hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (HADOOP-9796) Pluggable TokenAuth framework and core facilities
Date Mon, 09 Dec 2013 06:40:09 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-9796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Yi Liu reassigned HADOOP-9796:

    Assignee: Yi Liu

> Pluggable TokenAuth framework and core facilities
> -------------------------------------------------
>                 Key: HADOOP-9796
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9796
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Yi Liu
> As discussed in HADOOP-9392, we're proposing a pluggable TokenAuth framework to abstract
and address the requirements, goals and collaboration concerns already widely discussed in
the JIRA with the design doc, and in community. In this JIRA, we'll: 
> * Define the framework itself, and clarifies the key goals, properties, and facilities
that this framework should meet with and provide. Most of the points have already been explained
in HADOOP-9392 and the TokenAuth design doc. To collaborate with HSSO and more importantly
to allow other solutions, TokenAuth itself is just defined as a framework with required APIs,
protocols, flows, and facilities along with some simple implementations for related constructs,
entities and even services. The framework is neutral, no vendor specific, and subject to be
widely discussed and defined together as a common effort of community. As the most important
key point, the framework should be pluggable in all the key places to allow certain solutions
to employ their own product level implementations. Based on this framework, Rhino will come
up HAS solution. The framework related discussions in high level aspects can be in this separate
umbrella JIRA, and sub task JIRAs will be opened to address each aspect of the framework.

> * Define APIs for all the important entities and parties involved in TokenAuth framework.
> * Define important procedures and protocols, for example, the protocol between token
authn client and server. 
> * Implement this framework with the defined APIs, procedures and protocols. Meanwhile,
leave pluggable extension points in key places for solutions to customize and implement with
their own complicated mechanisms. 
> * Initially, we have the following items for the framework. It’s to be complemented.
Each of the items will be defined and discussed separately in corresponding subtask JIRA.
> ** Token definition and API;
> ** TokenAuthn method for Hadoop RPC;
> ** Authentication Service API;
> ** Identity Token Service API;
> ** Access Token Service API;
> ** Attribute Service API;
> ** Token authentication client;
> ** Token cache for TokenAuth;
> ** Common configuration for TokenAuth;
> ** Hadoop token command;
> ** Key Provider API;
> ** Web SSO for TokenAuth;
> ** REST SSO for TokenAuth;
> ** Auditing for TokenAuth;
> ** And etc.

This message was sent by Atlassian JIRA

View raw message