hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Minder (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9392) Token based authentication and Single Sign On
Date Wed, 19 Jun 2013 14:07:24 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13688011#comment-13688011
] 

Kevin Minder commented on HADOOP-9392:
--------------------------------------

I'd like to provide another opportunity for anyone interested to discuss and prepare for the
DesignLounge @ HadoopSummit session on security.  I'll have a WebEx running at 5pmPT/8pmET/8amCT.
 As before this will just be a discussion (no decisions) and we will summarize here following
the meeting.  Here is the proposed agenda.

* Introductions
* Summarize previous call
* Discuss goals/agenda/logistics for security DesignLounge@HadoopSummit session
* Plan required preparatory material for the session

WebEx details
-------------------------------------------------------
Meeting information
-------------------------------------------------------
Topic: Hadoop Security
Date: Wednesday, June 19, 2013
Time: 5:00 pm, Pacific Daylight Time (San Francisco, GMT-07:00)
Meeting Number: 625 489 526
Meeting Password: HadoopSecurity

-------------------------------------------------------
To start or join the online meeting
-------------------------------------------------------
Go to https://hortonworks.webex.com/hortonworks/j.php?ED=256673687&UID=508554752&PW=NZDdjOTcyNzdi&RT=MiM0

-------------------------------------------------------
Audio conference information
-------------------------------------------------------
To receive a call back, provide your phone number when you join the meeting, or call the number
below and enter the access code.
Call-in toll-free number (US/Canada): 1-877-668-4493
Call-in toll number (US/Canada): 1-650-479-3208
Global call-in numbers: https://hortonworks.webex.com/hortonworks/globalcallin.php?serviceType=MC&ED=256673687&tollFree=1
Toll-free dialing restrictions: http://www.webex.com/pdf/tollfree_restrictions.pdf

Access code:625 489 526

-------------------------------------------------------
For assistance
-------------------------------------------------------
1. Go to https://hortonworks.webex.com/hortonworks/mc
2. On the left navigation bar, click "Support".
To add this meeting to your calendar program (for example Microsoft Outlook), click this link:
https://hortonworks.webex.com/hortonworks/j.php?ED=256673687&UID=508554752&ICS=MS&LD=1&RD=2&ST=1&SHA2=AAAAAtYvvV8MU/6na1FmVxgxSUcpUBRMQ62CB-UdrJ15Wywo

To check whether you have the appropriate players installed for UCF (Universal Communications
Format) rich media files, go to https://hortonworks.webex.com/hortonworks/systemdiagnosis.php.

http://www.webex.com

CCM:+16504793208x625489526#

IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents
and other materials exchanged or viewed during the session to be recorded. You should inform
all meeting attendees prior to recording if you intend to record the meeting. Please note
that any such recordings may be subject to discovery in the event of litigation. 
                
> Token based authentication and Single Sign On
> ---------------------------------------------
>
>                 Key: HADOOP-9392
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9392
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>             Fix For: 3.0.0
>
>         Attachments: token-based-authn-plus-sso.pdf
>
>
> This is an umbrella entry for one of project Rhino’s topic, for details of project
Rhino, please refer to https://github.com/intel-hadoop/project-rhino/. The major goal for
this entry as described in project Rhino was 
>  
> “Core, HDFS, ZooKeeper, and HBase currently support Kerberos authentication at the
RPC layer, via SASL. However this does not provide valuable attributes such as group membership,
classification level, organizational identity, or support for user defined attributes. Hadoop
components must interrogate external resources for discovering these attributes and at scale
this is problematic. There is also no consistent delegation model. HDFS has a simple delegation
capability, and only Oozie can take limited advantage of it. We will implement a common token
based authentication framework to decouple internal user and service authentication from external
mechanisms used to support it (like Kerberos)”
>  
> We’d like to start our work from Hadoop-Common and try to provide common facilities
by extending existing authentication framework which support:
> 1.	Pluggable token provider interface 
> 2.	Pluggable token verification protocol and interface
> 3.	Security mechanism to distribute secrets in cluster nodes
> 4.	Delegation model of user authentication

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message