SlideShare a Scribd company logo

Cell based security in Kafka

Download as PPTX, PDF
T
Tibor Várkonyi

Presented at 2nd Apache Kafka Bratislava meetup.

Technology
1 of 14
Cell based security in Kafka Tibor Varkonyi 2017-11-29
2 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Kafka  Zookeeper  Producers  Consumers  Brokers  Arbitrary data  Serializers / Deserializers https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/
4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Security  Access Control List (ACL)  Simple Authentication and Security Layer (SASL)  Topic level security  Structured data  Access control for fields  Broker side authorization  Message level security What we have What we need
6 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
7 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Prototype  Real life use case based on bank requirement  Different types of consumers  Different types of users  Store sensitive information – Credit card number – Other real-life ID  Bind security metadata to messages
8 © Hortonworks Inc. 2011 – 2017. All Rights Reserved 000010000015fd8f55a280000015fd8f55d94ffffffffffffffffffffffffffff00000002 16000000 010a68656c6c6f00 1800d80d 02 010a776f726c6400 000000000015fd8fc3a380000015fd8fc3a38ffffffffffffffffffffffffffff00000001 14000000 01087961617900 000000000015fd90132950000015fd9013295ffffffffffffffffffffffffffff00000001 12000000 010665797900 000000000015fd90468140000015fd9046814ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd911d2380000015fd911d238ffffffffffffffffffffffffffff00000001 12000000 010661736400 00000000015fd91542830000015fd9154283ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94bd6c40000015fd94bd6c4ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94d07010000015fd94d0701ffffffffffffffffffffffffffff00000001 1c000000 01106b6a6b6b6a6b6c6a00 000000000015fd951179b0000015fd951179bffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd9512ad00000015fd9512ad0ffffffffffffffffffffffffffff00000001 12000000 010677746600 00000000015fd95132580000015fd9513258ffffffffffffffffffffffffffff00000001 16000000 010a445347445300 00000000015fd952cd070000015fd952cd07ffffffffffffffffffffffffffff00000001 18000000 010c6b6a686a6b6800 000000000015fd952da530000015fd952da53ffffffffffffffffffffffffffff00000001 1c000000 01106867686a66676a6600 00000000015fd952e1820000015fd952e182ffffffffffffffffffffffffffff00000001 12000000 010661626300 000000000015fd952e6130000015fd952e613ffffffffffffffffffffffffffff00000001 12000000 010661626300 000010000015fd952ec630000015fd952efabffffffffffffffffffffffffffff00000002 12000000 0106616e6300 1400900d 02 010661626300 000000000015fd956a7eb0000015fd956a7ebffffffffffffffffffffffffffff00000001 14000000 01086b6a6b6a00 000000000015fd956e4240000015fd956e424ffffffffffffffffffffffffffff00000001 18000000 010c6c6b6a6c6b6a00 00000000015fd956e94c0000015fd956e94cffffffffffffffffffffffffffff00000001 16000000 010a6b6a6b6c6a00 000000000015fd9597b030000015fd9597b03ffffffffffffffffffffffffffff00000001 1a000000 010e68626a6862686a00 000000000015fd959b7d60000015fd959b7d6ffffffffffffffffffffffffffff00000001 14000000 01086161616200 000000000015fd96ebef30000015fd96ebef3ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97170130000015fd9717013ffffffffffffffffffffffffffff00000001 22000000 011668656c6c6f20776f726c6400 000000000015fd973b9460000015fd973b946ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd974827e0000015fd974827effffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd976f0800000015fd976f080ffffffffffffffffffffffffffff00000001 14000000 01086173646600 00000000015fd977964a0000015fd977964affffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97a3f280000015fd97a3f28ffffffffffffffffffffffffffff00000001 16000000 010a646667646600 000000000015fd97cd8710000015fd97cd871ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97ec1650000015fd97ec165ffffffffffffffffffffffffffff00000001 14000000 01087364666700 Prototype  Structured data as valid JSON  Extend message headers with security data  Filter per-message by security data  Has backward compatibility for producers, consumers, and brokers  Access management through a Scala trait  Performance overhead visible
9 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Consumer Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Broker
10 © Hortonworks Inc. 2011 – 2017. All Rights Reserved ConsumerBroker Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Deserialize Serialize Filter
11 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
12 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
13 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Future  Topic metadata  Filter full messages  Handle user groups  Support Ranger
14 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Thank You

Recommended

A4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyA4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyDr. Wilfred Lin (Ph.D.)
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in CloudMarketingArrowECS_CZ
 
Drive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsDrive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsVolker Linz
 
Omc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestOmc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestGetting value from IoT, Integration and Data Analytics
 
Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Volker Linz
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
Oracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringOracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringMarketingArrowECS_CZ
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 

Recommended

A4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyA4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyDr. Wilfred Lin (Ph.D.)
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in CloudMarketingArrowECS_CZ
 
Drive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsDrive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsVolker Linz
 
Omc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestOmc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestGetting value from IoT, Integration and Data Analytics
 
Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Volker Linz
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
Oracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringOracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringMarketingArrowECS_CZ
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Secure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringSecure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringInfostretch
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 
How should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataHow should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataRuvento Ventures
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
Monitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityMonitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityNicolas Seyvet
 
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Amazon Web Services
 
IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017Amazon Web Services
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022StreamNative
 
Connecting the physical world to the cloud
Connecting the physical world to the cloudConnecting the physical world to the cloud
Connecting the physical world to the cloudAmazon Web Services
 
Operational Visibility at Global Scale
Operational Visibility at Global ScaleOperational Visibility at Global Scale
Operational Visibility at Global ScaleSangeeta Narayanan
 
Evolution of the Netflix API
Evolution of the Netflix APIEvolution of the Netflix API
Evolution of the Netflix APIC4Media
 
Financial Services Analytics on AWS
Financial Services Analytics on AWSFinancial Services Analytics on AWS
Financial Services Analytics on AWSAmazon Web Services
 
TIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstTIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstSlawomir Zak
 
Commerce Data Usability Project
Commerce Data Usability ProjectCommerce Data Usability Project
Commerce Data Usability ProjectRebecca Bilbro
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
 
IoT State of the Union
IoT State of the UnionIoT State of the Union
IoT State of the UnionAmazon Web Services
 
TechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTTechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTSudhir Hasbe
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Canada
 
Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Daniel Jacobson
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 

More Related Content

Similar to Cell based security in Kafka

Secure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringSecure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringInfostretch
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 
How should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataHow should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataRuvento Ventures
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
Monitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityMonitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityNicolas Seyvet
 
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Amazon Web Services
 
IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017Amazon Web Services
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022StreamNative
 
Connecting the physical world to the cloud
Connecting the physical world to the cloudConnecting the physical world to the cloud
Connecting the physical world to the cloudAmazon Web Services
 
Operational Visibility at Global Scale
Operational Visibility at Global ScaleOperational Visibility at Global Scale
Operational Visibility at Global ScaleSangeeta Narayanan
 
Evolution of the Netflix API
Evolution of the Netflix APIEvolution of the Netflix API
Evolution of the Netflix APIC4Media
 
Financial Services Analytics on AWS
Financial Services Analytics on AWSFinancial Services Analytics on AWS
Financial Services Analytics on AWSAmazon Web Services
 
TIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstTIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstSlawomir Zak
 
Commerce Data Usability Project
Commerce Data Usability ProjectCommerce Data Usability Project
Commerce Data Usability ProjectRebecca Bilbro
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
 
TechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTTechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTSudhir Hasbe
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Canada
 
Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Daniel Jacobson
 

Similar to Cell based security in Kafka (20)

Secure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringSecure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product Engineering
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalk
 
How should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataHow should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big Data
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
 
Monitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityMonitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionality
 
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
 
IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
 
Connecting the physical world to the cloud
Connecting the physical world to the cloudConnecting the physical world to the cloud
Connecting the physical world to the cloud
 
Operational Visibility at Global Scale
Operational Visibility at Global ScaleOperational Visibility at Global Scale
Operational Visibility at Global Scale
 
Evolution of the Netflix API
Evolution of the Netflix APIEvolution of the Netflix API
Evolution of the Netflix API
 
Financial Services Analytics on AWS
Financial Services Analytics on AWSFinancial Services Analytics on AWS
Financial Services Analytics on AWS
 
TIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstTIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas Gerst
 
Commerce Data Usability Project
Commerce Data Usability ProjectCommerce Data Usability Project
Commerce Data Usability Project
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
 
IoT State of the Union
IoT State of the UnionIoT State of the Union
IoT State of the Union
 
TechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTTechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPT
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitive
 
Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016
 

Recently uploaded

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineUXDXConf
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 

Recently uploaded (20)

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at Priceline
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 

Cell based security in Kafka

  • 1. Cell based security in Kafka Tibor Varkonyi 2017-11-29
  • 2. 2 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 3. 3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Kafka  Zookeeper  Producers  Consumers  Brokers  Arbitrary data  Serializers / Deserializers https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/
  • 4. 4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 5. 5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Security  Access Control List (ACL)  Simple Authentication and Security Layer (SASL)  Topic level security  Structured data  Access control for fields  Broker side authorization  Message level security What we have What we need
  • 6. 6 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 7. 7 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Prototype  Real life use case based on bank requirement  Different types of consumers  Different types of users  Store sensitive information – Credit card number – Other real-life ID  Bind security metadata to messages
  • 8. 8 © Hortonworks Inc. 2011 – 2017. All Rights Reserved 000010000015fd8f55a280000015fd8f55d94ffffffffffffffffffffffffffff00000002 16000000 010a68656c6c6f00 1800d80d 02 010a776f726c6400 000000000015fd8fc3a380000015fd8fc3a38ffffffffffffffffffffffffffff00000001 14000000 01087961617900 000000000015fd90132950000015fd9013295ffffffffffffffffffffffffffff00000001 12000000 010665797900 000000000015fd90468140000015fd9046814ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd911d2380000015fd911d238ffffffffffffffffffffffffffff00000001 12000000 010661736400 00000000015fd91542830000015fd9154283ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94bd6c40000015fd94bd6c4ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94d07010000015fd94d0701ffffffffffffffffffffffffffff00000001 1c000000 01106b6a6b6b6a6b6c6a00 000000000015fd951179b0000015fd951179bffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd9512ad00000015fd9512ad0ffffffffffffffffffffffffffff00000001 12000000 010677746600 00000000015fd95132580000015fd9513258ffffffffffffffffffffffffffff00000001 16000000 010a445347445300 00000000015fd952cd070000015fd952cd07ffffffffffffffffffffffffffff00000001 18000000 010c6b6a686a6b6800 000000000015fd952da530000015fd952da53ffffffffffffffffffffffffffff00000001 1c000000 01106867686a66676a6600 00000000015fd952e1820000015fd952e182ffffffffffffffffffffffffffff00000001 12000000 010661626300 000000000015fd952e6130000015fd952e613ffffffffffffffffffffffffffff00000001 12000000 010661626300 000010000015fd952ec630000015fd952efabffffffffffffffffffffffffffff00000002 12000000 0106616e6300 1400900d 02 010661626300 000000000015fd956a7eb0000015fd956a7ebffffffffffffffffffffffffffff00000001 14000000 01086b6a6b6a00 000000000015fd956e4240000015fd956e424ffffffffffffffffffffffffffff00000001 18000000 010c6c6b6a6c6b6a00 00000000015fd956e94c0000015fd956e94cffffffffffffffffffffffffffff00000001 16000000 010a6b6a6b6c6a00 000000000015fd9597b030000015fd9597b03ffffffffffffffffffffffffffff00000001 1a000000 010e68626a6862686a00 000000000015fd959b7d60000015fd959b7d6ffffffffffffffffffffffffffff00000001 14000000 01086161616200 000000000015fd96ebef30000015fd96ebef3ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97170130000015fd9717013ffffffffffffffffffffffffffff00000001 22000000 011668656c6c6f20776f726c6400 000000000015fd973b9460000015fd973b946ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd974827e0000015fd974827effffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd976f0800000015fd976f080ffffffffffffffffffffffffffff00000001 14000000 01086173646600 00000000015fd977964a0000015fd977964affffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97a3f280000015fd97a3f28ffffffffffffffffffffffffffff00000001 16000000 010a646667646600 000000000015fd97cd8710000015fd97cd871ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97ec1650000015fd97ec165ffffffffffffffffffffffffffff00000001 14000000 01087364666700 Prototype  Structured data as valid JSON  Extend message headers with security data  Filter per-message by security data  Has backward compatibility for producers, consumers, and brokers  Access management through a Scala trait  Performance overhead visible
  • 9. 9 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Consumer Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Broker
  • 10. 10 © Hortonworks Inc. 2011 – 2017. All Rights Reserved ConsumerBroker Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Deserialize Serialize Filter
  • 11. 11 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 12. 12 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 13. 13 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Future  Topic metadata  Filter full messages  Handle user groups  Support Ranger
  • 14. 14 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Thank You