Kafka security has come a long way since its early days when none was available whatsoever. In this talk I will give a brief overview of how security evolved in Kafka and explain what currently works, as well as giving a brief outlook into what is currently being developed by the community.

We will discuss authentication via SSL, Kerberos und Delegation tokens and touch the Kafka versions that introduced these features and related major changes. Following that I will explain how to use ACLs in Kafka and how they are implemented internally, which will then serve as the basis for diving down into development of custom authorizers and principal builders to extend the basic Kafka security - for this we will use the example of authorizing based on the groups a user is assigned in an Active Directory structure.

The talk will be fairly technical, we will look at class structures of Kafka and look at how they interact with each other as well as look at code for an example of extending Kafka security features. However non-technical listeners will also gain i solid understanding of what is possible out of the box and what isn't.