[Extensions] OpenSearch requests should know the identity of the caller #3846
Labels
Build Libraries & Interfaces
discuss
Issues intended to help drive brainstorming and decision making
enhancement
Enhancement or improvement to existing feature or request
extensions
Identity
PR/Issues associated with Authentication or Authorization
Priority-High
Comments
peternied
added
enhancement
peternied
changed the title
mch2
added
the
discuss
|
To support user identity, there needs to be an authentication system that can check with an identity store (local/remote). The identity store would resolve the user identity to a reference that can be passed around within OpenSearch to the request handlers. |
5 tasks
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 14, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 14, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md
6 tasks
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 14, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md Signed-off-by: Peter Nied <petern@amazon.com>
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 16, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md Signed-off-by: Peter Nied <petern@amazon.com>
peternied
added a commit
that referenced
this issue
Sep 16, 2022
#4515) * Identity and Auth Manager Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - #4514 - #3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md Signed-off-by: Peter Nied <petern@amazon.com>
peternied
added
the
Identity
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
OpenSearch extensions need to know the identity of the caller and existing architecture requires depending on the security plugin to get identity information. This creates an additional complication dependency or a source of runtime failure. Neither are easy to manage when compared to having these concepts inside of OpenSearch.
Describe the solution you'd like
Extensions should have a dependable identity model and objects from OpenSearch. There should be identity service, objects, and APIs that are codify in this codebase. This would remove the need for additional dependencies like common-utils for these scenarios.
Describe alternatives you've considered
Leave the existing model unchanged, this puts the burden of managing the interface on external repositories
Additional context
Within the extensions features there has been discussion on how identity should be handled, opensearch-project/opensearch-sdk-java#14.
The text was updated successfully, but these errors were encountered: