Options
"Questions about requirements for enterprise installations"
Contributor II
Hello;
I've been watching the progress of RapidMiner for a few years and was very pleased to find out about RapidAnalytics. I think this adds an important component to Rapid-i's product set. However, I'm a little concerned that RapidAnalytics seems to have a fairly primitive security model. I'm hoping that this is not the case and it's simply not documented well.
My primary concern is that there seems to be far too much dependence on internal tools. To begin with, I could find no reference to using an external authentication/authorisation source such as OpenLDAP or Active Directory. Nor does there seem to be any information for leveraging such information for role based access control.
Also, I couldn't find any means to use something like Oracle Access Manager to control access to web pages or services. Is this expected to be handled by a plug-in for the webserver?
Finally, it's not apparent how to use encryption for storing sensitive data like username/password information. Is this expected to be handled by the database?
I hope my post doesn't come off as arrogant or too critical. I honestly think that your product line would be an incredible addition to my company's tool chest. Unfortunately, we have regulatory and audit requirements that have driven us to adopt some very strict guidelines concerning how we handle any information. That's doubly true for data that we consider confidential, and triply true for our customer's data! If we can't leverage our current security tools for new applications, those applications simply don't get deployed.
Thank you for producing such a great product. I hope that we can eventually find a way to do business.
I've been watching the progress of RapidMiner for a few years and was very pleased to find out about RapidAnalytics. I think this adds an important component to Rapid-i's product set. However, I'm a little concerned that RapidAnalytics seems to have a fairly primitive security model. I'm hoping that this is not the case and it's simply not documented well.
My primary concern is that there seems to be far too much dependence on internal tools. To begin with, I could find no reference to using an external authentication/authorisation source such as OpenLDAP or Active Directory. Nor does there seem to be any information for leveraging such information for role based access control.
Also, I couldn't find any means to use something like Oracle Access Manager to control access to web pages or services. Is this expected to be handled by a plug-in for the webserver?
Finally, it's not apparent how to use encryption for storing sensitive data like username/password information. Is this expected to be handled by the database?
I hope my post doesn't come off as arrogant or too critical. I honestly think that your product line would be an incredible addition to my company's tool chest. Unfortunately, we have regulatory and audit requirements that have driven us to adopt some very strict guidelines concerning how we handle any information. That's doubly true for data that we consider confidential, and triply true for our customer's data! If we can't leverage our current security tools for new applications, those applications simply don't get deployed.
Thank you for producing such a great product. I hope that we can eventually find a way to do business.
Tagged:
0
Answers
you have some very good points here. As you have probably seen on our Web site, SSO, e.g. ActiveDirectory, Kerberos, etc. is something that comes with the enterprise edition. We don't include that with the community edition because we believe that this will only be relevant for businesses. There are several options for storing user credentials, and also for encrypting passwords. Get back to me by private mail if you need any details.
Best,
Simon
Thank you for the quick response. We have a couple of very small pilots utilising the Community edition of RapidMiner. If either or both of them decide to move forward, we will likely pursue some sort of enterprise agreement. No idea as to timing, though.