You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Jeremy Whitlock (Jira)" <ji...@apache.org> on 2021/10/11 17:42:00 UTC

[jira] [Created] (KAFKA-13363) Add support for asynchronous authorization

Jeremy Whitlock created KAFKA-13363:
---------------------------------------

             Summary: Add support for asynchronous authorization
                 Key: KAFKA-13363
                 URL: https://issues.apache.org/jira/browse/KAFKA-13363
             Project: Kafka
          Issue Type: Improvement
          Components: security
            Reporter: Jeremy Whitlock


In KIP-504 there was mention to [Make authorize() asynchronous|https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface#KIP504AddnewJavaAuthorizerInterface-Makeauthorize()asynchronous], saying _"In future, we can add async authorize as a new method on the API if required."_  Many high-performance systems out there (_Envoy, Kubernetes, ...)_ have external authorization mechanisms and I think it would be nice if Kafka did the same.  I am currently working on a Kafka integration, basically custom authn/authz modules that work with Apigee/Google, and the lack of asynchronous authorization makes the ideal approach impossible.  _(Ideally, an asynchronous authorize() would consult Apigee/Google and let the thirdparty dictate what rules it enforced instead of expecting Kafka to do this, or having to drive Kafka's users/ACLs to perform only some of the authorization needs.)_  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)