hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sanjay Radia (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HDFS-6134) Transparent data at rest encryption
Date Wed, 13 Aug 2014 04:59:16 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14094613#comment-14094613
] 

Sanjay Radia edited comment on HDFS-6134 at 8/13/14 4:58 AM:
-------------------------------------------------------------

Alejandro - for both webhdfs and httpfs to work your proposal is that users "hdfs" and "httpfs"
have access to any key (you mention only webhdfs in your comment but I suspect you meant both).
However with this approach webhdfs and httpfs will give access to ALL EZ files to users that
have read access.
Correct? This would be unacceptable.

I believe the better solution is for webhdfs and httpfs to access the file by doing a doAs(endUser).



was (Author: sanjay.radia):
Alejandro - for both webhdfs and httpfs to work your proposal is that users "hdfs" and "httpfs"
have access to any key (you mention only webhdfs in your comment but I suspect you meant both).
However with this approach webhdfs and httpfs will then all access to ALL EZ files to users
that have read access.
Correct? This would be unacceptable.

I believe the better solution is for webhdfs and httpfs to access the file by doing a doAs(endUser).


> Transparent data at rest encryption
> -----------------------------------
>
>                 Key: HDFS-6134
>                 URL: https://issues.apache.org/jira/browse/HDFS-6134
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 3.0.0, 2.3.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Charles Lamb
>         Attachments: HDFS-6134.001.patch, HDFS-6134.002.patch, HDFS-6134_test_plan.pdf,
HDFSDataatRestEncryption.pdf, HDFSDataatRestEncryptionProposal_obsolete.pdf, HDFSEncryptionConceptualDesignProposal-2014-06-20.pdf
>
>
> Because of privacy and security regulations, for many industries, sensitive data at rest
must be in encrypted form. For example: the health­care industry (HIPAA regulations), the
card payment industry (PCI DSS regulations) or the US government (FISMA regulations).
> This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can be used transparently
by any application accessing HDFS via Hadoop Filesystem Java API, Hadoop libhdfs C library,
or WebHDFS REST API.
> The resulting implementation should be able to be used in compliance with different regulation
requirements.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message