Security Documentation Changes
Sections
Namespaces
- Number of changes to namespaces; may need to search for all references and review:
http://docs.cask.co/cdap/develop/en/search.html?q=namespace&check_keywords=yes&area=default
Authorization
- Configuration properties
- security.enabled
- security.authorization.enabled
- Add to cdap-default.xml (picked up automatically)
- Add to Security docs (http://docs.cask.co/cdap/develop/en/admin-manual/security.html)
as a new section "Configuring Authorization" - Add a test to the section "Testing Security"?
- There's also a "Verification" page (http://docs.cask.co/cdap/develop/en/admin-manual/verification.html)
that could have an entry or a link to instructions verifying any of these components
- APIs
- HTTP(s?) Authorization RESTful API
- Java (right?) API
- Authorization extension
- CDAP
- Apache Sentry
- Settable using CDAP CLI
- Needs example or instructions
- Additional Changes
- Look at http://docs.cask.co/cdap/develop/en/developers-manual/security/index.html
and see if an additional entry is needed here, similar to "Client Authentication"- Maybe want to add "Authorization Client Libraries"?
- Maybe add a discussion on distinction between authorization and authentication?
- Look at http://docs.cask.co/cdap/develop/en/developers-manual/security/client-authentication.html
and see if a similar page, with similar graphics, is required or justified for this. Would it be helpful to explain the process of authorization?
"SecureStore"
- Needs a name: Secure Key Management Storage, perhaps?
Impersonation
Pages of Concern
- Developers' Manual: Building Blocks: Namespaces (http://docs.cask.co/cdap/develop/en/developers-manual/building-blocks/namespaces.html)
This page may need a number of changes - Developers' Manual: Building Blocks (http://docs.cask.co/cdap/develop/en/developers-manual/building-blocks/index.html)
This page may need "Additional Abstractions" added, though with five bullet points currently, I may be looking at re-organizing this section.