Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 33B1A1080B for ; Mon, 9 Dec 2013 12:14:24 +0000 (UTC) Received: (qmail 91838 invoked by uid 500); 9 Dec 2013 12:14:17 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 91422 invoked by uid 500); 9 Dec 2013 12:14:10 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 91371 invoked by uid 99); 9 Dec 2013 12:14:08 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Dec 2013 12:14:08 +0000 Date: Mon, 9 Dec 2013 12:14:08 +0000 (UTC) From: "Yi Liu (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-10150) Hadoop cryptographic file system MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-10150?page=3Dcom.atlassi= an.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D13= 843097#comment-13843097 ]=20 Yi Liu commented on HADOOP-10150: --------------------------------- Hi Owen, thanks for bringing it up here. I am working on breaking down the = patches and creating sub-task JIRAs as already mentioned in my previous res= ponse. Rest of your comment seems to be about a different JIRA and is proba= bly best discussed on that JIRA. * HADOOP-10149: since I have that patch already implemented, do you mind as= signing it to me? I will take that piece of code and apply there for review= . * Since HADOOP-10141 tries to improve on HADOOP-9333, why not provide your = feedback on HADOOP-9333 instead of opening a JIRA that duplicates part of t= hat work? > Hadoop cryptographic file system > -------------------------------- > > Key: HADOOP-10150 > URL: https://issues.apache.org/jira/browse/HADOOP-10150 > Project: Hadoop Common > Issue Type: New Feature > Components: security > Affects Versions: 3.0.0 > Reporter: Yi Liu > Assignee: Yi Liu > Labels: rhino > Fix For: 3.0.0 > > Attachments: CryptographicFileSystem.patch, HADOOP cryptographic = file system.pdf > > > There is an increasing need for securing data when Hadoop customers use v= arious upper layer applications, such as Map-Reduce, Hive, Pig, HBase and s= o on. > HADOOP CFS (HADOOP Cryptographic File System) is used to secure data, bas= ed on HADOOP =E2=80=9CFilterFileSystem=E2=80=9D decorating DFS or other fil= e systems, and transparent to upper layer applications. It=E2=80=99s config= urable, scalable and fast. > High level requirements: > 1.=09Transparent to and no modification required for upper layer applicat= ions. > 2.=09=E2=80=9CSeek=E2=80=9D, =E2=80=9CPositionedReadable=E2=80=9D are sup= ported for input stream of CFS if the wrapped file system supports them. > 3.=09Very high performance for encryption and decryption, they will not b= ecome bottleneck. > 4.=09Can decorate HDFS and all other file systems in Hadoop, and will not= modify existing structure of file system, such as namenode and datanode st= ructure if the wrapped file system is HDFS. > 5.=09Admin can configure encryption policies, such as which directory wil= l be encrypted. > 6.=09A robust key management framework. > 7.=09Support Pread and append operations if the wrapped file system suppo= rts them. -- This message was sent by Atlassian JIRA (v6.1.4#6159)