Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Let each broker generate a Random secret on each acquisition request and use this secret to generate the hmac. Broker will store the hmac in zookeeper. However as zookeeper zkClient does not support SSL the hmac will be on wire unencrypted which is not safe.A client will go to every broker and acquire token for that broker. The tokens will not be stored in zookeeper at all. The downside of this approach is anytime a new broker is added the initial client has to get notified and it has to ensure it gets token for this new broker and distributes it.
  • Use controller instead of zookeeper as the central location where tokens are generated,renewed and distributed from. You can review the discussion and pro/con here.