KIP-55 — Secure Quotas for Authenticated Users
Accepted SecurityBroker
Extends the Kafka quota system to support per-user and per-user-per-client-id quota bindings enforced by the broker based on the authenticated principal, in addition to the existing per-client-id quotas. Prior to this, quotas were enforced by client-id alone, which is an unauthenticated field any client can forge, making it impossible to enforce fair resource allocation in multi-tenant secure clusters.
Details
| Author | Rajini Sivaram |
| Status | Accepted |
| JIRA | KAFKA-3492 |
| Wiki | View on Apache Wiki |
| Created | 2016-04-18 |
| Last Modified | 2016-11-01 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.