incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mattmann, Chris A (388J)" <chris.a.mattm...@jpl.nasa.gov>
Subject Re: [VOTE] Accept Apache Knox Hadoop Gateway Project into the Incubator
Date Fri, 15 Feb 2013 04:25:26 GMT
s/Apache Open Climate Workbench/Apache Knox Hadoop Gateway/ :)

May want to resend the [VOTE] thread.

On 2/14/13 5:26 PM, "Devaraj Das" <ddas@hortonworks.com> wrote:

>Hi Folks,
>
>Thanks for participating in the discussion. I'd like to call a VOTE
>for acceptance of Apache Knox Hadoop Gateway Project into the
>Incubator. The vote will close on Feb 21 at 6:00 p.m.
>
>[ ]  +1 Accept Apache Open Climate Workbench into the Incubator
>[ ]  +0 Don't care.
>[ ]  -1 Don't accept Apache Open Climate Workbench into the Incubator
>because...
>
>Full proposal is pasted at the bottom of this email, and the
>corresponding wiki is http://wiki.apache.org/incubator/knox. Only
>VOTEs from Incubator PMC members are binding.
>
>Here's my +1 (binding).
>
>Thanks,
>Devaraj.
>
>p.s. In the last day, Tom White has been added as a mentor, and
>Venkatesh Seetharam has been added in the list of initial committers.
>
>--------
>Knox Gateway Proposal
>
>Abstract
>
>Knox Gateway is a system that provides a single point of secure access
>for Apache Hadoop clusters.
>
>Proposal
>
>The Knox Gateway (³Gateway² or ³Knox²) is a system that provides a
>single point of authentication and access for Apache Hadoop services
>in a cluster. The goal is to simplify Hadoop security for both users
>(i.e. who access the cluster data and execute jobs) and operators
>(i.e. who control access and manage the cluster). The Gateway runs as
>a server (or cluster of servers) that serve one or more Hadoop
>clusters.
>
>Provide perimeter security to make Hadoop security setup easier
>Support authentication and token verification security scenarios
>Deliver users a single cluster end-point that aggregates capabilities
>for data and jobs
>Enable integration with enterprise and cloud identity management
>environments
>
>Background
>
>An Apache Hadoop cluster is presented to consumers as a loose
>collection of independent services. This makes it difficult for users
>to interact with Hadoop since each service maintains it¹s own method
>of access and security. As well, for operators, configuration and
>administration of a secure Hadoop cluster is a complex and many Hadoop
>clusters are insecure as a result.
>
>The goal of the project is to provide coverage for all existing Hadoop
>ecosystem projects. In addition, the project will be extensible to
>allow for new and/or proprietary Hadoop components without requiring
>changes to the gateway source code. The gateway is expected to run in
>a DMZ environment where it will provide controlled access to these
>Hadoop services. In this way Hadoop clusters can be protected by a
>firewall and only limited access provided through the firewall for the
>gateway. The authentication components of the gateway will be modular
>and extensible such that it can be integrated with existing security
>infrastructure.
>
>Rationale
>
>Organizations that are struggling with Hadoop cluster security result
>in a) running Hadoop without security or b) slowing adoption of
>Hadoop. The Gateway aims to provide perimeter security that integrates
>more easily into existing organizations¹ security infrastructure.
>Doing so will simplify security for these organizations and benefit
>all Hadoop stakeholders (i.e. users and operators). Additionally,
>making a dedicated perimeter security project part of the Apache
>Hadoop ecosystem will prevent fragmentation in this area and further
>increase the value of Hadoop as a data platform.
>
>Current Status
>
>Prototype available, developed by the list of initial committers.
>
>Meritocracy
>
>We desire to build a diverse developer community around Gateway
>following the Apache Way. We want to make the project open source and
>will encourage contributors from multiple organizations following the
>Apache meritocracy model.
>
>Community
>
>We hope to extend the user and developer base in the future and build
>a solid open source community around Gateway. Apache Hadoop has a
>large ecosystem of open source projects, each with a strong community
>of contributors. All project communities in this ecosystem have an
>opportunity to participate in the advancement of the Gateway project
>because ultimately, Gateway will enable the security capabilities of
>their project to be more enterprise friendly.
>
>Core Developers
>
>Gateway is currently being developed by several engineers from
>Hortonworks - Kevin Minder, Larry McCay, John Speidel, Tom Beerbower
>and Sumit Mohanty. All the engineers have deep expertise in
>middleware, security & identity systems and are quite familiar with
>the Hadoop ecosystem.
>
>Alignment
>
>The ASF is a natural host for Gateway given that it is already the
>home of Hadoop, Hive, Pig, HBase, Oozie and other emerging big data
>software projects. Gateway is designed to solve the security
>challenges familiar to the Hadoop ecosystem family of projects.
>
>Known Risks
>
>Orphaned products & Reliance on Salaried Developers
>
>The core developers plan to work full time on the project. We believe
>that this project will be of general interest to many Hadoop users and
>will attract a diverse set of contributors. We intend to demonstrate
>this by having contributors from several organizations recognized as
>committers by the time Knox graduates from incubation.
>
>Inexperience with Open Source
>
>All of the core developers are active users and followers of open
>source. As well, Hortonworks and the affiliated mentors have a strong
>heritage of success with contributions to Apache Hadoop Projects.
>
>Homogeneous Developers
>
>The current core developers are from Hortonworks, however, we hope to
>establish a developer community that includes contributors from
>several corporations.
>
>Reliance on Salaried Developers
>
>Currently, the developers are paid to do work on Gateway. However,
>once the project has a community built around it, we expect to get
>committers and developers from outside the current core developers.
>
>Relationships with Other Apache Products
>
>Gateway is going to be used by the users and operators of Hadoop, and
>the Hadoop ecosystem in general.
>
>A Excessive Fascination with the Apache Brand
>
>Our interest in developing Gateway in Apache project is to follow an
>established development model, as well since many of the Hadoop
>ecosystem projects also are part of Apache, Gateway will complement
>those projects by following the same development and contribution
>model.
>
>Documentation
>
>There is documentation in Hortonworks¹ internal repositories. These
>can be shared upon request and will be transferred into the Apache CM
>system if this proposal is accepted.
>
>Initial Source
>
>The current initial source can be found in a GitHub repository.
>https://github.com/hortonworks/knox.git
>
>Source and Intellectual Property Submission Plan
>
>The complete Gateway code is under Apache Software License 2.
>
>External Dependencies
>
>The Gateway dependencies are listed below, separated by Category A and
>Category B as defined in the Apache Third-Party Licensing Policy.
>Note: These are the direct dependencies. Indirect dependencies are not
>included.
>
>Category A Dependencies
>
>Apache Commons - ASLv2.0
>
>commons-io:commons-io#2.4
>commons-cli:commons-cli#1.2
>commons-codec:commons-codec#1.7
>org.apache.commons:commons-digester3#3.2
>org.apache.commons:commons-vfs2#2.0
>
>Apache Hadoop - ASLv2.0
>
>org.apache.hadoop:hadoop-auth#0.23.3
>org.apache.hadoop:hadoop-core#1.0.3
>
>Apache Geronimo - ASLv2.0
>
>org.apache.geronimo.components:geronimo-jaspi#2.0.0
>org.apache.geronimo.specs:geronimo-osgi-locator#1.1
>
>Apache Shiro - ASLv2.0
>
>org.apache.shiro:shiro-web#1.2.1
>
>ApacheDS - ASLv2.0
>
>org.apache.directory.server:apacheds-all#1.5.5
>
>Log4J - ASLv2.0
>
>log4j:log4j#1.2.17
>
>SL4J - MIT
>
>org.slf4j:slf4j-api#1.6.6
>org.slf4j:slf4j-log4j12#1.6.6
>
>Guava - ASLv2.0
>
>com.google.guava:guava#14.0-rc1
>
>HttpClient - ASLv2.0
>
>org.apache.httpcomponents:httpclient#4.2.1
>
>Jetty - ASLv2.0
>
>org.eclipse.jetty:jetty-server#8.1.7.v20120910
>org.eclipse.jetty:jetty-servlet#8.1.7.v20120910
>org.eclipse.jetty:jetty-webapp#8.1.7.v20120910
>org.eclipse.jetty:jetty-jaspi#8.1.7.v20120910
>org.eclipse.jetty.aggregate:jetty-all#8.1.7.v20120910
>org.eclipse.jetty:test-jetty-servlet#8.1.7.v20120910
>
>JBoss ShrinkWrap - ASLv2.0
>
>org.jboss.shrinkwrap:shrinkwrap-api#1.0.1
>org.jboss.shrinkwrap:shrinkwrap-impl-base#1.0.1
>org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-javaee#2.0.0-a
>lpha-4
>org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-javaee#2.0.0-
>alpha-4
>
>Category A Dependencies (Test)
>
>EasyMock - ASLv2.0
>
>org.easymock:easymock#3.0
>
>XML Matchers - ASLv2.0
>
>org.xmlmatchers:xml-matchers#0.10
>
>Hamcrest - BSDv3
>
>org.hamcrest:hamcrest-api#1.0
>org.hamcrest:hamcrest-core#1.2.1
>org.hamcrest:hamcrest-library#1.2.1
>
>JsonPath - ASLv2.0
>
>com.jayway.jsonpath:json-path#0.8.1
>com.jayway.jsonpath:json-path-assert#0.8.1
>
>XMLTool - ASLv2.0
>
>com.mycila.xmltool:xmltool#3.3
>
>REST-assured - ASLv2.0
>
>com.jayway.restassured:rest-assured#1.6.2
>
>Category B Dependencies
>
>Jersey - CDDLv1.1 or GPL2wCPE
>
>com.sun.jersey:jersey-server#1.14
>com.sun.jersey:jersey-servlet#1.14
>
>Jerico - EPLv1.0
>
>net.htmlparser.jericho:jericho-html#3.2
>
>Servlet - CDDLv1.0 or GPLv2
>
>javax.servlet:javax.servlet-api#3.0.1
>
>JUnit - CPLv1.0
>
>junit:junit#4.11
>
>Cryptography
>
>The Gateway uses cryptographic software indirectly as a result of
>having two dependencies: ApacheDS and Apache Shiro. Gateway does not
>include any special or custom cryptographic technologies.
>
>ApacheDS is an ASF project and has been classified Export Commodity
>Control Number (ECCN) 5D002.C.1 due to it¹s dependency on Bouncy
>Castle. More information on the ApacheDS classification can be found
>at 
>http://svn.apache.org/repos/asf/directory/apacheds/trunk/installers/README
>
>Apache Shiro is an ASF project and has been classified Export
>Commodity Control Number (ECCN) 5D002.C.1. More information on the
>Apache Shiro classification can be found at
>http://svn.apache.org/repos/asf/shiro/trunk/README
>
>Required Resources
>
>Mailing lists
>
>knox-dev AT incubator DOT apache DOT org knox-commits AT incubator DOT
>apache DOT org knox-user AT hms incubator apache DOT org knox-private
>AT incubator DOT apache DOT org
>
>Subversion Directory
>
>https://svn.apache.org/repos/asf/incubator/knox
>
>Issue Tracking
>
>JIRA Knox (KNOX)
>
>Initial Committers
>
>Kevin Minder (kevin DOT minder AT hortonworks DOT com)
>
>Larry McCay (lmccay AT hortonworks DOT com)
>
>John Speidel (jspeidel AT hortonworks DOT com)
>Tom Beerbower (tbeerbower AT hortonworks DOT com)
>Sumit Mohanty (smohanty AT hortonworks DOT com)
>Venkatesh Seetharam (venkatesh AT hortonworks DOT com)
>
>Affiliations
>
>Kevin Minder (Hortonworks)
>
>Larry McCay (Hortonworks)
>
>John Speidel (Hortonworks)
>Tom Beerbower (Hortonworks)
>Sumit Mohanty (Hortonworks)
>Venkatesh Seetharm (Hortonworks)
>Owen O'Malley (Hortonworks)
>Mahadev Konar (Hortonworks)
>Alan Gates (Hortonworks)
>Devaraj Das (Hortwonrks)
>Chris Douglas (Microsoft)
>Chris Mattmann (NASA)
>Tom White (Cloudera)
>
>Sponsors
>
>Champion
>
>Devaraj Das (ddas AT apache DOT org)
>
>Nominated Mentors
>
>Owen O¹Malley (omalley AT apache DOT org)
>Mahadev Konar (mahadev AT apache DOT org)
>Alan Gates (gates AT apache DOT org)
>Devaraj Das (ddas AT apache DOT org)
>Chris Douglas (cdouglas AT apache DOT org)
>Chris Mattmann (chris DOT a DOT mattmann AT jpl DOT nasa DOT gov)
>Tom White (tom DOT e DOT white AT gmail DOT com)
>
>Sponsoring Entity
>
>Incubator PMC
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message