SlideShare a Scribd company logo

Kafka Pluggable Authorization for Enterprise Security (Anna Kepler, Viasat) Kafka Summit NYC 2019

confluent, profile picture
confluent

The document discusses a Kafka pluggable authorizer developed by Anna Kepler, focusing on enterprise security and data governance in a streaming platform. It outlines the transition from simple authorization to a more complex role-based management system, highlighting functionalities like permissions management and administration delegation. It emphasizes the importance of data security and accountability as teams and streams grow within the organization.

Technology
Related topics:
Use Cases
1 of 16
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Kafka Pluggable Authorizer for Enterprise Security Anna Kepler Data Engineer
Kafka Pluggable Authorization for Enterprise Security (Anna Kepler, Viasat) Kafka Summit NYC 2019
Kafka Pluggable Authorization for Enterprise Security (Anna Kepler, Viasat) Kafka Summit NYC 2019
Data Security at Scale is Hard
Databus Streaming Platform
Shifting Objective Over Time Data Democratization Fast Customer Onboarding Self-Service High Volume Stream Processing 2014 4 teams 60 streams
Shifting Objective Over Time Data Security Data Governance Accountability2019 50+ teams 1,000+ streams
Default Kafka® Authorization authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer allow.everyone.if.no.acl.found=true super.users=User:Bob;User:Alice bin/kafka-acls --add --allow-principal User:Bob --producer --topic test-topic
Databus Kafka Authorization authorizer.class.name = com.viasat.databus.DatabusKafkaAuthorizer role.manager.url = https://roles.visat.io permissions.expiration.sec = 60
Role Manager Service Endpoints /tenancies /resources /subjects /capabilities
Role Manager cli COMMANDS: version Get version information token Get a JWT for authentication tenancy Interact with tenancies resource Interact with resources capability Interact with capabilities subject Interact with subjects help, h Shows a list of commands role capability list –r stream:my-stream
Working with Role Manager { "id": "tenancy:team-awesome", "groups": [ { "stripe": ”team-awesome", "group": ”team-awesome-admins", "capabilities": [ "read", "write", "describe", "modify", "delete" ] } ] }
Working with Role Manager { "id": "tenancy:team-awesome", "groups": [ { "stripe": "team-awesome", "group": "team-awesome-readers", "capabilities": [ ”read", "describe" ] } ] }
Granular Permissions { "fromSubjectId": "Bob”, "toResourceId": "stream:shared-stream", "action": "read" } # With the cli role capability create capability.json
Why do it Integration into Central Authentication System Delegation of controls to team admins REST API used by various components in the platform In-depth monitoring
Thank you Anna Kepler Data Engineer, Viasat https://www.linkedin.com/in/akepler https://github.com/Viasat https://careers.viasat.com/

More Related Content

PDF
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
confluent
 
PDF
Introducing Kafka's Streams API
confluent
 
PDF
[Demo session] 관리형 Kafka 서비스 - Oracle Event Hub Service
Oracle Korea
 
PDF
Apache Kafka in Adobe Ad Cloud's Analytics Platform
confluent
 
PDF
Kafka Security 101 and Real-World Tips
confluent
 
PDF
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
HostedbyConfluent
 
PDF
Securing Kafka
confluent
 
PDF
Overcoming the Perils of Kafka Secret Sprawl (Tejal Adsul, Confluent) Kafka S...
confluent
 
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
confluent
 
Introducing Kafka's Streams API
confluent
 
[Demo session] 관리형 Kafka 서비스 - Oracle Event Hub Service
Oracle Korea
 
Apache Kafka in Adobe Ad Cloud's Analytics Platform
confluent
 
Kafka Security 101 and Real-World Tips
confluent
 
Writing Blazing Fast, and Production-Ready Kafka Streams apps in less than 30...
HostedbyConfluent
 
Securing Kafka
confluent
 
Overcoming the Perils of Kafka Secret Sprawl (Tejal Adsul, Confluent) Kafka S...
confluent
 

What's hot (20)

PDF
Stream Me Up, Scotty: Transitioning to the Cloud Using a Streaming Data Platform
confluent
 
PDF
Stream Processing with Apache Kafka and .NET
confluent
 
PDF
Confluent Operations Training for Apache Kafka
confluent
 
PDF
How Yelp Leapt to Microservices with More than a Message Queue
confluent
 
PDF
Hello, kafka! (an introduction to apache kafka)
Timothy Spann
 
PDF
Understanding Apache Kafka® Latency at Scale
confluent
 
PPTX
Apache Kafka at LinkedIn - How LinkedIn Customizes Kafka to Work at the Trill...
Jonghyun Lee
 
PDF
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Red Hat Developers
 
PPTX
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
confluent
 
PDF
Making Kafka Cloud Native | Jay Kreps, Co-Founder & CEO, Confluent
HostedbyConfluent
 
PDF
Event Sourcing, Stream Processing and Serverless (Benjamin Stopford, Confluen...
confluent
 
PDF
Running Kafka On Kubernetes With Strimzi For Real-Time Streaming Applications
Lightbend
 
PDF
Building Microservices with Apache Kafka
confluent
 
PDF
Introducing Confluent Cloud: Apache Kafka as a Service
confluent
 
PDF
Common issues with Apache Kafka® Producer
confluent
 
PDF
Intro to AsyncAPI
confluent
 
PDF
Everything you ever needed to know about Kafka on Kubernetes but were afraid ...
HostedbyConfluent
 
PDF
8 Lessons Learned from Using Kafka in 1000 Scala microservices - Scale by the...
Natan Silnitsky
 
PDF
Event Driven Architectures with Apache Kafka on Heroku
Heroku
 
PDF
A Tour of Apache Kafka
confluent
 
Stream Me Up, Scotty: Transitioning to the Cloud Using a Streaming Data Platform
confluent
 
Stream Processing with Apache Kafka and .NET
confluent
 
Confluent Operations Training for Apache Kafka
confluent
 
How Yelp Leapt to Microservices with More than a Message Queue
confluent
 
Hello, kafka! (an introduction to apache kafka)
Timothy Spann
 
Understanding Apache Kafka® Latency at Scale
confluent
 
Apache Kafka at LinkedIn - How LinkedIn Customizes Kafka to Work at the Trill...
Jonghyun Lee
 
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Red Hat Developers
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
confluent
 
Making Kafka Cloud Native | Jay Kreps, Co-Founder & CEO, Confluent
HostedbyConfluent
 
Event Sourcing, Stream Processing and Serverless (Benjamin Stopford, Confluen...
confluent
 
Running Kafka On Kubernetes With Strimzi For Real-Time Streaming Applications
Lightbend
 
Building Microservices with Apache Kafka
confluent
 
Introducing Confluent Cloud: Apache Kafka as a Service
confluent
 
Common issues with Apache Kafka® Producer
confluent
 
Intro to AsyncAPI
confluent
 
Everything you ever needed to know about Kafka on Kubernetes but were afraid ...
HostedbyConfluent
 
8 Lessons Learned from Using Kafka in 1000 Scala microservices - Scale by the...
Natan Silnitsky
 
Event Driven Architectures with Apache Kafka on Heroku
Heroku
 
A Tour of Apache Kafka
confluent
 
Ad

Similar to Kafka Pluggable Authorization for Enterprise Security (Anna Kepler, Viasat) Kafka Summit NYC 2019 (20)

PDF
Apache Kafka® Security Overview
confluent
 
PDF
Apache Kafka - Scalable Message-Processing and more !
Guido Schmutz
 
PPTX
Kafka Security
DataWorks Summit/Hadoop Summit
 
PDF
Kafka 2018 - Securing Kafka the Right Way
Saylor Twift
 
PPTX
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
HostedbyConfluent
 
PDF
Hadoop security
shrey mehrotra
 
PDF
Actual CCDAK Questions with Practice Tests and braindumps
killexamsofficial
 
PPTX
Spark on Azure HDInsight - spark meetup seattle
Judy Nash
 
PPTX
Apache Kafka Security
DataWorks Summit/Hadoop Summit
 
PPTX
Ai tour 2019 Mejores Practicas en Entornos de Produccion Big Data Open Source...
nnakasone
 
PPTX
Visualizing Kafka Security
DataWorks Summit
 
PDF
Reinventing Kafka in the Data Streaming Era - Jun Rao
confluent
 
PDF
Applying ML on your Data in Motion with AWS and Confluent | Joseph Morais, Co...
HostedbyConfluent
 
PDF
C19013010 the tutorial to build shared ai services session 2
Bill Liu
 
PDF
Kafka clients and emitters
Edgar Domingues
 
PDF
Citizen Streaming Engineer - A How To
Timothy Spann
 
PDF
Hadoop & Security - Past, Present, Future
Uwe Printz
 
PDF
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
HostedbyConfluent
 
PPTX
How to Lock Down Apache Kafka and Keep Your Streams Safe
confluent
 
PDF
Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current ...
HostedbyConfluent
 
Apache Kafka® Security Overview
confluent
 
Apache Kafka - Scalable Message-Processing and more !
Guido Schmutz
 
Kafka Security
DataWorks Summit/Hadoop Summit
 
Kafka 2018 - Securing Kafka the Right Way
Saylor Twift
 
Monitoring and Resiliency Testing our Apache Kafka Clusters at Goldman Sachs ...
HostedbyConfluent
 
Hadoop security
shrey mehrotra
 
Actual CCDAK Questions with Practice Tests and braindumps
killexamsofficial
 
Spark on Azure HDInsight - spark meetup seattle
Judy Nash
 
Apache Kafka Security
DataWorks Summit/Hadoop Summit
 
Ai tour 2019 Mejores Practicas en Entornos de Produccion Big Data Open Source...
nnakasone
 
Visualizing Kafka Security
DataWorks Summit
 
Reinventing Kafka in the Data Streaming Era - Jun Rao
confluent
 
Applying ML on your Data in Motion with AWS and Confluent | Joseph Morais, Co...
HostedbyConfluent
 
C19013010 the tutorial to build shared ai services session 2
Bill Liu
 
Kafka clients and emitters
Edgar Domingues
 
Citizen Streaming Engineer - A How To
Timothy Spann
 
Hadoop & Security - Past, Present, Future
Uwe Printz
 
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
HostedbyConfluent
 
How to Lock Down Apache Kafka and Keep Your Streams Safe
confluent
 
Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current ...
HostedbyConfluent
 
Ad

More from confluent (20)

PDF
Stream Processing Handson Workshop - Flink SQL Hands-on Workshop (Korean)
confluent
 
PPTX
Webinar Think Right - Shift Left - 19-03-2025.pptx
confluent
 
PDF
Migration, backup and restore made easy using Kannika
confluent
 
PDF
Five Things You Need to Know About Data Streaming in 2025
confluent
 
PDF
Data in Motion Tour Seoul 2024 - Keynote
confluent
 
PDF
Data in Motion Tour Seoul 2024 - Roadmap Demo
confluent
 
PDF
From Stream to Screen: Real-Time Data Streaming to Web Frontends with Conflue...
confluent
 
PDF
Confluent per il settore FSI: Accelerare l'Innovazione con il Data Streaming...
confluent
 
PDF
Data in Motion Tour 2024 Riyadh, Saudi Arabia
confluent
 
PDF
Build a Real-Time Decision Support Application for Financial Market Traders w...
confluent
 
PDF
Strumenti e Strategie di Stream Governance con Confluent Platform
confluent
 
PDF
Compose Gen-AI Apps With Real-Time Data - In Minutes, Not Weeks
confluent
 
PDF
Building Real-Time Gen AI Applications with SingleStore and Confluent
confluent
 
PDF
Unlocking value with event-driven architecture by Confluent
confluent
 
PDF
Il Data Streaming per un’AI real-time di nuova generazione
confluent
 
PDF
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
confluent
 
PDF
Break data silos with real-time connectivity using Confluent Cloud Connectors
confluent
 
PDF
Building API data products on top of your real-time data infrastructure
confluent
 
PDF
Speed Wins: From Kafka to APIs in Minutes
confluent
 
PDF
Evolving Data Governance for the Real-time Streaming and AI Era
confluent
 
Stream Processing Handson Workshop - Flink SQL Hands-on Workshop (Korean)
confluent
 
Webinar Think Right - Shift Left - 19-03-2025.pptx
confluent
 
Migration, backup and restore made easy using Kannika
confluent
 
Five Things You Need to Know About Data Streaming in 2025
confluent
 
Data in Motion Tour Seoul 2024 - Keynote
confluent
 
Data in Motion Tour Seoul 2024 - Roadmap Demo
confluent
 
From Stream to Screen: Real-Time Data Streaming to Web Frontends with Conflue...
confluent
 
Confluent per il settore FSI: Accelerare l'Innovazione con il Data Streaming...
confluent
 
Data in Motion Tour 2024 Riyadh, Saudi Arabia
confluent
 
Build a Real-Time Decision Support Application for Financial Market Traders w...
confluent
 
Strumenti e Strategie di Stream Governance con Confluent Platform
confluent
 
Compose Gen-AI Apps With Real-Time Data - In Minutes, Not Weeks
confluent
 
Building Real-Time Gen AI Applications with SingleStore and Confluent
confluent
 
Unlocking value with event-driven architecture by Confluent
confluent
 
Il Data Streaming per un’AI real-time di nuova generazione
confluent
 
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
confluent
 
Break data silos with real-time connectivity using Confluent Cloud Connectors
confluent
 
Building API data products on top of your real-time data infrastructure
confluent
 
Speed Wins: From Kafka to APIs in Minutes
confluent
 
Evolving Data Governance for the Real-time Streaming and AI Era
confluent
 

Recently uploaded (20)

PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Encapsulation theory and applications.pdf
gurumoop
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 

Kafka Pluggable Authorization for Enterprise Security (Anna Kepler, Viasat) Kafka Summit NYC 2019