hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10757) KeyProvider KeyVersion should provide the key name
Date Fri, 27 Jun 2014 18:36:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14046239#comment-14046239
] 

Alejandro Abdelnur commented on HADOOP-10757:
---------------------------------------------

Owen, I not proposing changing the key version name to UUID, but to enable the key version
name to be a UUID. This is to enable integration with external key management systems and
HSMs.

> KeyProvider KeyVersion should provide the key name
> --------------------------------------------------
>
>                 Key: HADOOP-10757
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10757
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>
> Currently the {{KeyVersion}} does not provide a way to get the key name to do a reverse
lookup to get the metadata of the key.
> For the {{JavaKeyStoreProvider}} and the {{UserProvider}} this is not an issue because
the key name is encoded in the key version name. 
> This encoding of the key name in the key version name cannot be expected in all KeyProvider
implementations. It is common for key management systems to use UUID to refer to specific
key materials (KeyVersions in Hadoop parlance).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message