incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "SentryProposal" by ShreepadmaVenugopalan
Date Mon, 29 Jul 2013 22:45:45 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The "SentryProposal" page has been changed by ShreepadmaVenugopalan:
https://wiki.apache.org/incubator/SentryProposal?action=diff&rev1=1&rev2=2

- Sentry - A fine-grained Authorization System for the Hadoop ecosystem
+ = Sentry - A fine-grained Authorization System for the Hadoop ecosystem =
  
  == Abstract ==
  
@@ -13, +13 @@

  Sentry will provide true role-based fine-grained user access control for Apache Hadoop and
its ecosystem components such as Hive, Pig or HBase. This includes providing fine- grained
role based access to both data as well as the metadata, which provides a rich object based
abstraction such as databases, tables or columns.
  
  == Background ==
+ 
  Sentry was initially developed by Cloudera to allow users fine grained access to data as
well as the metadata in Apache Hadoop.
  
  Sentry has been maintained as an open source project on Cloudera’s github. Sentry was
previously called “Access”. All code in Sentry is open source and has been made publicly
available under the Apache 2 license. During this time, Sentry has been formally released
two times as versions 1.0.0 and 1.1.0.
@@ -21, +22 @@

  
  Currently, users don't have a way to achieve fine grained enforceable user access control
to data stored in HDFS and their associated metadata. While users can use file based permissions
to control access to specific directories and files, it is insufficient because access can't
be restricted to file parts i.e., to specific lines or logical columns. In the absence of
such support, users have to resort to duplicating data. Furthermore, file based permissions
are insufficient to provide any form of access control to the metadata that provides an object
abstraction such as databases, tables, columns or partitions over the data stored in HDFS.

  
- It is important to note that projects such as Apache Knox aim to provide perimeter security,
whereas the goal of Sentry is to implement a fine-grained role-based access control policy.
Hence Sentry complements Apache Knox.
- 
  Current Sentry developers subscribe to the mission of ASF and are familiar with the open
source development process. Several members are already committers and PMC members of various
other Apache projects.
  
  == Initial Goals ==
+ 
  Sentry is currently in its first major release with a considerable number of enhancement
requests, tasks, and issues recorded towards its future development. The initial goal of this
project will be to continue to build community in the spirit of the "Apache Way", and to address
the highly requested features and bug-fixes towards the next dot release.
  
  == Current Status ==
  === Meritocracy ===
+ 
  Intent of the proposal is to build a diverse community of developers around Sentry. Sentry
started as a open source project on Github, driven in the spirit of open source and we would
like to continue in this spirit by, for example, encouraging contributors from a variety of
organizations. 
  
  === Community ===
+ 
- Sentry stakeholders desire to expand the user and developer base of Sentry further in the
future. The current sets of developers in Sentry are committed to building a strong user base
and open source community around the project. All development discussions within the current
team have been on a public mailing list (access-dev@cloudera.org).
+ Sentry stakeholders desire to expand the user and developer base of Sentry further in the
future. The current sets of developers in Sentry are committed to building a strong user base
and open source community around the project. Development discussions within the current team
have been on a public mailing [[https://groups.google.com/a/cloudera.org/forum/#!forum/access-dev
| list]].
  
  === Core Developers ===
  
@@ -41, +43 @@

  
  === Alignment ===
  
- Sentry complements some aspects of other projects in the Apache Hadoop ecosystem, such as
HDFS file permissions, by providing fine grained access control to data and metadata in Hadoop.
Currently, it integrates with Apache Hive, however we are planning to provide support for
other components such as Apache Pig.
+ Sentry complements the access control feature of some projects in the Apache Hadoop ecosystem,
such as HDFS file permissions, by providing finer grained access control to data and metadata.
It supersedes the access control capabilities of some other projects such as Apache Hive by
providing stronger guarantees against malicious access.  Currently, Sentry integrates with
Apache Hive, however we are planning to provide support for other components such as Apache
Pig.
+ 
+ While projects such as Apache Knox aim to provide perimeter security, the goal of Sentry
is to implement a fine-grained role-based access control policy. Thus Sentry complements Apache
Knox.
  
  == Known Risks ==
  
@@ -71, +75 @@

  
  == Documentation ==
  
+   * Cloudera provides documentation specific to its distribution of Sentry at: http://www.cloudera.com/content/cloudera-content/cloudera-docs/Sentry/Sentry.pdf
+   * Sentry jira at Cloudera: https://issues.cloudera.org/browse/access
+ 
  == Initial Source ==
+ 
  https://github.com/cloudera/access
  
  == Source and Intellectual Property Submission Plan ==
+ 
  All of Sentry’s code is under Apache 2 license already.
  
  == External Dependencies ==
  
  All dependencies have licenses compatible with ASL. Dependencies that are not directly using
ASL are,
  
- Junit - Eclipse Public License
+   * Junit - Eclipse Public License
  
  == Cryptography ==
  
- Sentry currently doesn’t directly use any cryptographic libraries.
+ Sentry currently doesn’t directly use any cryptographic libraries. However, Sentry uses
Apache Shiro, which provides support for cryptography features such as hash, cipher etc.
  
  == Required Resources ==
  
@@ -111, +120 @@

  
  == Initial Committers ==
  
-   * Ali Rizvi (ali.rizvi@oracle.com)
+   * Ali Rizvi (ali.rizvi at oracle.com)
-   * Arvind Prabhakar (arvind@apache.org)
+   * Arvind Prabhakar (arvind at apache.org)
-   * Brock Noland  (brock@apache.org)
+   * Brock Noland  (brock at apache.org)
-   * Chaoyu Tang (ctang@cloudera.com)
+   * Chaoyu Tang (ctang at cloudera.com)
-   * Daisy Zhao (daisy@wibidata.com)
+   * Daisy Zhou (daisy at wibidata.com)
-   * David Nalley (ke4qqq@apache.org)
+   * David Nalley (ke4qqq at apache.org)
-   * Erick Tryzelaar(etryzelaar@iqt.org)
+   * Erick Tryzelaar(etryzelaar at iqt.org)
-   * Greg Chanan (gchanan@apache.org)
+   * Greg Chanan (gchanan at apache.org)
-   * Hadi Nahari (hnahari@nvidia.com)
+   * Hadi Nahari (hnahari at nvidia.com)
-   * Jarek Jarcec Cecho (jarcec@apache.org)
+   * Jarek Jarcec Cecho (jarcec at apache.org)
-   * Johnny Zhang (xiaoyuz@cloudera.com)
+   * Johnny Zhang (xiaoyuz at cloudera.com)
-   * Karthik Ramachandran (kramachandran@iqt.org)
+   * Karthik Ramachandran (kramachandran at iqt.org)
-   * Mark Grover (mgrover@cloudera.com)
+   * Mark Grover (mgrover at cloudera.com)
-   * Milo Polte (milo@wibidata.com)
+   * Milo Polte (milo at wibidata.com)
-   * Lenni Kuff  (lskuff@cloudera.com)
+   * Lenni Kuff  (lskuff at cloudera.com)
-   * Patrick Daly (daly@cloudera.com)
+   * Patrick Daly (daly at cloudera.com)
-   * Patrick Hunt (phunt@apache.org)
+   * Patrick Hunt (phunt at apache.org)
-   * Prasad Mujumdar (prasadm@apache.org)
+   * Prasad Mujumdar (prasadm at apache.org)
-   * Raghu Mani (raghu.mani@oracle.com) 
+   * Raghu Mani (raghu.mani at oracle.com) 
-   * Sean Mackrory (sean@cloudera.com)
+   * Sean Mackrory (sean at cloudera.com)
-   * Shreepadma Venugopalan (shreepadma@cloudera.com)
+   * Shreepadma Venugopalan (shreepadma at cloudera.com)
-   * Sravya Tirukkovalur (sravya@cloudera.com)
+   * Sravya Tirukkovalur (sravya at cloudera.com)
-   * Tom White (tomwhite@apache.org)
+   * Tom White (tomwhite at apache.org)
-   * Xuefu Zhang (xuefu@apache.org)
+   * Xuefu Zhang (xuefu at apache.org)
  
  == Affiliations ==
+ 
    * Ali Rizvi (Oracle)
    * Arvind Prabhakar (Cloudera)
    * Brock Noland  (Cloudera)
    * Chaoyu Tang (Cloudera)
-   * Daisy Zhao (Wibidata)
+   * Daisy Zhou (Wibidata)
    * David Nalley (Citrix)
    * Erick Tryzelaar (Lab41)
    * Greg Chanan (Cloudera)

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message