Re: Authentication/Authorization feature for GAAS.

[Abhishek Tiwari <ab...@apache.org>]

Hi Vicky,

Some thoughts inlined.
Meanwhile, can you also share a doc with your thoughts so far? Probably add
a wiki link?
Do you also have a Jira for this?

Abhishek

On Mon, May 21, 2018 at 4:10 AM Vicky Kak <vi...@gmail.com> wrote:

> Hi Guys,
>
> I am planning to start working on the Authentication/Authorization module
> of the GAAS and have the following features in my mind
>
> 1) User Registration, the user should be able to register to the GAAS. The
> users could register to the system with different roles
> admin/deployer/runner roles.
>
Sounds good, but how would registration work? Configuration based initial
users, etc?
Also would be good to have a hierarchy of roles and their relation.

>
> 2) The registered user with the deployer role can make the GAAS deployment,
> the GAAS deployment will involve  uploading the template files and jars to
> the GAAS and to the corresponding standard clusters. The deployment step
> may have to restart the corresponding standalone cluster nodes too.
>
 +1
We also should be thinking of enabling deployment to self register (ie. an
executor can self register with GaaS and share its capabilities)

>
> 3) The user with the runner roles can create and run the flows for the Jobs
> which are deployed.
>
> 4) This Authentication/Autherization module should have pluggble sql based
> store, we could start with the embeded H2 engine (
> http://www.h2database.com/html/main.html).
>
+1

>
>
> Apart from the above I expect to get the Topology information in the GAAS
> from the API which I believe will be available.
>
> Please let me hear what else could be added to the list.
>
- We should have pluggable authentication system (with a default impl. such
as LDAP?)
- Also pluggable authorization system (with a default impl. such as DB?)

>
> Thanks,
> Vicky
>