Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B9181200AE4 for ; Thu, 26 May 2016 01:47:14 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id B7A65160A29; Wed, 25 May 2016 23:47:14 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1264E160A34 for ; Thu, 26 May 2016 01:47:13 +0200 (CEST) Received: (qmail 73709 invoked by uid 500); 25 May 2016 23:47:13 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 73691 invoked by uid 99); 25 May 2016 23:47:13 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 May 2016 23:47:13 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id EA7B42C1F6D for ; Wed, 25 May 2016 23:47:12 +0000 (UTC) Date: Wed, 25 May 2016 23:47:12 +0000 (UTC) From: "Xiao Chen (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 25 May 2016 23:47:14 -0000 [ https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15301149#comment-15301149 ] Xiao Chen commented on HADOOP-10720: ------------------------------------ Hi [~tucu00] and [~asuresh], Thank you very much for the nice feature and great discussions on adding this. I have 1 question: Since the client side has {{encKeyVersionQueue}} to protect the KMS server, when generating EEKs most requests doesn't reach the KMS server. The ACLs however, are on KMS server side only. How could the ACL's be checked in the cached case? Thanks! > KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API > --------------------------------------------------------------------------- > > Key: HADOOP-10720 > URL: https://issues.apache.org/jira/browse/HADOOP-10720 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0-alpha1 > Reporter: Alejandro Abdelnur > Assignee: Arun Suresh > Fix For: 2.6.0 > > Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, HADOOP-10720-10750.COMBO.patch, HADOOP-10720.1.patch, HADOOP-10720.10.patch, HADOOP-10720.11.patch, HADOOP-10720.12.patch, HADOOP-10720.13.patch, HADOOP-10720.14.patch, HADOOP-10720.15.patch, HADOOP-10720.16.patch, HADOOP-10720.17.patch, HADOOP-10720.18.patch, HADOOP-10720.19.patch, HADOOP-10720.2.patch, HADOOP-10720.20.patch, HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.5.patch, HADOOP-10720.6.patch, HADOOP-10720.7.patch, HADOOP-10720.8.patch, HADOOP-10720.9.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch > > > KMS client/server should implement support for generating encrypted keys and decrypting them via the REST API being introduced by HADOOP-10719. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org