You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Alexander Rojas (JIRA)" <ji...@apache.org> on 2015/04/15 10:50:01 UTC
[jira] [Commented] (MESOS-2620) Implement a mechanism which allows
access control of endpoints
[ https://issues.apache.org/jira/browse/MESOS-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14495868#comment-14495868 ]
Alexander Rojas commented on MESOS-2620:
----------------------------------------
A design for the issue has been proposed at https://docs.google.com/document/d/1JSJTJMJ6ZXLkCSmvOIabTLrjtqqr0E-u99Rx2BHR1hs/edit
> Implement a mechanism which allows access control of endpoints
> --------------------------------------------------------------
>
> Key: MESOS-2620
> URL: https://issues.apache.org/jira/browse/MESOS-2620
> Project: Mesos
> Issue Type: Improvement
> Affects Versions: 0.21.1
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
>
> h2. Rationale
> As is currently implemented, libprocess processes are able to provide HTTP endpoints to serve some client's requests. Any security requirement are left to the actual endpoint handler to be implemented. Moreover, some common security checks (e.g., requiring the connection to be perform over a secure channel or controlling the source of the connection) cannot be performed at all since this attributes are not made available to the endpoint's handlers.
> h2. Goal
> Implement a mechanism which allows users of libprocess to install _firewall_ like rules which can be easily applied to any incoming connection, decoupling the endpoint's handler from the security layer.
> Provide at least on rule which allow the selective disabling of endpoints. This also requires mesos users to be able to manipule such rules.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)