[Feature Request]: Add a basic doc explaining Beam's security model - Githubissues

apache / beam

Apache Beam is a unified programming model for Batch and Streaming data processing.

https://beam.apache.org/

Apache License 2.0

7.8k stars 4.23k forks source link

[Feature Request]: Add a basic doc explaining Beam's security model #30911

Open aaltay opened 5 months ago

aaltay commented 5 months ago

What would you like to happen?

Explain a few concepts like:

Beam allows users to run arbitrary code. And Beam does not have different code privilege levels. (Because of that some code execution vulnerabilities will be normal within Beam's model.)
Beam work with different runners. Runners security models will apply in the execution environment (e.g. cluster models might allow resource access across running jobs.) (Because of that runner related security issues will be best addressed with the specific runners.)
...

Issue Priority

Priority: 3 (nice-to-have improvement)

Issue Components

[ ] Component: Python SDK
[ ] Component: Java SDK
[ ] Component: Go SDK
[ ] Component: Typescript SDK
[ ] Component: IO connector
[ ] Component: Beam YAML
[ ] Component: Beam examples
[ ] Component: Beam playground
[ ] Component: Beam katas
[X] Component: Website
[ ] Component: Spark Runner
[ ] Component: Flink Runner
[ ] Component: Samza Runner
[ ] Component: Twister2 Runner
[ ] Component: Hazelcast Jet Runner
[ ] Component: Google Cloud Dataflow Runner

aaltay commented 5 months ago

/cc @damccorm @tvalentyn - FYI as this relates to an email discussion.