> Hi team,
>
> Happy to be here and hope I can provide quality additions in the future.
>
> Thank you all for helpful the suggestions!
> Considering them the FLIP has been modified and the work continues on the
> already existing Jira.
>
> BR,
> G
>
>
> On Wed, Jun 2, 2021 at 11:23 AM Márton Balassi <[hidden email]>
> wrote:
>
>> Thanks, Chesney - I totally missed that. Answered on the ticket too, let
>> us continue there then.
>>
>> Till, I agree that we should keep this codepath as slim as possible. It
>> is an important design decision that we aim to keep the list of
>> authentication protocols to a minimum. We believe that this should not be a
>> primary concern of Flink and a trusted proxy service (for example Apache
>> Knox) should be used to enable a multitude of enduser authentication
>> mechanisms. The bare minimum of authentication mechanisms to support
>> consequently consist of a single strong authentication protocol for which
>> Kerberos is the enterprise solution and HTTP Basic primary for development
>> and light-weight scenarios.
>>
>> Added the above wording to G's doc.
>>
>> https://docs.google.com/document/d/1NMPeJ9H0G49TGy3AzTVVJVKmYC0okwOtqLTSPnGqzHw/edit
>>
>>
>>
>> On Tue, Jun 1, 2021 at 11:47 AM Chesnay Schepler <[hidden email]>
>> wrote:
>>
>>> There's a related effort:
>>> https://issues.apache.org/jira/browse/FLINK-21108
>>>
>>> On 6/1/2021 10:14 AM, Till Rohrmann wrote:
>>> > Hi Gabor, welcome to the Flink community!
>>> >
>>> > Thanks for sharing this proposal with the community Márton. In
>>> general, I
>>> > agree that authentication is missing and that this is required for
>>> using
>>> > Flink within an enterprise. The thing I am wondering is whether this
>>> > feature strictly needs to be implemented inside of Flink or whether a
>>> proxy
>>> > setup could do the job? Have you considered this option? If yes, then
>>> it
>>> > would be good to list it under the point of rejected alternatives.
>>> >
>>> > I do see the benefit of implementing this feature inside of Flink if
>>> many
>>> > users need it. If not, then it might be easier for the project to not
>>> > increase the surface area since it makes the overall maintenance
>>> harder.
>>> >
>>> > Cheers,
>>> > Till
>>> >
>>> > On Mon, May 31, 2021 at 4:57 PM Márton Balassi <[hidden email]>
>>> wrote:
>>> >
>>> >> Hi team,
>>> >>
>>> >> Firstly I would like to introduce Gabor or G [1] for short to the
>>> >> community, he is a Spark committer who has recently transitioned to
>>> the
>>> >> Flink Engineering team at Cloudera and is looking forward to
>>> contributing
>>> >> to Apache Flink. Previously G primarily focused on Spark Streaming and
>>> >> security.
>>> >>
>>> >> Based on requests from our customers G has implemented Kerberos and
>>> HTTP
>>> >> Basic Authentication for the Flink Dashboard and HistoryServer.
>>> Previously
>>> >> lacked an authentication story.
>>> >>
>>> >> We are looking to contribute this functionality back to the
>>> community, we
>>> >> believe that given Flink's maturity there should be a common code
>>> solution
>>> >> for this general pattern.
>>> >>
>>> >> We are looking forward to your feedback on G's design. [2]
>>> >>
>>> >> [1] http://gaborsomogyi.com/
>>> >> [2]
>>> >>
>>> >>
>>> https://docs.google.com/document/d/1NMPeJ9H0G49TGy3AzTVVJVKmYC0okwOtqLTSPnGqzHw/edit
>>> >>
>>>
>>>