Answer-first summary for fast verification
Answer: Use an OAuth 2.0 access token issued by an external identity provider and verify it in a custom validation layer before accessing the model endpoint.
## Explanation The best approach is to use an OAuth 2.0 access token issued by an external identity provider and verify it in a custom validation layer before accessing the model endpoint. This method is widely used for secure, scalable, and flexible access control in enterprise environments. ### OAuth 2.0 Benefits: - **Secure and Standardized Authentication:** OAuth 2.0 is a well-established standard for token-based authentication. - **Integration with Identity Providers:** External identity providers (e.g., Azure AD, Okta, Google Identity) can issue tokens, enabling single sign-on (SSO) and centralized access management. - **Granular Access Control:** Tokens can carry claims or scopes, allowing fine-grained authorization policies for different user roles or permissions. - **Scalability:** OAuth 2.0 supports dynamic token issuance and validation, making it suitable for environments with multiple users or applications. ### Custom Validation Layer: Before processing a request, a custom validation layer can verify the token by checking its signature, expiration, and claims, ensuring that only authorized users can access the endpoint. ## Why not the others: - **A. Configure a Databricks Personal Access Token (PAT) for each user and validate it within the serving endpoint:** - PATs are designed for individual user access to the Databricks workspace and are less scalable for shared or multi-user environments. They also don't offer the flexibility of claims-based authorization. - **C. Use Databricks' built-in role-based access control (RBAC):** - While RBAC can control access to the workspace and resources, it does not directly apply to securing REST API requests for model serving. - **D. Set up API keys in Databricks Workspace and authenticate API requests by checking for the presence of a valid API key:** - API keys provide basic authentication but lack the flexibility and scalability of OAuth 2.0. They do not support claims-based authorization or integrate with enterprise identity providers. **B is the best approach as it leverages a secure, standardized, and scalable authentication mechanism.**
Author: LeetQuiz .
Ultimate access to all questions.
No comments yet.
What is the best approach to secure access to a Databricks model serving endpoint via REST API for multiple users in an enterprise environment?
A
Configure a Databricks Personal Access Token (PAT) for each user and validate it within the serving endpoint.
B
Use an OAuth 2.0 access token issued by an external identity provider and verify it in a custom validation layer before accessing the model endpoint.
C
Use Databricks' built-in role-based access control (RBAC).
D
Set up API keys in Databricks Workspace and authenticate API requests by checking for the presence of a valid API key in each request.