[DISCUSS] Session data made available to API resource handlers

[Robert Levas <rl...@hortonworks.com>]

Team…

I thought that this might be an interesting topic to discuss.  

I am looking at a situation where it would be nice to have a dynamically generated encryption key stored in a web server session.  This key could be used to encrypt sensitive data that needs to be shared across REST API calls during that session.   In the JIRA that I created for this - https://issues.apache.org/jira/browse/AMBARI-8426 - I propose a use-case related to the automation of enabling (or disabling) Kerberos in a cluster. 

If we take the more generate route that is proposed in the JIRA, we could possibly do other things by storing data in the session - not just the encryption facility I need.  However I would be happy to just have the encryption key if we wanted to limit the scope of access to session data across REST API calls.

Please take a look and provide feedback or suggestions for alternative ways I might accomplish this.  Since this is needed to the upcoming 2.0.0 release, I would like to have something in the works by Wednesday. 

Thanks,

Rob


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.