hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "howie yu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10528) A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)
Date Tue, 22 Apr 2014 03:06:16 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

howie yu updated HADOOP-10528:
------------------------------

    Description: 
This is a key provider based on HADOOP-9331. HADOOP-9331 has designed a complete Hadoop crypto
codec framework, but the key can only be retrieved from a local Java KeyStore file. To the
convenience, we design a Centralized Key Manager Server (BEE: bee-key-manager) and user can
use this TokenKeyProvider to retrieve keys from the Centralized Key Manager Server. By the
way, to secure the key exchange, we leverage HTTPS + SPNego/SASL to protect the key exchange.
To the detail design and usage, please refer to https://github.com/trendmicro/BEE. 

Moreover, there are still much more requests about Hadoop Data Encryption (such as provide
standalone module, support KMIP...etc.), if anyone has interested in those features, pleas
let us know. 
 
Ps. Because this patch based on HADOOP-9331, please use patch HADOOP-9333, and HADOOP-9332
and before use our patch HADOOP-10528.patch.





  was:
This is a key provider based on HADOOP-9331. HADOOP-9331 has designed a complete Hadoop crypto
codec framework, but the key can only be retrieved from a local Java KeyStore file. To the
convenience, we design a Centralized Key Manager Server (BEE: bee-key-manager) and user can
use this TokenKeyProvider to retrieve keys from the Centralized Key Manager Server. By the
way, to secure the key exchange, we leverage HTTPS + SPNego/SASL to protect the key exchange.
To the detail design and usage, please refer to https://github.com/trendmicro/BEE. 

Moreover, there are still much more requests about Hadoop Data Encryption (such as provide
standalone module, support KMIP...etc.), if anyone has interested in those features, pleas
let us know. 
 
Ps. Because this patch baesd on HADOOP-9331 and , before use 



> A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-10528
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10528
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: howie yu
>         Attachments: HADOOP-10528.patch
>
>
> This is a key provider based on HADOOP-9331. HADOOP-9331 has designed a complete Hadoop
crypto codec framework, but the key can only be retrieved from a local Java KeyStore file.
To the convenience, we design a Centralized Key Manager Server (BEE: bee-key-manager) and
user can use this TokenKeyProvider to retrieve keys from the Centralized Key Manager Server.
By the way, to secure the key exchange, we leverage HTTPS + SPNego/SASL to protect the key
exchange. To the detail design and usage, please refer to https://github.com/trendmicro/BEE.

> Moreover, there are still much more requests about Hadoop Data Encryption (such as provide
standalone module, support KMIP...etc.), if anyone has interested in those features, pleas
let us know. 
>  
> Ps. Because this patch based on HADOOP-9331, please use patch HADOOP-9333, and HADOOP-9332
and before use our patch HADOOP-10528.patch.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message