SlideShare a Scribd company logo

Cell based security in Kafka

Download as PPTX, PDF
T
Tibor Várkonyi

Presented at 2nd Apache Kafka Bratislava meetup.

Technology
1 of 14
Cell based security in Kafka Tibor Varkonyi 2017-11-29
2 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Kafka  Zookeeper  Producers  Consumers  Brokers  Arbitrary data  Serializers / Deserializers https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/
4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Security  Access Control List (ACL)  Simple Authentication and Security Layer (SASL)  Topic level security  Structured data  Access control for fields  Broker side authorization  Message level security What we have What we need
6 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
7 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Prototype  Real life use case based on bank requirement  Different types of consumers  Different types of users  Store sensitive information – Credit card number – Other real-life ID  Bind security metadata to messages
8 © Hortonworks Inc. 2011 – 2017. All Rights Reserved 000010000015fd8f55a280000015fd8f55d94ffffffffffffffffffffffffffff00000002 16000000 010a68656c6c6f00 1800d80d 02 010a776f726c6400 000000000015fd8fc3a380000015fd8fc3a38ffffffffffffffffffffffffffff00000001 14000000 01087961617900 000000000015fd90132950000015fd9013295ffffffffffffffffffffffffffff00000001 12000000 010665797900 000000000015fd90468140000015fd9046814ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd911d2380000015fd911d238ffffffffffffffffffffffffffff00000001 12000000 010661736400 00000000015fd91542830000015fd9154283ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94bd6c40000015fd94bd6c4ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94d07010000015fd94d0701ffffffffffffffffffffffffffff00000001 1c000000 01106b6a6b6b6a6b6c6a00 000000000015fd951179b0000015fd951179bffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd9512ad00000015fd9512ad0ffffffffffffffffffffffffffff00000001 12000000 010677746600 00000000015fd95132580000015fd9513258ffffffffffffffffffffffffffff00000001 16000000 010a445347445300 00000000015fd952cd070000015fd952cd07ffffffffffffffffffffffffffff00000001 18000000 010c6b6a686a6b6800 000000000015fd952da530000015fd952da53ffffffffffffffffffffffffffff00000001 1c000000 01106867686a66676a6600 00000000015fd952e1820000015fd952e182ffffffffffffffffffffffffffff00000001 12000000 010661626300 000000000015fd952e6130000015fd952e613ffffffffffffffffffffffffffff00000001 12000000 010661626300 000010000015fd952ec630000015fd952efabffffffffffffffffffffffffffff00000002 12000000 0106616e6300 1400900d 02 010661626300 000000000015fd956a7eb0000015fd956a7ebffffffffffffffffffffffffffff00000001 14000000 01086b6a6b6a00 000000000015fd956e4240000015fd956e424ffffffffffffffffffffffffffff00000001 18000000 010c6c6b6a6c6b6a00 00000000015fd956e94c0000015fd956e94cffffffffffffffffffffffffffff00000001 16000000 010a6b6a6b6c6a00 000000000015fd9597b030000015fd9597b03ffffffffffffffffffffffffffff00000001 1a000000 010e68626a6862686a00 000000000015fd959b7d60000015fd959b7d6ffffffffffffffffffffffffffff00000001 14000000 01086161616200 000000000015fd96ebef30000015fd96ebef3ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97170130000015fd9717013ffffffffffffffffffffffffffff00000001 22000000 011668656c6c6f20776f726c6400 000000000015fd973b9460000015fd973b946ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd974827e0000015fd974827effffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd976f0800000015fd976f080ffffffffffffffffffffffffffff00000001 14000000 01086173646600 00000000015fd977964a0000015fd977964affffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97a3f280000015fd97a3f28ffffffffffffffffffffffffffff00000001 16000000 010a646667646600 000000000015fd97cd8710000015fd97cd871ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97ec1650000015fd97ec165ffffffffffffffffffffffffffff00000001 14000000 01087364666700 Prototype  Structured data as valid JSON  Extend message headers with security data  Filter per-message by security data  Has backward compatibility for producers, consumers, and brokers  Access management through a Scala trait  Performance overhead visible
9 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Consumer Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Broker
10 © Hortonworks Inc. 2011 – 2017. All Rights Reserved ConsumerBroker Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Deserialize Serialize Filter
11 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
12 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
13 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Future  Topic metadata  Filter full messages  Handle user groups  Support Ranger
14 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Thank You

Recommended

A4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyA4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyDr. Wilfred Lin (Ph.D.)
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in CloudMarketingArrowECS_CZ
 
Drive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsDrive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsVolker Linz
 
Omc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestOmc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestGetting value from IoT, Integration and Data Analytics
 
Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Volker Linz
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
Oracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringOracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringMarketingArrowECS_CZ
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 

Recommended

A4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyA4 drive dev_ops_agility_and_operational_efficiency
A4 drive dev_ops_agility_and_operational_efficiencyDr. Wilfred Lin (Ph.D.)
 
Security Challenges in Cloud
Security Challenges in CloudSecurity Challenges in Cloud
Security Challenges in CloudMarketingArrowECS_CZ
 
Drive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsDrive faster & better software delivery with performance monitoring & DevOps
Drive faster & better software delivery with performance monitoring & DevOpsVolker Linz
 
Omc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestOmc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestGetting value from IoT, Integration and Data Analytics
 
Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Smoketest - Oracle Management Cloud
Smoketest - Oracle Management Cloud Volker Linz
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
Oracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringOracle Cloud – Application Performance Monitoring
Oracle Cloud – Application Performance MonitoringMarketingArrowECS_CZ
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Secure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringSecure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringInfostretch
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 
How should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataHow should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataRuvento Ventures
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
Monitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityMonitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityNicolas Seyvet
 
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Amazon Web Services
 
IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017Amazon Web Services
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022StreamNative
 
Connecting the physical world to the cloud
Connecting the physical world to the cloudConnecting the physical world to the cloud
Connecting the physical world to the cloudAmazon Web Services
 
Operational Visibility at Global Scale
Operational Visibility at Global ScaleOperational Visibility at Global Scale
Operational Visibility at Global ScaleSangeeta Narayanan
 
Evolution of the Netflix API
Evolution of the Netflix APIEvolution of the Netflix API
Evolution of the Netflix APIC4Media
 
Financial Services Analytics on AWS
Financial Services Analytics on AWSFinancial Services Analytics on AWS
Financial Services Analytics on AWSAmazon Web Services
 
TIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstTIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstSlawomir Zak
 
Commerce Data Usability Project
Commerce Data Usability ProjectCommerce Data Usability Project
Commerce Data Usability ProjectRebecca Bilbro
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
 
IoT State of the Union
IoT State of the UnionIoT State of the Union
IoT State of the UnionAmazon Web Services
 
TechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTTechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTSudhir Hasbe
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Canada
 
Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Daniel Jacobson
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

More Related Content

Similar to Cell based security in Kafka

Secure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringSecure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringInfostretch
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkconfluent
 
How should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataHow should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataRuvento Ventures
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...Amazon Web Services
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
Monitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityMonitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityNicolas Seyvet
 
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Amazon Web Services
 
IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017Amazon Web Services
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022StreamNative
 
Connecting the physical world to the cloud
Connecting the physical world to the cloudConnecting the physical world to the cloud
Connecting the physical world to the cloudAmazon Web Services
 
Operational Visibility at Global Scale
Operational Visibility at Global ScaleOperational Visibility at Global Scale
Operational Visibility at Global ScaleSangeeta Narayanan
 
Evolution of the Netflix API
Evolution of the Netflix APIEvolution of the Netflix API
Evolution of the Netflix APIC4Media
 
Financial Services Analytics on AWS
Financial Services Analytics on AWSFinancial Services Analytics on AWS
Financial Services Analytics on AWSAmazon Web Services
 
TIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstTIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstSlawomir Zak
 
Commerce Data Usability Project
Commerce Data Usability ProjectCommerce Data Usability Project
Commerce Data Usability ProjectRebecca Bilbro
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
 
TechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTTechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTSudhir Hasbe
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Canada
 
Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Daniel Jacobson
 

Similar to Cell based security in Kafka (20)

Secure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product EngineeringSecure Real Time Monitoring & Analysis for IoT Product Engineering
Secure Real Time Monitoring & Analysis for IoT Product Engineering
 
Eventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalkEventos y Microservicios - Santander TechTalk
Eventos y Microservicios - Santander TechTalk
 
How should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big DataHow should startups embrace the trend of IoT and Big Data
How should startups embrace the trend of IoT and Big Data
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - A...
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
 
Monitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionalityMonitor everything from physical hardware to application functionality
Monitor everything from physical hardware to application functionality
 
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018
 
IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017IoT State of the Union - IOT210 - re:Invent 2017
IoT State of the Union - IOT210 - re:Invent 2017
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
 
Connecting the physical world to the cloud
Connecting the physical world to the cloudConnecting the physical world to the cloud
Connecting the physical world to the cloud
 
Operational Visibility at Global Scale
Operational Visibility at Global ScaleOperational Visibility at Global Scale
Operational Visibility at Global Scale
 
Evolution of the Netflix API
Evolution of the Netflix APIEvolution of the Netflix API
Evolution of the Netflix API
 
Financial Services Analytics on AWS
Financial Services Analytics on AWSFinancial Services Analytics on AWS
Financial Services Analytics on AWS
 
TIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas GerstTIBCO Big Data Platform - Andreas Gerst
TIBCO Big Data Platform - Andreas Gerst
 
Commerce Data Usability Project
Commerce Data Usability ProjectCommerce Data Usability Project
Commerce Data Usability Project
 
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...
 
IoT State of the Union
IoT State of the UnionIoT State of the Union
IoT State of the Union
 
TechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPTTechEd - 2008 : BizTalk RFID PPT
TechEd - 2008 : BizTalk RFID PPT
 
Cisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitiveCisco Connect Halifax 2018 Cisco dna - network intuitive
Cisco Connect Halifax 2018 Cisco dna - network intuitive
 
Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016Netflix Edge Engineering Open House Presentations - June 9, 2016
Netflix Edge Engineering Open House Presentations - June 9, 2016
 

Recently uploaded

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Cell based security in Kafka

  • 1. Cell based security in Kafka Tibor Varkonyi 2017-11-29
  • 2. 2 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 3. 3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Kafka  Zookeeper  Producers  Consumers  Brokers  Arbitrary data  Serializers / Deserializers https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/
  • 4. 4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 5. 5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Security  Access Control List (ACL)  Simple Authentication and Security Layer (SASL)  Topic level security  Structured data  Access control for fields  Broker side authorization  Message level security What we have What we need
  • 6. 6 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 7. 7 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Prototype  Real life use case based on bank requirement  Different types of consumers  Different types of users  Store sensitive information – Credit card number – Other real-life ID  Bind security metadata to messages
  • 8. 8 © Hortonworks Inc. 2011 – 2017. All Rights Reserved 000010000015fd8f55a280000015fd8f55d94ffffffffffffffffffffffffffff00000002 16000000 010a68656c6c6f00 1800d80d 02 010a776f726c6400 000000000015fd8fc3a380000015fd8fc3a38ffffffffffffffffffffffffffff00000001 14000000 01087961617900 000000000015fd90132950000015fd9013295ffffffffffffffffffffffffffff00000001 12000000 010665797900 000000000015fd90468140000015fd9046814ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd911d2380000015fd911d238ffffffffffffffffffffffffffff00000001 12000000 010661736400 00000000015fd91542830000015fd9154283ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94bd6c40000015fd94bd6c4ffffffffffffffffffffffffffff00000001 16000000 010a6a6f7a736900 000000000015fd94d07010000015fd94d0701ffffffffffffffffffffffffffff00000001 1c000000 01106b6a6b6b6a6b6c6a00 000000000015fd951179b0000015fd951179bffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd9512ad00000015fd9512ad0ffffffffffffffffffffffffffff00000001 12000000 010677746600 00000000015fd95132580000015fd9513258ffffffffffffffffffffffffffff00000001 16000000 010a445347445300 00000000015fd952cd070000015fd952cd07ffffffffffffffffffffffffffff00000001 18000000 010c6b6a686a6b6800 000000000015fd952da530000015fd952da53ffffffffffffffffffffffffffff00000001 1c000000 01106867686a66676a6600 00000000015fd952e1820000015fd952e182ffffffffffffffffffffffffffff00000001 12000000 010661626300 000000000015fd952e6130000015fd952e613ffffffffffffffffffffffffffff00000001 12000000 010661626300 000010000015fd952ec630000015fd952efabffffffffffffffffffffffffffff00000002 12000000 0106616e6300 1400900d 02 010661626300 000000000015fd956a7eb0000015fd956a7ebffffffffffffffffffffffffffff00000001 14000000 01086b6a6b6a00 000000000015fd956e4240000015fd956e424ffffffffffffffffffffffffffff00000001 18000000 010c6c6b6a6c6b6a00 00000000015fd956e94c0000015fd956e94cffffffffffffffffffffffffffff00000001 16000000 010a6b6a6b6c6a00 000000000015fd9597b030000015fd9597b03ffffffffffffffffffffffffffff00000001 1a000000 010e68626a6862686a00 000000000015fd959b7d60000015fd959b7d6ffffffffffffffffffffffffffff00000001 14000000 01086161616200 000000000015fd96ebef30000015fd96ebef3ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97170130000015fd9717013ffffffffffffffffffffffffffff00000001 22000000 011668656c6c6f20776f726c6400 000000000015fd973b9460000015fd973b946ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd974827e0000015fd974827effffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd976f0800000015fd976f080ffffffffffffffffffffffffffff00000001 14000000 01086173646600 00000000015fd977964a0000015fd977964affffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97a3f280000015fd97a3f28ffffffffffffffffffffffffffff00000001 16000000 010a646667646600 000000000015fd97cd8710000015fd97cd871ffffffffffffffffffffffffffff00000001 12000000 010661736400 000000000015fd97ec1650000015fd97ec165ffffffffffffffffffffffffffff00000001 14000000 01087364666700 Prototype  Structured data as valid JSON  Extend message headers with security data  Filter per-message by security data  Has backward compatibility for producers, consumers, and brokers  Access management through a Scala trait  Performance overhead visible
  • 9. 9 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Consumer Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Broker
  • 10. 10 © Hortonworks Inc. 2011 – 2017. All Rights Reserved ConsumerBroker Prototype JSON Serialize Binary data Binary data Deserialize JSON Producer Broker Deserialize Serialize Filter
  • 11. 11 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 12. 12 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda Kafka Security Prototype Demo Future
  • 13. 13 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Future  Topic metadata  Filter full messages  Handle user groups  Support Ranger
  • 14. 14 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Thank You