From 2ce4225c0f82597264a68c738e708669f0d60e18 Mon Sep 17 00:00:00 2001
From: Chris Lu <chrislusf@users.noreply.github.com>
Date: Thu, 21 Mar 2019 10:06:15 -0700
Subject: [PATCH] Updated Security Overview (markdown)

---
 Security-Overview.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/Security-Overview.md b/Security-Overview.md
index 63fa4d6..a0cf3a2 100644
--- a/Security-Overview.md
+++ b/Security-Overview.md
@@ -6,6 +6,20 @@ We will address the volume servers first. The following items are not covered, y
 1. master server http REST services
 1. filer server http REST services
 
+In summary, here are what can be achieved. 
+
+Server | Service | Note  
+---|---|---
+master | gRPC | secured by mutual TLS
+volume | gRPC | secured by mutual TLS
+filer  | gRPC | secured by mutual TLS
+master | http REST write | "weed master -httpReadOnly", disable http operations, only gRPC operations are allowed.
+master | http REST read | unprotected, exposing the UI, and stats
+filer  | http REST write | "weed master -port.public", add port for read only
+filer  | http REST read | unprotected
+volume | http REST write | set `jwt.signing.key` in `security.toml` in master and volume servers to check token for write operations
+volume | http REST read | unprotected
+
 # Generate `security.toml` file
 
 See [[Security Configuration]]