You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Jeremy Whitlock (Jira)" <ji...@apache.org> on 2021/10/11 17:42:00 UTC
[jira] [Created] (KAFKA-13363) Add support for asynchronous
authorization
Jeremy Whitlock created KAFKA-13363:
---------------------------------------
Summary: Add support for asynchronous authorization
Key: KAFKA-13363
URL: https://issues.apache.org/jira/browse/KAFKA-13363
Project: Kafka
Issue Type: Improvement
Components: security
Reporter: Jeremy Whitlock
In KIP-504 there was mention to [Make authorize() asynchronous|https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface#KIP504AddnewJavaAuthorizerInterface-Makeauthorize()asynchronous], saying _"In future, we can add async authorize as a new method on the API if required."_ Many high-performance systems out there (_Envoy, Kubernetes, ...)_ have external authorization mechanisms and I think it would be nice if Kafka did the same. I am currently working on a Kafka integration, basically custom authn/authz modules that work with Apigee/Google, and the lack of asynchronous authorization makes the ideal approach impossible. _(Ideally, an asynchronous authorize() would consult Apigee/Google and let the thirdparty dictate what rules it enforced instead of expecting Kafka to do this, or having to drive Kafka's users/ACLs to perform only some of the authorization needs.)_
--
This message was sent by Atlassian Jira
(v8.3.4#803005)