Return-Path: Delivered-To: apmail-lucene-hadoop-dev-archive@locus.apache.org Received: (qmail 68713 invoked from network); 10 Nov 2007 00:07:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Nov 2007 00:07:15 -0000 Received: (qmail 81322 invoked by uid 500); 10 Nov 2007 00:07:02 -0000 Delivered-To: apmail-lucene-hadoop-dev-archive@lucene.apache.org Received: (qmail 81264 invoked by uid 500); 10 Nov 2007 00:07:01 -0000 Mailing-List: contact hadoop-dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hadoop-dev@lucene.apache.org Delivered-To: mailing list hadoop-dev@lucene.apache.org Received: (qmail 81104 invoked by uid 99); 10 Nov 2007 00:07:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Nov 2007 16:07:01 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Nov 2007 00:07:51 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id CA8BD714233 for ; Fri, 9 Nov 2007 16:06:50 -0800 (PST) Message-ID: <33306941.1194653210827.JavaMail.jira@brutus> Date: Fri, 9 Nov 2007 16:06:50 -0800 (PST) From: "Tsz Wo (Nicholas), SZE (JIRA)" To: hadoop-dev@lucene.apache.org Subject: [jira] Created: (HADOOP-2182) Change RPC to provide secure communication MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Change RPC to provide secure communication ------------------------------------------ Key: HADOOP-2182 URL: https://issues.apache.org/jira/browse/HADOOP-2182 Project: Hadoop Issue Type: New Feature Reporter: Tsz Wo (Nicholas), SZE In the current version of RPC, there is no authentication or data protection. We propose to change the RPC framework, so that secure communication is possible. The new RPC should: - Compatible with current RPC - Allow a pluggable security implementations (see HADOOP-1701) - Support both secure and non-secure modes. Here is a rough idea: - Store security information (e.g. username, keys) in a ticket - Use the ticket to establish a RPC connection - Create secure sockets by the (subclass of) SocketFactory corresponding to the selected security implementations - Send the data and RPC parameters with the secure sockets When authentication is supported, the RPC callee should also initialize caller information during RPC setup and execute the RPC on the caller's behalf. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.