hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Minder (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9392) Token based authentication and Single Sign On
Date Tue, 11 Jun 2013 03:21:27 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13680172#comment-13680172

Kevin Minder commented on HADOOP-9392:

Although meetup.com was recommended to me as a mechanism to schedule a discussion, that doesn't
really seem like it will work since this needs to be a virtual.  I've schedule a Google Hangout
for 12pmPT on Wednesday 6/12.  https://plus.google.com/hangouts/_/calendar/a2V2aW4ubWluZGVyQGhvcnRvbndvcmtzLmNvbQ.qa0og2a0gaag9djeviv2rai63c
I'm happy to move this around based on availability of those interested.  I'm just not sure
of the timezones involved.  You can email my apache account (kminder at apache) or my jira
profile address if you don't want that info here.

At any rate for this "pre-meeting", I'd like to discuss what everyone would like to get out
of the our time at the Summit and how we can prepare in advance.  To seed this I think there
are a few things we need to nail down before we get there.
1) The scope of the discussion
2) The basic goals/requirements from various perspectives
3) Agreement on the design discussion logistics (we only have two hours)

At Summit we can:
1) Discuss design approaches.  I want to stress that these discussions need to be at a fairly
high level given the time allocation.  Ideally we would have been able to cover this already
here but we are rapidly running out of time.  
2) Discuss a general implementation approach for any change of this nature
3) Discuss rollout expectations (e.g. Hadoop ?.?)
> Token based authentication and Single Sign On
> ---------------------------------------------
>                 Key: HADOOP-9392
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9392
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>             Fix For: 3.0.0
>         Attachments: token-based-authn-plus-sso.pdf
> This is an umbrella entry for one of project Rhino’s topic, for details of project
Rhino, please refer to https://github.com/intel-hadoop/project-rhino/. The major goal for
this entry as described in project Rhino was 
> “Core, HDFS, ZooKeeper, and HBase currently support Kerberos authentication at the
RPC layer, via SASL. However this does not provide valuable attributes such as group membership,
classification level, organizational identity, or support for user defined attributes. Hadoop
components must interrogate external resources for discovering these attributes and at scale
this is problematic. There is also no consistent delegation model. HDFS has a simple delegation
capability, and only Oozie can take limited advantage of it. We will implement a common token
based authentication framework to decouple internal user and service authentication from external
mechanisms used to support it (like Kerberos)”
> We’d like to start our work from Hadoop-Common and try to provide common facilities
by extending existing authentication framework which support:
> 1.	Pluggable token provider interface 
> 2.	Pluggable token verification protocol and interface
> 3.	Security mechanism to distribute secrets in cluster nodes
> 4.	Delegation model of user authentication

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message