hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-6222) Add per-KeyValue Security
Date Tue, 26 Feb 2013 09:10:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13586954#comment-13586954
] 

Andrew Purtell edited comment on HBASE-6222 at 2/26/13 9:08 AM:
----------------------------------------------------------------

With HBASE-5416 maybe the AccessController can add or wrap any filters on the Scan with a
filter that excludes the ACL CF since the AccessControlFilter doesn't consult that data inline
with scanner iteration.

Longer term though most likely the AccessControlFilter will have ACL data available inline
with the KVs (as tags). See the alternate implementation attached to this JIRA for an example
of how that could work. The separate ACL CF would go away.

If cell tags can make it into 0.96, then the ACL CF could go away now. 5416 would not be useful
in that case.

Edit: I misread the tail of 5416, so it's in trunk already.
                
      was (Author: apurtell):
    If HBASE-5416 was available the AccessController could add or wrap any filters on the
Scan with a filter that excludes the ACL CF since the AccessControlFilter doesn't consult
that data inline with scanner iteration. If 5416 is pretty close it would enable an optimization
here.

Longer term though most likely the AccessControlFilter will have ACL data available inline
with the KVs (as tags). See the alternate implementation attached to this JIRA for an example
of how that could work. The separate ACL CF would go away.

If cell tags can make it into 0.96, then the ACL CF could go away now. 5416 would not be useful
in that case.
                  
> Add per-KeyValue Security
> -------------------------
>
>                 Key: HBASE-6222
>                 URL: https://issues.apache.org/jira/browse/HBASE-6222
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.96.0, 0.98.0
>            Reporter: stack
>            Assignee: Andrew Purtell
>         Attachments: 6222-aclcf.patch, 6222.pdf, cell-acls-kv-tags-not-for-review.zip,
HBaseCellRow-LevelSecurityDesignDoc.docx, HBaseCellRow-LevelSecurityPRD.docx
>
>
> Saw an interesting article: http://www.fiercegovernmentit.com/story/sasc-accumulo-language-pro-open-source-say-proponents/2012-06-14
> "The  Senate Armed Services Committee version of the fiscal 2013 national defense authorization
act (S. 3254) would require DoD agencies to foreswear the Accumulo NoSQL database after Sept.
30, 2013, unless the DoD CIO certifies that there exists either no viable commercial open
source database with security features comparable to [Accumulo] (such as the HBase or Cassandra
databases)..."
> Not sure what a 'commercial open source database' is, and I'm not sure whats going on
in the article, but tra-la-la'ing, if we had per-KeyValue 'security' like Accumulo's, we might
put ourselves in the running for federal contributions?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message