Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 6BF95200B8E for ; Mon, 26 Sep 2016 15:08:44 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6A8DC160AC8; Mon, 26 Sep 2016 13:08:44 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id AD0AF160AB8 for ; Mon, 26 Sep 2016 15:08:43 +0200 (CEST) Received: (qmail 25652 invoked by uid 500); 26 Sep 2016 13:08:41 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 25642 invoked by uid 99); 26 Sep 2016 13:08:41 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Sep 2016 13:08:41 +0000 Received: from mail-it0-f51.google.com (mail-it0-f51.google.com [209.85.214.51]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 48DAF1A0448 for ; Mon, 26 Sep 2016 13:08:41 +0000 (UTC) Received: by mail-it0-f51.google.com with SMTP id n143so74032050ita.1 for ; Mon, 26 Sep 2016 06:08:41 -0700 (PDT) X-Gm-Message-State: AA6/9Rmeu8xxLe/bbS0zD4T83HygcyHV0g5wvIgK6b4TESBRByJrww4eH6Ap9Kcw/Whztd/Fo1bmBUd5W8z40Ml0 X-Received: by 10.36.155.194 with SMTP id o185mr18442379itd.54.1474895320478; Mon, 26 Sep 2016 06:08:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.27.147 with HTTP; Mon, 26 Sep 2016 06:08:09 -0700 (PDT) In-Reply-To: References: From: Wei-Chiu Chuang Date: Mon, 26 Sep 2016 06:08:09 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Hadoop KMS, security module To: Ascot Moss Cc: "user.hadoop" Content-Type: multipart/alternative; boundary=94eb2c060266a9b390053d68d315 archived-at: Mon, 26 Sep 2016 13:08:44 -0000 --94eb2c060266a9b390053d68d315 Content-Type: text/plain; charset=UTF-8 Hi, I'm not an expert in Hadoop KMS. But as far as I know Hadoop KMS itself does not rely on particular hardware for the purpose. The Hadoop KMS implementation is based on Java Provider API https://docs.oracle.com/javase/7/docs/api/java/security/Provider.html It looks like though there is ongoing effort to add HSM into Apache Ranger. On Sat, Sep 24, 2016 at 6:55 PM, Ascot Moss wrote: > Hi, > > I am studying Hadoop KMS and encryption, I understand that Hadoop KMS is > proxy of security module, have some questions and need help: > > Q1. Is there a reference list about Hardware Security Modules which > support Hadoop KMS? > > Q2. Any suggestion about (open source) software security modules that can > be used for evaluation and testing purposes on Hadoop KMS ? > > Regards > > --94eb2c060266a9b390053d68d315 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi,

I'm not an expert in Hadoo= p KMS. But as far as I know Hadoop KMS itself does not rely on particular h= ardware for the purpose.

The Hadoop KMS implementation is based on= Java Provider API https://docs.oracle.com/javase/7/docs/api/java/se= curity/Provider.html

It looks like though there is ongoing= effort to add HSM into Apache Ranger.

On Sat, Sep 24, 2016 at 6= :55 PM, Ascot Moss <ascot.moss@gmail.com> wrote:
Hi,

I am studying Hadoop KMS a= nd encryption, I understand that Hadoop KMS is proxy of security module, ha= ve some questions and need help:

Q1. Is there a re= ference list about Hardware Security Modules which support Hadoop KMS?

Q2. Any suggestion about (open source) software securi= ty modules that can be used for evaluation and testing purposes on Hadoop K= MS ?

Regards

--94eb2c060266a9b390053d68d315--