0

At a high level based on the technology of event store and streaming (i.e. Apache Kafka, Amazon Kinesis, etc.) to decouple systems and make them event driven systems. I was wondering what new architectural risks this would pose such as whether there is more susceptible to abusing blind trust between systems like the eventing platform, or if event streams can create race conditions.

TLDR What additional technical risks (theoretical and otherwise) does Event Store and Streaming platforms create?

Rivesticles
  • 644
  • 3
  • 13
  • 1
    depending on the architecture, event streams certainly have the potential to cause consistency problems, but i think this is out of scope round these parts .. depending on the tech in use, there should be (at least) one security boundary required to prevent unauthorised participants (specifically **not** blind trust) - for the most part if a node in the system is compromised then the adversary will have the access the node had - this may be solved by limiting the validity before the node needs to re-auth (eg. you might require this every *n*-seconds) and rely on monitoring – brynk Jul 11 '22 at 11:00
  • 1
    assuming redundancy you might be issuing multiple copies of the same message to different nodes in the cluster - you would need to allow for this, so the system may already be resilient - if using encryption of the messages, then the protocol might use the nonce to ensure the messages can't be replayed or processed out of order – brynk Jul 11 '22 at 11:03
  • Interesting ideas. Seems like trust boundaries, failover systems (cluster) and integrity checks to prevent message replay or being placed out of order is the way to go. Considering additional high level architectural risks around eventing platforms to decouple systems has been answered ^ – Rivesticles Jul 11 '22 at 11:12

0 Answers0