hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6222) Add per-KeyValue Security
Date Sat, 10 Nov 2012 20:19:12 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494755#comment-13494755
] 

Andrew Purtell commented on HBASE-6222:
---------------------------------------

I forgot to mention something and want to highlight something.

The new KVs for Append and Increment inherit the KV tags (hence ACLs) of the value(s) they
are updating. This is both logical and works around the fact that Increment is not a Mutation
(see HBASE-7114).

If [~v.himanshu] or someone else wants to implement Accumulo-style visibility labels (or if
I ultimately end up doing it), then I encourage following the same design principles:
- Coprocessor based implementation
- Minimal to no changes to core code
- Perhaps just building on a KV generic tags facility
- Use OperationWithAttributes#{get,set}Attribute for passing through your new metadata

Then, you can see how what I describe above and perhaps something else that implements Accumulo-style
visibility labels can be consistent in deployment and API details *and can be easily stacked
on top of each other*.

                
> Add per-KeyValue Security
> -------------------------
>
>                 Key: HBASE-6222
>                 URL: https://issues.apache.org/jira/browse/HBASE-6222
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>            Reporter: stack
>            Assignee: Andrew Purtell
>         Attachments: HBaseCellRow-LevelSecurityDesignDoc.docx, HBaseCellRow-LevelSecurityPRD.docx
>
>
> Saw an interesting article: http://www.fiercegovernmentit.com/story/sasc-accumulo-language-pro-open-source-say-proponents/2012-06-14
> "The  Senate Armed Services Committee version of the fiscal 2013 national defense authorization
act (S. 3254) would require DoD agencies to foreswear the Accumulo NoSQL database after Sept.
30, 2013, unless the DoD CIO certifies that there exists either no viable commercial open
source database with security features comparable to [Accumulo] (such as the HBase or Cassandra
databases)..."
> Not sure what a 'commercial open source database' is, and I'm not sure whats going on
in the article, but tra-la-la'ing, if we had per-KeyValue 'security' like Accumulo's, we might
put ourselves in the running for federal contributions?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message