+1 I just re-reviewed this proposal and it looks good to me.
- Aaron > On Jul 12, 2019, at 6:29 AM, Juan José Ramos <jra...@pivotal.io> wrote: > > Hello Mike, > > Agreed, we'll probably need to create an enhancement request for this > feature in JIRA. > Cheers. > > On Thu, Jul 11, 2019 at 5:37 PM Michael Stolz <mst...@pivotal.io> wrote: > >> One thing I will mention regarding DATA:READ:RegionName allowing query >> behavior is that we have been asked by some users already to separate >> DATA:READ:RegionName from DATA:QUERY:RegionName. This request is to protect >> against arbitrary query execution by administrators that can cause huge >> resource consumption. >> >> So regardless of all the rest of the proposal, that's something we should >> probably consider standardizing on. >> >> -- >> Mike Stolz >> Principal Engineer, Pivotal Cloud Cache >> Mobile: +1-631-835-4771 >> >> >> >> On Thu, Jul 11, 2019 at 11:36 AM Juan José Ramos <jra...@pivotal.io> >> wrote: >> >>> Hello all, >>> >>> Friendly reminder regarding the deadline to rise concerns and/or >> objections >>> regarding the *OQL Method InvocationSecurity Proposal [1]*, I'll go ahead >>> and move it to *Development* on July 13th. >>> Best regards. >>> >>> [1]: >>> >>> >> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-PriorArt >>> >>> >>> On Mon, Jul 8, 2019 at 3:29 PM Juan José Ramos <jra...@pivotal.io> >> wrote: >>> >>>> Done [1]!. >>>> Please remember that, if no major concerns arise before Friday this >> week, >>>> I'll go ahead and move the proposal to *Development* on July 13th. >>>> Best regards. >>>> >>>> [1]: >>>> >>> >> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-PriorArt >>>> >>>> On Fri, Jul 5, 2019 at 3:48 PM Jacob Barrett <jbarr...@pivotal.io> >>> wrote: >>>> >>>>> Can you please add a Prior Art section to your proposal discussing >> these >>>>> alternative solutions and why they are insufficient? >>>>> >>>>> Thanks, >>>>> Jake >>>>> >>>>> >>>>>> On Jul 5, 2019, at 10:41 AM, Juan José Ramos <jra...@pivotal.io> >>> wrote: >>>>>> >>>>>> Hello Jake, >>>>>> >>>>>> I've replied something similar *here [1]*. >>>>>> Long story short, I haven't found anything that really applies to >> our >>>>> use >>>>>> case. The "most similar solution" is *Spring Method Security [2]*, >>> which >>>>>> basically implies annotating methods with explicit configuration >> about >>>>> the >>>>>> roles required to execute them. The same goes for *Shiro >>>>> **Annotation-based >>>>>> Authorization [3]*. The *AnnotationBasedMethodAuthorize**r [3]* >>> approach >>>>>> from the proposal is somewhat similar to this, but I've discarded it >>>>>> because if forces the user to annotate classes with our own >>> annotations, >>>>>> basically forcing them to modify their domain model. >>>>>> The proposal basically allows our users to use one of the default of >>> the >>>>>> box implementations and, if they don't like them for whatever >> reason, >>> is >>>>>> flexible enough so they can ultimately provide their own. >>>>>> Hope this helps. >>>>>> Cheers. >>>>>> >>>>>> [1]: >>>>>> >>>>> >>> >> https://markmail.org/message/ekons7ixtz4jtf7n#query:+page:1+mid:snxgpsqd3yuppmsc+state:results >>>>>> [2]: >>>>>> >>>>> >>> >> https://docs.spring.io/spring-security/site/docs/5.1.5.RELEASE/reference/html/jc.html#jc-method >>>>>> [3]: >>>>>> >>>>> >>> >> https://shiro.apache.org/authorization.html#Authorization-AnnotationbasedAuthorization >>>>>> [4]: >>>>>> >>>>> >>> >> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security#OQLMethodInvocationSecurity-AnnotationBasedMethodAuthorizer >>>>>> >>>>>> On Fri, Jul 5, 2019 at 1:46 PM Jacob Barrett <jbarr...@pivotal.io> >>>>> wrote: >>>>>> >>>>>>> So if we don’t want to use the Java built in SecurityManager to >> solve >>>>>>> this, because we feel it's too big or too inflexible for our needs, >>>>> have >>>>>>> other projects implemented something we can borrow? We can’t be the >>>>> first >>>>>>> to need something like this if Java’s solution isn’t a good fit. >>>>>>> >>>>>>> Again I want to avoid inventing something new. What prior art is >> out >>>>> there? >>>>>>> >>>>>>> >>>>>>>> On Jul 4, 2019, at 1:29 PM, Juan José Ramos <jra...@pivotal.io> >>>>> wrote: >>>>>>>> >>>>>>>> Hello all, >>>>>>>> >>>>>>>> If you haven't added my email to the spam folder already :-), then >>> I'd >>>>>>> like >>>>>>>> to let you know that I've update again the *Proposal [1]* and >>>>>>> incorporated >>>>>>>> most of the feedback provided, along with some additional >>> information >>>>> and >>>>>>>> context I missed on the previous versions, thanks all that brought >>>>>>> concerns >>>>>>>> and suggestions to the discussion. Please take some time to review >>> it >>>>>>>> thoroughly, adding comments and/or concerns *only on this email >>>>> thread*, >>>>>>>> all feedback is more than welcome. >>>>>>>> If no major concerns arise before July 12th 2019, I'll go ahead >> and >>>>> mark >>>>>>>> move the proposal to *Development* on July 13th. >>>>>>>> Best regards. >>>>>>>> >>>>>>>> [1]: >>>>>>>> >>>>>>> >>>>> >>> >> https://cwiki.apache.org/confluence/display/GEODE/OQL+Method+Invocation+Security >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> Juan José Ramos Cassella >>>>>> Senior Technical Support Engineer >>>>>> Email: jra...@pivotal.io >>>>>> Office#: +353 21 4238611 >>>>>> Mobile#: +353 87 2074066 >>>>>> After Hours Contact#: +1 877 477 2269 >>>>>> Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT >>>>>> How to upload artifacts: >>>>>> https://support.pivotal.io/hc/en-us/articles/204369073 >>>>>> How to escalate a ticket: >>>>>> https://support.pivotal.io/hc/en-us/articles/203809556 >>>>>> >>>>>> [image: support] <https://support.pivotal.io/> [image: twitter] >>>>>> <https://twitter.com/pivotal> [image: linkedin] >>>>>> <https://www.linkedin.com/company/3048967> [image: facebook] >>>>>> <https://www.facebook.com/pivotalsoftware> [image: google plus] >>>>>> <https://plus.google.com/+Pivotal> [image: youtube] >>>>>> < >>>>> >>> https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl >>> >>>>> >>>>> >>>> >>>> -- >>>> Juan José Ramos Cassella >>>> Senior Technical Support Engineer >>>> Email: jra...@pivotal.io >>>> Office#: +353 21 4238611 >>>> Mobile#: +353 87 2074066 >>>> After Hours Contact#: +1 877 477 2269 >>>> Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT >>>> How to upload artifacts: >>>> https://support.pivotal.io/hc/en-us/articles/204369073 >>>> How to escalate a ticket: >>>> https://support.pivotal.io/hc/en-us/articles/203809556 >>>> >>>> [image: support] <https://support.pivotal.io/> [image: twitter] >>>> <https://twitter.com/pivotal> [image: linkedin] >>>> <https://www.linkedin.com/company/3048967> [image: facebook] >>>> <https://www.facebook.com/pivotalsoftware> [image: google plus] >>>> <https://plus.google.com/+Pivotal> [image: youtube] >>>> < >>> https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl >>> >>>> >>> >>> >>> -- >>> Juan José Ramos Cassella >>> Senior Technical Support Engineer >>> Email: jra...@pivotal.io >>> Office#: +353 21 4238611 >>> Mobile#: +353 87 2074066 >>> After Hours Contact#: +1 877 477 2269 >>> Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT >>> How to upload artifacts: >>> https://support.pivotal.io/hc/en-us/articles/204369073 >>> How to escalate a ticket: >>> https://support.pivotal.io/hc/en-us/articles/203809556 >>> >>> [image: support] <https://support.pivotal.io/> [image: twitter] >>> <https://twitter.com/pivotal> [image: linkedin] >>> <https://www.linkedin.com/company/3048967> [image: facebook] >>> <https://www.facebook.com/pivotalsoftware> [image: google plus] >>> <https://plus.google.com/+Pivotal> [image: youtube] >>> < >> https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl> >>> >> > > > -- > Juan José Ramos Cassella > Senior Technical Support Engineer > Email: jra...@pivotal.io > Office#: +353 21 4238611 > Mobile#: +353 87 2074066 > After Hours Contact#: +1 877 477 2269 > Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT > How to upload artifacts: > https://support.pivotal.io/hc/en-us/articles/204369073 > How to escalate a ticket: > https://support.pivotal.io/hc/en-us/articles/203809556 > > [image: support] <https://support.pivotal.io/> [image: twitter] > <https://twitter.com/pivotal> [image: linkedin] > <https://www.linkedin.com/company/3048967> [image: facebook] > <https://www.facebook.com/pivotalsoftware> [image: google plus] > <https://plus.google.com/+Pivotal> [image: youtube] > <https://www.youtube.com/playlist?list=PLAdzTan_eSPScpj2J50ErtzR9ANSzv3kl>
