Return-Path: Delivered-To: apmail-hadoop-core-dev-archive@www.apache.org Received: (qmail 49547 invoked from network); 25 Mar 2009 19:13:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 25 Mar 2009 19:13:26 -0000 Received: (qmail 89168 invoked by uid 500); 25 Mar 2009 19:13:25 -0000 Delivered-To: apmail-hadoop-core-dev-archive@hadoop.apache.org Received: (qmail 89115 invoked by uid 500); 25 Mar 2009 19:13:25 -0000 Mailing-List: contact core-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: core-dev@hadoop.apache.org Delivered-To: mailing list core-dev@hadoop.apache.org Received: (qmail 89105 invoked by uid 99); 25 Mar 2009 19:13:25 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Mar 2009 19:13:25 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of amansk@gmail.com designates 209.85.198.234 as permitted sender) Received: from [209.85.198.234] (HELO rv-out-0506.google.com) (209.85.198.234) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Mar 2009 19:13:18 +0000 Received: by rv-out-0506.google.com with SMTP id k40so161415rvb.29 for ; Wed, 25 Mar 2009 12:12:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=VUBgJWtLQhx1HbUSXblVFnI2PKFfnIKPPiwR9WHH8+U=; b=lj2ht3tZnzr41wZ2y7OZ2Q9sqwh3suCIncgkvqVEt+34S1HxGXw5AO3CBIDAPjuOYH JH5pnG7OfcoH080URygpc2qNRh8dz4GB9Ya7x4Se4iGMg3IsxyLi9D8lrQuno3iNKvh/ 1VxU+oWu0LE65KiVTeqX0VAI8ImdXY9kKZ/Fw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ZPZdp6X85t66QmvMoRJ0p6K//OUrq4jzwxqGw9MrMDZBGTJgFtL/FCpMbMPQfSLw9v A6jleAksc9rS7FWY7qCTrE8DYqcoCbHZYiLMIIHFMss+x2fmmmttS0wVJxanoZq88WMy wVdVxohb+Oe+CHh4BuxsrNLP1+VgI0czn8nPA= MIME-Version: 1.0 Received: by 10.140.174.20 with SMTP id w20mr3733256rve.87.1238008377787; Wed, 25 Mar 2009 12:12:57 -0700 (PDT) In-Reply-To: References: <35a22e220903201447y15a2b901r41f59f5c7fcb9e23@mail.gmail.com> Date: Wed, 25 Mar 2009 12:12:57 -0700 Message-ID: <35a22e220903251212p5622748dtc2eebe00947ea067@mail.gmail.com> Subject: Re: Design for security in Hadoop From: Amandeep Khurana To: core-dev@hadoop.apache.org Content-Type: multipart/alternative; boundary=000e0cd147f29644880465f6490a X-Virus-Checked: Checked by ClamAV on apache.org --000e0cd147f29644880465f6490a Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit > > > On 3/20/09 2:47 PM, "Amandeep Khurana" wrote: > > > > > 2. The Jira doesnt have cover the access control aspect of things. As a > > client, I can skip talking to the NN and get blocks from the DN straight > > away. There is no way to prevent it. This paper takes care of that aspect > as > > well. > > > > Have you looked at HADOOP-4359? In that JIRA, we discussed the idea of > using > public-key signed capabilities and dismissed it in favor of symmetric-key > based capabilities. That said, you're welcome to explore the public-key > idea > further. Yes, I read through that. The issue with that approach is that the moment a single DN gets compromised somehow (which isnt a big deal in a big system containing 1000s of nodes), the symmetric key gets exposed and the entire system is compromised. The whole idea of asymmetric key crypto is to allow only a single authorized prinicipal to sign stuff. > Kan > > --000e0cd147f29644880465f6490a--