You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2019/09/25 15:34:12 UTC

[GitHub] [knox] lmccay commented on issue #153: KNOX-2020 - AWS federation support added to hadoop-jwt cookie

lmccay commented on issue #153: KNOX-2020 - AWS federation support added to hadoop-jwt cookie
URL: https://github.com/apache/knox/pull/153#issuecomment-535080439
 
 
   From my comment on JIRA KNOX-2020:
   
   @sharad-oss - this looks interesting!
   I'd actually like to see a one-pager type doc that describes the usecases, the design and security considerations. Please attach it to the JIRA itself.
   One thing that I am concerned about is the inclusion of sensitive credentials in the JWT based cookie.
   The cookie from KnoxSSO is intended for browsers and generally represents the authenticated user but doesn't include credentials. It is essentially in clear text since the JWT is merely base64 encoded. This is not sufficient protection for credentials that can be used outside of the scope of Knox itself.
   In terms of usecases, I'd like to understand the full flow including how/where the credentials are actually used and what consumer will be provided in Knox for the credentials.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services