hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
Date Wed, 25 May 2016 23:47:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15301149#comment-15301149

Xiao Chen commented on HADOOP-10720:

Hi [~tucu00] and [~asuresh],
Thank you very much for the nice feature and great discussions on adding this.

I have 1 question:
Since the client side has {{encKeyVersionQueue}} to protect the KMS server, when generating
EEKs most requests doesn't reach the KMS server. The ACLs however, are on KMS server side
only. How could the ACL's be checked in the cached case?


> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>                 Key: HADOOP-10720
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10720
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>             Fix For: 2.6.0
>         Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch,
HADOOP-10720-10750.COMBO.patch, HADOOP-10720.1.patch, HADOOP-10720.10.patch, HADOOP-10720.11.patch,
HADOOP-10720.12.patch, HADOOP-10720.13.patch, HADOOP-10720.14.patch, HADOOP-10720.15.patch,
HADOOP-10720.16.patch, HADOOP-10720.17.patch, HADOOP-10720.18.patch, HADOOP-10720.19.patch,
HADOOP-10720.2.patch, HADOOP-10720.20.patch, HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.5.patch,
HADOOP-10720.6.patch, HADOOP-10720.7.patch, HADOOP-10720.8.patch, HADOOP-10720.9.patch, HADOOP-10720.patch,
HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch
> KMS client/server should implement support for generating encrypted keys and decrypting
them via the REST API being introduced by HADOOP-10719.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message