Rafiki: Security mechanism for the Rafiki Admin API & UI

[AlexLakatos]

Summary

Currently, the GraphQL Admin API in Rafiki is using "same network" as a security concern. We'd like to explore and implement a more secure policy for it, looking at Basic Auth and MTLS.

The Admin UI is unsecured right now, we'll need to add login screens to that as well.

Intended Outcomes

Design, spec and implement a security mechanism for the Admin API.

How will it work?

There is a secure communication mechanism between the account provider and the backend service.

Links

Resources

• https://docs.confluent.io/platform/current/kafka/overview-authentication-methods.html#authentication-methods-overview
• https://www.cockroachlabs.com/docs/stable/authentication.html#client-authentication

[matdehaast]

Sabine has work already that does some of this, we need to work out how that would fit in here.