Status

Current state: Under Discussion

Discussion thread: <TBD> and Kafka Security Proposal

JIRA: KAFKA-1688

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

Security proposal for Kafka

As more enterprises have started using Kafka, there is a increasing demand for authorization for who can publish or consume from the topics. Authorization can be based on different available session attributes or context, like user, IP, common name in certificate, etc.  Having an extendable authorization interface will help us to implement the core requirements in the initial phase and make it enterprise ready. Having a pluggable interface will enable other security focused products to provide more advanced and enterprise grade implementations.

Public Interfaces

The high level proposal is to define a new interface similar to this:

PermissionManager.isPermitted(Subject subject, InetAddress ip, Permissions permission, String resource)

• Binary log format

  • No

• The network protocol and api behavior

  • No

• Any class in the public packages under clientsConfiguration, especially client configuration

  • <TDB>

• Monitoring

  • No

• Command line tools and arguments

  • No

• Anything else that will likely break existing users in some way when they upgrade
  • No

Proposed Changes

<TBD>

Compatibility, Deprecation, and Migration Plan

• What impact (if any) will there be on existing users?
  • This shouldn't affect any existing users
• If we are changing behavior how will we phase out the older behavior?
  • No. The default implementation would maintain all existing usability behavior
• If we need special migration tools, describe them here.
  • No
• When will we remove the existing behavior?
  • No

Rejected Alternatives

If there are alternative ways of accomplishing the same thing, what were they? The purpose of this section is to motivate why the design is the way it is and not some other way.