-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] OpenSearch should support authentication and authorization natively #4514
Labels
discuss
Issues intended to help drive brainstorming and decision making
enhancement
Enhancement or improvement to existing feature or request
security
Anything security related
Comments
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 14, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 14, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md
6 tasks
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 14, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md Signed-off-by: Peter Nied <petern@amazon.com>
peternied
added a commit
to peternied/OpenSearch-1
that referenced
this issue
Sep 16, 2022
Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - opensearch-project#4514 - opensearch-project#3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md Signed-off-by: Peter Nied <petern@amazon.com>
peternied
added a commit
that referenced
this issue
Sep 16, 2022
#4515) * Identity and Auth Manager Adding a noop implementation of an authentication manager for use tracking identity information within the OpenSearch systems. Also see - #4514 - #3846 - https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md Signed-off-by: Peter Nied <petern@amazon.com>
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
discuss
Issues intended to help drive brainstorming and decision making
enhancement
Enhancement or improvement to existing feature or request
security
Anything security related
Is your feature request related to a problem? Please describe.
Plugins have some permissions boundaries established by the java security manager, but those only enforce a subset of actions that a plugin can do. Public interfaces within the OpenSearch core systems are accessible by plugins without any access control systems.
Knowing which systems have security considerations or not is non-trivial during plugin development, and represents a maintenance problems, if new granularity is added over time and plugins don't update to support these gaps in functionality are security bugs.
Describe the solution you'd like
Support authentication and authorization within OpenSearch access control systems. Use that system to apply universally on all OpenSearch components, plugins, and the new up and coming extensions.
Describe alternatives you've considered
The Security plugin is available, and it offers solutions for several features that align with this overall goal. Individual components might be worthwhile adopting, as the security system was built independently of OpenSearch the enforcement processes and ability to restrict access are optional by nature.
Additional context
I think some of the to move towards this ultimate state looks like,
Terminology
From definition following NIST glossary. https://csrc.nist.gov/glossary
The text was updated successfully, but these errors were encountered: