incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mahadev Konar <maha...@hortonworks.com>
Subject Re: [VOTE] Accept Apache Knox Hadoop Gateway Project into the Incubator
Date Tue, 19 Feb 2013 01:00:37 GMT
+1 (binding).

mahadev

On Feb 17, 2013, at 1:13 PM, Tom White wrote:

> +1
> 
> Tom
> 
> On Fri, Feb 15, 2013 at 7:22 PM, Devaraj Das <ddas@hortonworks.com> wrote:
>> Hi Folks,
>> 
>> Thanks for participating in the discussion. I'd like to call a VOTE
>> for acceptance of Apache Knox Hadoop Gateway Project into the
>> Incubator. The vote will close on Feb 22 at 6:00 p.m.
>> 
>> [ ]  +1 Accept Apache Knox Hadoop Gateway Project into the Incubator
>> [ ]  +0 Don't care.
>> [ ]  -1 Don't accept Apache Knox Hadoop Gateway Project into the
>> Incubator because...
>> 
>> Full proposal is pasted at the bottom of this email, and the
>> corresponding wiki is http://wiki.apache.org/incubator/knox. Only
>> VOTEs from Incubator PMC members are binding.
>> 
>> Here's my +1 (binding).
>> 
>> Thanks,
>> Devaraj.
>> 
>> -----------------
>> 
>> Knox Gateway Proposal
>> 
>> Abstract
>> 
>> Knox Gateway is a system that provides a single point of secure access
>> for Apache Hadoop clusters.
>> 
>> Proposal
>> 
>> The Knox Gateway (“Gateway” or “Knox”) is a system that provides a
>> single point of authentication and access for Apache Hadoop services
>> in a cluster. The goal is to simplify Hadoop security for both users
>> (i.e. who access the cluster data and execute jobs) and operators
>> (i.e. who control access and manage the cluster). The Gateway runs as
>> a server (or cluster of servers) that serve one or more Hadoop
>> clusters.
>> 
>> Provide perimeter security to make Hadoop security setup easier
>> Support authentication and token verification security scenarios
>> Deliver users a single cluster end-point that aggregates capabilities
>> for data and jobs
>> Enable integration with enterprise and cloud identity management environments
>> 
>> Background
>> 
>> An Apache Hadoop cluster is presented to consumers as a loose
>> collection of independent services. This makes it difficult for users
>> to interact with Hadoop since each service maintains it’s own method
>> of access and security. As well, for operators, configuration and
>> administration of a secure Hadoop cluster is a complex and many Hadoop
>> clusters are insecure as a result.
>> 
>> The goal of the project is to provide coverage for all existing Hadoop
>> ecosystem projects. In addition, the project will be extensible to
>> allow for new and/or proprietary Hadoop components without requiring
>> changes to the gateway source code. The gateway is expected to run in
>> a DMZ environment where it will provide controlled access to these
>> Hadoop services. In this way Hadoop clusters can be protected by a
>> firewall and only limited access provided through the firewall for the
>> gateway. The authentication components of the gateway will be modular
>> and extensible such that it can be integrated with existing security
>> infrastructure.
>> 
>> Rationale
>> 
>> Organizations that are struggling with Hadoop cluster security result
>> in a) running Hadoop without security or b) slowing adoption of
>> Hadoop. The Gateway aims to provide perimeter security that integrates
>> more easily into existing organizations’ security infrastructure.
>> Doing so will simplify security for these organizations and benefit
>> all Hadoop stakeholders (i.e. users and operators). Additionally,
>> making a dedicated perimeter security project part of the Apache
>> Hadoop ecosystem will prevent fragmentation in this area and further
>> increase the value of Hadoop as a data platform.
>> 
>> Current Status
>> 
>> Prototype available, developed by the list of initial committers.
>> 
>> Meritocracy
>> 
>> We desire to build a diverse developer community around Gateway
>> following the Apache Way. We want to make the project open source and
>> will encourage contributors from multiple organizations following the
>> Apache meritocracy model.
>> 
>> Community
>> 
>> We hope to extend the user and developer base in the future and build
>> a solid open source community around Gateway. Apache Hadoop has a
>> large ecosystem of open source projects, each with a strong community
>> of contributors. All project communities in this ecosystem have an
>> opportunity to participate in the advancement of the Gateway project
>> because ultimately, Gateway will enable the security capabilities of
>> their project to be more enterprise friendly.
>> 
>> Core Developers
>> 
>> Gateway is currently being developed by several engineers from
>> Hortonworks - Kevin Minder, Larry McCay, John Speidel, Tom Beerbower
>> and Sumit Mohanty. All the engineers have deep expertise in
>> middleware, security & identity systems and are quite familiar with
>> the Hadoop ecosystem.
>> 
>> Alignment
>> 
>> The ASF is a natural host for Gateway given that it is already the
>> home of Hadoop, Hive, Pig, HBase, Oozie and other emerging big data
>> software projects. Gateway is designed to solve the security
>> challenges familiar to the Hadoop ecosystem family of projects.
>> 
>> Known Risks
>> 
>> Orphaned products & Reliance on Salaried Developers
>> 
>> The core developers plan to work full time on the project. We believe
>> that this project will be of general interest to many Hadoop users and
>> will attract a diverse set of contributors. We intend to demonstrate
>> this by having contributors from several organizations recognized as
>> committers by the time Knox graduates from incubation.
>> 
>> Inexperience with Open Source
>> 
>> All of the core developers are active users and followers of open
>> source. As well, Hortonworks and the affiliated mentors have a strong
>> heritage of success with contributions to Apache Hadoop Projects.
>> 
>> Homogeneous Developers
>> 
>> The current core developers are from Hortonworks, however, we hope to
>> establish a developer community that includes contributors from
>> several corporations.
>> 
>> Reliance on Salaried Developers
>> 
>> Currently, the developers are paid to do work on Gateway. However,
>> once the project has a community built around it, we expect to get
>> committers and developers from outside the current core developers.
>> 
>> Relationships with Other Apache Products
>> 
>> Gateway is going to be used by the users and operators of Hadoop, and
>> the Hadoop ecosystem in general.
>> 
>> A Excessive Fascination with the Apache Brand
>> 
>> Our interest in developing Gateway in Apache project is to follow an
>> established development model, as well since many of the Hadoop
>> ecosystem projects also are part of Apache, Gateway will complement
>> those projects by following the same development and contribution
>> model.
>> 
>> Documentation
>> 
>> There is documentation in Hortonworks’ internal repositories. These
>> can be shared upon request and will be transferred into the Apache CM
>> system if this proposal is accepted.
>> 
>> Initial Source
>> 
>> The current initial source can be found in a GitHub repository.
>> https://github.com/hortonworks/knox.git
>> 
>> Source and Intellectual Property Submission Plan
>> 
>> The complete Gateway code is under Apache Software License 2.
>> 
>> External Dependencies
>> 
>> The Gateway dependencies are listed below, separated by Category A and
>> Category B as defined in the Apache Third-Party Licensing Policy.
>> Note: These are the direct dependencies. Indirect dependencies are not
>> included.
>> 
>> Category A Dependencies
>> 
>> Apache Commons - ASLv2.0
>> 
>> commons-io:commons-io#2.4
>> commons-cli:commons-cli#1.2
>> commons-codec:commons-codec#1.7
>> org.apache.commons:commons-digester3#3.2
>> org.apache.commons:commons-vfs2#2.0
>> 
>> Apache Hadoop - ASLv2.0
>> 
>> org.apache.hadoop:hadoop-auth#0.23.3
>> org.apache.hadoop:hadoop-core#1.0.3
>> 
>> Apache Geronimo - ASLv2.0
>> 
>> org.apache.geronimo.components:geronimo-jaspi#2.0.0
>> org.apache.geronimo.specs:geronimo-osgi-locator#1.1
>> 
>> Apache Shiro - ASLv2.0
>> 
>> org.apache.shiro:shiro-web#1.2.1
>> 
>> ApacheDS - ASLv2.0
>> 
>> org.apache.directory.server:apacheds-all#1.5.5
>> 
>> Log4J - ASLv2.0
>> 
>> log4j:log4j#1.2.17
>> 
>> SL4J - MIT
>> 
>> org.slf4j:slf4j-api#1.6.6
>> org.slf4j:slf4j-log4j12#1.6.6
>> 
>> Guava - ASLv2.0
>> 
>> com.google.guava:guava#14.0-rc1
>> 
>> HttpClient - ASLv2.0
>> 
>> org.apache.httpcomponents:httpclient#4.2.1
>> 
>> Jetty - ASLv2.0
>> 
>> org.eclipse.jetty:jetty-server#8.1.7.v20120910
>> org.eclipse.jetty:jetty-servlet#8.1.7.v20120910
>> org.eclipse.jetty:jetty-webapp#8.1.7.v20120910
>> org.eclipse.jetty:jetty-jaspi#8.1.7.v20120910
>> org.eclipse.jetty.aggregate:jetty-all#8.1.7.v20120910
>> org.eclipse.jetty:test-jetty-servlet#8.1.7.v20120910
>> 
>> JBoss ShrinkWrap - ASLv2.0
>> 
>> org.jboss.shrinkwrap:shrinkwrap-api#1.0.1
>> org.jboss.shrinkwrap:shrinkwrap-impl-base#1.0.1
>> org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-javaee#2.0.0-alpha-4
>> org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-javaee#2.0.0-alpha-4
>> 
>> Category A Dependencies (Test)
>> 
>> EasyMock - ASLv2.0
>> 
>> org.easymock:easymock#3.0
>> 
>> XML Matchers - ASLv2.0
>> 
>> org.xmlmatchers:xml-matchers#0.10
>> 
>> Hamcrest - BSDv3
>> 
>> org.hamcrest:hamcrest-api#1.0
>> org.hamcrest:hamcrest-core#1.2.1
>> org.hamcrest:hamcrest-library#1.2.1
>> 
>> JsonPath - ASLv2.0
>> 
>> com.jayway.jsonpath:json-path#0.8.1
>> com.jayway.jsonpath:json-path-assert#0.8.1
>> 
>> XMLTool - ASLv2.0
>> 
>> com.mycila.xmltool:xmltool#3.3
>> 
>> REST-assured - ASLv2.0
>> 
>> com.jayway.restassured:rest-assured#1.6.2
>> 
>> Category B Dependencies
>> 
>> Jersey - CDDLv1.1 or GPL2wCPE
>> 
>> com.sun.jersey:jersey-server#1.14
>> com.sun.jersey:jersey-servlet#1.14
>> 
>> Jerico - EPLv1.0
>> 
>> net.htmlparser.jericho:jericho-html#3.2
>> 
>> Servlet - CDDLv1.0 or GPLv2
>> 
>> javax.servlet:javax.servlet-api#3.0.1
>> 
>> JUnit - CPLv1.0
>> 
>> junit:junit#4.11
>> 
>> Cryptography
>> 
>> The Gateway uses cryptographic software indirectly as a result of
>> having two dependencies: ApacheDS and Apache Shiro. Gateway does not
>> include any special or custom cryptographic technologies.
>> 
>> ApacheDS is an ASF project and has been classified Export Commodity
>> Control Number (ECCN) 5D002.C.1 due to it’s dependency on Bouncy
>> Castle. More information on the ApacheDS classification can be found
>> at http://svn.apache.org/repos/asf/directory/apacheds/trunk/installers/README
>> 
>> Apache Shiro is an ASF project and has been classified Export
>> Commodity Control Number (ECCN) 5D002.C.1. More information on the
>> Apache Shiro classification can be found at
>> http://svn.apache.org/repos/asf/shiro/trunk/README
>> 
>> Required Resources
>> 
>> Mailing lists
>> 
>> knox-dev AT incubator DOT apache DOT org knox-commits AT incubator DOT
>> apache DOT org knox-user AT hms incubator apache DOT org knox-private
>> AT incubator DOT apache DOT org
>> 
>> Subversion Directory
>> 
>> https://svn.apache.org/repos/asf/incubator/knox
>> 
>> Issue Tracking
>> 
>> JIRA Knox (KNOX)
>> 
>> Initial Committers
>> 
>> Kevin Minder (kevin DOT minder AT hortonworks DOT com)
>> 
>> Larry McCay (lmccay AT hortonworks DOT com)
>> 
>> John Speidel (jspeidel AT hortonworks DOT com)
>> Tom Beerbower (tbeerbower AT hortonworks DOT com)
>> Sumit Mohanty (smohanty AT hortonworks DOT com)
>> Venkatesh Seetharam (venkatesh AT hortonworks DOT com)
>> 
>> Affiliations
>> 
>> Kevin Minder (Hortonworks)
>> 
>> Larry McCay (Hortonworks)
>> 
>> John Speidel (Hortonworks)
>> Tom Beerbower (Hortonworks)
>> Sumit Mohanty (Hortonworks)
>> Venkatesh Seetharm (Hortonworks)
>> Owen O'Malley (Hortonworks)
>> Mahadev Konar (Hortonworks)
>> Alan Gates (Hortonworks)
>> Devaraj Das (Hortwonrks)
>> Chris Douglas (Microsoft)
>> Chris Mattmann (NASA)
>> Tom White (Cloudera)
>> 
>> Sponsors
>> 
>> Champion
>> 
>> Devaraj Das (ddas AT apache DOT org)
>> 
>> Nominated Mentors
>> 
>> Owen O’Malley (omalley AT apache DOT org)
>> Mahadev Konar (mahadev AT apache DOT org)
>> Alan Gates (gates AT apache DOT org)
>> Devaraj Das (ddas AT apache DOT org)
>> Chris Douglas (cdouglas AT apache DOT org)
>> Chris Mattmann (chris DOT a DOT mattmann AT jpl DOT nasa DOT gov)
>> Tom White (tom DOT e DOT white AT gmail DOT com)
>> 
>> Sponsoring Entity
>> 
>> Incubator PMC
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message