppelin more easy to integrate in the modern cloud > environments where authentication and authorization are done by having a > centralized server for all the apps, Zeppelin shall support standard > protocols for IAM purposes. > > Regarding authentication > > -OpenId connect protocol > > Authorization > > -UMA protocol (user access management), which is a OAuth2.0 profile. > > This allows Resources owners to write their access control policies on the > Authorization server and make the policy enforcement point in Zeppelin > itself, for instance. > > A common language for policy expression can be XACML or the emerging ALFA > language. > > > > > > -- > View this message in context: > http://apache-zeppelin-users-incubating-mailing-list.75479.x6.nabble.com/Zeppelin-should-support-standard-protocols-for-authN-and-AuthZ-tp5247.html > Sent from the Apache Zeppelin Users (incubating) mailing list mailing list > archive at Nabble.com. > > > > > > -- > > 이종열, Jongyoul Lee, 李宗烈 > > http://madeng.net > >
