Re: [Edgex-tsc-core] Security Enablement
See italicized responses to Tony's email inline below.
Technical Staff Engineer
Core Working Group Chair of EdgeX Foundry
Dell Technologies | IoT DellTech
Round Rock, TX USA
From: Tony Espy <espy@...>
Sent: Monday, August 12, 2019 3:17 PM
To: Conn, Trevor; edgex-tsc-core@...; EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-core] Security Enablement
On 8/12/19 12:20 PM,
Is this on a per-service basis? If so, what exactly is being enabled/disabled right now?
[TC] It could certainly be per service. Currently since there's no integration at all with Vault, I'd personally consider security disabled.
Why isn't it backwards compatible? Couldn't you just add a new option like "--security=off" (although this makes me cringe just a little bit)? It seems to me by doing so, you're not breaking any existing usage...
[TC] The point I was making was that if we consider security as off by default for Edinburgh, it must also be so for Fuji. So adding a cmd line flag to turn it off would imply the default was "on"...which would be the reverse of what it currently is and thus non-backward compatible.
If there's security logic implemented in a service, I'd rather see a command-line switch or environment variable to explicitly disable it rather than the other way around.
[TC] I'm cool with that provided the community can align on the points above w/r/t what we consider the current default. Maybe we don't care what it is (or isn't) in Edinburgh and just chart the course for Fuji.