[infinispan-dev] Infinispan security?

Manik Surtani manik at jboss.org
Wed Aug 31 04:57:49 EDT 2011 

Hi Joni

There are no plans as such at this stage, however we realise this is an area we'd like to address.  Specifically, what is interesting to me is:

* Encrypting wire protocols: both inter-node communication (JGroups) as well as client/server comms (mainly Hot Rod)
* Authentication for inter-node comms (JGroups)
* Authentication for remote client connections (mainly Hot Rod again)
* Authentication for in-VM connections (via embedded API)
* ACLs for actual data.  Perhaps read/write/update/delete permissions.  Haven't thought too hard about granularity here (individual entries, entire named caches, or even a pattern of keys).

So fairly hazy at this stage, perhaps with your background in grid security you could propose something?  :-)

Cheers
Manik

PS: cc'ing Darran Lofthouse who may have an opinion here to share as well.  :)


On 22 Aug 2011, at 15:33, Joni Hahkala wrote:

> Hi,
> 
> I was reading and watching presentations of Infinispan and it seems that 
> currently it is intended for use in secure environment, like data center 
> behind a firewall with other datacenters connected through secure links, 
> if I understood correctly. But deploying it in more open environment, 
> e.g. public cloud, could pose security risks. Manik said in a 
> presentation that the underlying Jgroups uses certificates (or can be 
> configured to use), and I would assume SSL. So, there is at least some 
> security in the Infinispan joins, leaves etc. Manik also told that there 
> has been some talk/plans already about the security in general.
> 
> I would be interested in hearing about these plans for security and to 
> see if there is possibilities for cooperation. I'm currently searching 
> for a PhD subject, I have background in grid security, and this work 
> sounds like it could be useful and interesting.
> 
> Cheers,
> Joni
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev

--
Manik Surtani
manik at jboss.org
twitter.com/maniksurtani

Lead, Infinispan
http://www.infinispan.org

More information about the infinispan-dev mailing list