Mailing-List: contact general-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: general@incubator.apache.org
Received-SPF: pass (nike.apache.org: domain of hitesh@hortonworks.com
 designates 209.85.210.53 as permitted sender)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Apple Message framework v1085)
Subject: Re: [VOTE] Accept Apache Knox Hadoop Gateway Project into the
 Incubator
From: Hitesh Shah <hitesh@hortonworks.com>
In-Reply-To: 
 <CAPzbcGTyFerERmasWE_Wgb0SW7WFHvW_T4hGK5A6qYPFH0Be4g@mail.gmail.com>
Date: Tue, 19 Feb 2013 11:43:54 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <124FFC37-2B58-4E84-9CBD-AA64EB8FD5BB@hortonworks.com>
References: 
 <CAPzbcGTyFerERmasWE_Wgb0SW7WFHvW_T4hGK5A6qYPFH0Be4g@mail.gmail.com>
To: general@incubator.apache.org

+1 ( non-binding )

-- Hitesh

On Feb 14, 2013, at 5:26 PM, Devaraj Das wrote:

> Hi Folks,
>=20
> Thanks for participating in the discussion. I'd like to call a VOTE
> for acceptance of Apache Knox Hadoop Gateway Project into the
> Incubator. The vote will close on Feb 21 at 6:00 p.m.
>=20
> [ ]  +1 Accept Apache Open Climate Workbench into the Incubator
> [ ]  +0 Don't care.
> [ ]  -1 Don't accept Apache Open Climate Workbench into the Incubator =
because...
>=20
> Full proposal is pasted at the bottom of this email, and the
> corresponding wiki is http://wiki.apache.org/incubator/knox. Only
> VOTEs from Incubator PMC members are binding.
>=20
> Here's my +1 (binding).
>=20
> Thanks,
> Devaraj.
>=20
> p.s. In the last day, Tom White has been added as a mentor, and
> Venkatesh Seetharam has been added in the list of initial committers.
>=20
> --------
> Knox Gateway Proposal
>=20
> Abstract
>=20
> Knox Gateway is a system that provides a single point of secure access
> for Apache Hadoop clusters.
>=20
> Proposal
>=20
> The Knox Gateway (=93Gateway=94 or =93Knox=94) is a system that =
provides a
> single point of authentication and access for Apache Hadoop services
> in a cluster. The goal is to simplify Hadoop security for both users
> (i.e. who access the cluster data and execute jobs) and operators
> (i.e. who control access and manage the cluster). The Gateway runs as
> a server (or cluster of servers) that serve one or more Hadoop
> clusters.
>=20
> Provide perimeter security to make Hadoop security setup easier
> Support authentication and token verification security scenarios
> Deliver users a single cluster end-point that aggregates capabilities
> for data and jobs
> Enable integration with enterprise and cloud identity management =
environments
>=20
> Background
>=20
> An Apache Hadoop cluster is presented to consumers as a loose
> collection of independent services. This makes it difficult for users
> to interact with Hadoop since each service maintains it=92s own method
> of access and security. As well, for operators, configuration and
> administration of a secure Hadoop cluster is a complex and many Hadoop
> clusters are insecure as a result.
>=20
> The goal of the project is to provide coverage for all existing Hadoop
> ecosystem projects. In addition, the project will be extensible to
> allow for new and/or proprietary Hadoop components without requiring
> changes to the gateway source code. The gateway is expected to run in
> a DMZ environment where it will provide controlled access to these
> Hadoop services. In this way Hadoop clusters can be protected by a
> firewall and only limited access provided through the firewall for the
> gateway. The authentication components of the gateway will be modular
> and extensible such that it can be integrated with existing security
> infrastructure.
>=20
> Rationale
>=20
> Organizations that are struggling with Hadoop cluster security result
> in a) running Hadoop without security or b) slowing adoption of
> Hadoop. The Gateway aims to provide perimeter security that integrates
> more easily into existing organizations=92 security infrastructure.
> Doing so will simplify security for these organizations and benefit
> all Hadoop stakeholders (i.e. users and operators). Additionally,
> making a dedicated perimeter security project part of the Apache
> Hadoop ecosystem will prevent fragmentation in this area and further
> increase the value of Hadoop as a data platform.
>=20
> Current Status
>=20
> Prototype available, developed by the list of initial committers.
>=20
> Meritocracy
>=20
> We desire to build a diverse developer community around Gateway
> following the Apache Way. We want to make the project open source and
> will encourage contributors from multiple organizations following the
> Apache meritocracy model.
>=20
> Community
>=20
> We hope to extend the user and developer base in the future and build
> a solid open source community around Gateway. Apache Hadoop has a
> large ecosystem of open source projects, each with a strong community
> of contributors. All project communities in this ecosystem have an
> opportunity to participate in the advancement of the Gateway project
> because ultimately, Gateway will enable the security capabilities of
> their project to be more enterprise friendly.
>=20
> Core Developers
>=20
> Gateway is currently being developed by several engineers from
> Hortonworks - Kevin Minder, Larry McCay, John Speidel, Tom Beerbower
> and Sumit Mohanty. All the engineers have deep expertise in
> middleware, security & identity systems and are quite familiar with
> the Hadoop ecosystem.
>=20
> Alignment
>=20
> The ASF is a natural host for Gateway given that it is already the
> home of Hadoop, Hive, Pig, HBase, Oozie and other emerging big data
> software projects. Gateway is designed to solve the security
> challenges familiar to the Hadoop ecosystem family of projects.
>=20
> Known Risks
>=20
> Orphaned products & Reliance on Salaried Developers
>=20
> The core developers plan to work full time on the project. We believe
> that this project will be of general interest to many Hadoop users and
> will attract a diverse set of contributors. We intend to demonstrate
> this by having contributors from several organizations recognized as
> committers by the time Knox graduates from incubation.
>=20
> Inexperience with Open Source
>=20
> All of the core developers are active users and followers of open
> source. As well, Hortonworks and the affiliated mentors have a strong
> heritage of success with contributions to Apache Hadoop Projects.
>=20
> Homogeneous Developers
>=20
> The current core developers are from Hortonworks, however, we hope to
> establish a developer community that includes contributors from
> several corporations.
>=20
> Reliance on Salaried Developers
>=20
> Currently, the developers are paid to do work on Gateway. However,
> once the project has a community built around it, we expect to get
> committers and developers from outside the current core developers.
>=20
> Relationships with Other Apache Products
>=20
> Gateway is going to be used by the users and operators of Hadoop, and
> the Hadoop ecosystem in general.
>=20
> A Excessive Fascination with the Apache Brand
>=20
> Our interest in developing Gateway in Apache project is to follow an
> established development model, as well since many of the Hadoop
> ecosystem projects also are part of Apache, Gateway will complement
> those projects by following the same development and contribution
> model.
>=20
> Documentation
>=20
> There is documentation in Hortonworks=92 internal repositories. These
> can be shared upon request and will be transferred into the Apache CM
> system if this proposal is accepted.
>=20
> Initial Source
>=20
> The current initial source can be found in a GitHub repository.
> https://github.com/hortonworks/knox.git
>=20
> Source and Intellectual Property Submission Plan
>=20
> The complete Gateway code is under Apache Software License 2.
>=20
> External Dependencies
>=20
> The Gateway dependencies are listed below, separated by Category A and
> Category B as defined in the Apache Third-Party Licensing Policy.
> Note: These are the direct dependencies. Indirect dependencies are not
> included.
>=20
> Category A Dependencies
>=20
> Apache Commons - ASLv2.0
>=20
> commons-io:commons-io#2.4
> commons-cli:commons-cli#1.2
> commons-codec:commons-codec#1.7
> org.apache.commons:commons-digester3#3.2
> org.apache.commons:commons-vfs2#2.0
>=20
> Apache Hadoop - ASLv2.0
>=20
> org.apache.hadoop:hadoop-auth#0.23.3
> org.apache.hadoop:hadoop-core#1.0.3
>=20
> Apache Geronimo - ASLv2.0
>=20
> org.apache.geronimo.components:geronimo-jaspi#2.0.0
> org.apache.geronimo.specs:geronimo-osgi-locator#1.1
>=20
> Apache Shiro - ASLv2.0
>=20
> org.apache.shiro:shiro-web#1.2.1
>=20
> ApacheDS - ASLv2.0
>=20
> org.apache.directory.server:apacheds-all#1.5.5
>=20
> Log4J - ASLv2.0
>=20
> log4j:log4j#1.2.17
>=20
> SL4J - MIT
>=20
> org.slf4j:slf4j-api#1.6.6
> org.slf4j:slf4j-log4j12#1.6.6
>=20
> Guava - ASLv2.0
>=20
> com.google.guava:guava#14.0-rc1
>=20
> HttpClient - ASLv2.0
>=20
> org.apache.httpcomponents:httpclient#4.2.1
>=20
> Jetty - ASLv2.0
>=20
> org.eclipse.jetty:jetty-server#8.1.7.v20120910
> org.eclipse.jetty:jetty-servlet#8.1.7.v20120910
> org.eclipse.jetty:jetty-webapp#8.1.7.v20120910
> org.eclipse.jetty:jetty-jaspi#8.1.7.v20120910
> org.eclipse.jetty.aggregate:jetty-all#8.1.7.v20120910
> org.eclipse.jetty:test-jetty-servlet#8.1.7.v20120910
>=20
> JBoss ShrinkWrap - ASLv2.0
>=20
> org.jboss.shrinkwrap:shrinkwrap-api#1.0.1
> org.jboss.shrinkwrap:shrinkwrap-impl-base#1.0.1
> =
org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-javaee#2.0.0-a=
lpha-4
> =
org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-javaee#2.0.0-=
alpha-4
>=20
> Category A Dependencies (Test)
>=20
> EasyMock - ASLv2.0
>=20
> org.easymock:easymock#3.0
>=20
> XML Matchers - ASLv2.0
>=20
> org.xmlmatchers:xml-matchers#0.10
>=20
> Hamcrest - BSDv3
>=20
> org.hamcrest:hamcrest-api#1.0
> org.hamcrest:hamcrest-core#1.2.1
> org.hamcrest:hamcrest-library#1.2.1
>=20
> JsonPath - ASLv2.0
>=20
> com.jayway.jsonpath:json-path#0.8.1
> com.jayway.jsonpath:json-path-assert#0.8.1
>=20
> XMLTool - ASLv2.0
>=20
> com.mycila.xmltool:xmltool#3.3
>=20
> REST-assured - ASLv2.0
>=20
> com.jayway.restassured:rest-assured#1.6.2
>=20
> Category B Dependencies
>=20
> Jersey - CDDLv1.1 or GPL2wCPE
>=20
> com.sun.jersey:jersey-server#1.14
> com.sun.jersey:jersey-servlet#1.14
>=20
> Jerico - EPLv1.0
>=20
> net.htmlparser.jericho:jericho-html#3.2
>=20
> Servlet - CDDLv1.0 or GPLv2
>=20
> javax.servlet:javax.servlet-api#3.0.1
>=20
> JUnit - CPLv1.0
>=20
> junit:junit#4.11
>=20
> Cryptography
>=20
> The Gateway uses cryptographic software indirectly as a result of
> having two dependencies: ApacheDS and Apache Shiro. Gateway does not
> include any special or custom cryptographic technologies.
>=20
> ApacheDS is an ASF project and has been classified Export Commodity
> Control Number (ECCN) 5D002.C.1 due to it=92s dependency on Bouncy
> Castle. More information on the ApacheDS classification can be found
> at =
http://svn.apache.org/repos/asf/directory/apacheds/trunk/installers/README=

>=20
> Apache Shiro is an ASF project and has been classified Export
> Commodity Control Number (ECCN) 5D002.C.1. More information on the
> Apache Shiro classification can be found at
> http://svn.apache.org/repos/asf/shiro/trunk/README
>=20
> Required Resources
>=20
> Mailing lists
>=20
> knox-dev AT incubator DOT apache DOT org knox-commits AT incubator DOT
> apache DOT org knox-user AT hms incubator apache DOT org knox-private
> AT incubator DOT apache DOT org
>=20
> Subversion Directory
>=20
> https://svn.apache.org/repos/asf/incubator/knox
>=20
> Issue Tracking
>=20
> JIRA Knox (KNOX)
>=20
> Initial Committers
>=20
> Kevin Minder (kevin DOT minder AT hortonworks DOT com)
>=20
> Larry McCay (lmccay AT hortonworks DOT com)
>=20
> John Speidel (jspeidel AT hortonworks DOT com)
> Tom Beerbower (tbeerbower AT hortonworks DOT com)
> Sumit Mohanty (smohanty AT hortonworks DOT com)
> Venkatesh Seetharam (venkatesh AT hortonworks DOT com)
>=20
> Affiliations
>=20
> Kevin Minder (Hortonworks)
>=20
> Larry McCay (Hortonworks)
>=20
> John Speidel (Hortonworks)
> Tom Beerbower (Hortonworks)
> Sumit Mohanty (Hortonworks)
> Venkatesh Seetharm (Hortonworks)
> Owen O'Malley (Hortonworks)
> Mahadev Konar (Hortonworks)
> Alan Gates (Hortonworks)
> Devaraj Das (Hortwonrks)
> Chris Douglas (Microsoft)
> Chris Mattmann (NASA)
> Tom White (Cloudera)
>=20
> Sponsors
>=20
> Champion
>=20
> Devaraj Das (ddas AT apache DOT org)
>=20
> Nominated Mentors
>=20
> Owen O=92Malley (omalley AT apache DOT org)
> Mahadev Konar (mahadev AT apache DOT org)
> Alan Gates (gates AT apache DOT org)
> Devaraj Das (ddas AT apache DOT org)
> Chris Douglas (cdouglas AT apache DOT org)
> Chris Mattmann (chris DOT a DOT mattmann AT jpl DOT nasa DOT gov)
> Tom White (tom DOT e DOT white AT gmail DOT com)
>=20
> Sponsoring Entity
>=20
> Incubator PMC
>=20
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>=20


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org