Kai Zheng created HADOOP-9392:
---------------------------------
Summary: Token based authentication and Single Sign On
Key: HADOOP-9392
URL: https://issues.apache.org/jira/browse/HADOOP-9392
Project: Hadoop Common
Issue Type: New Feature
Components: security
Reporter: Kai Zheng
Fix For: 3.0.0
This is an umbrella entry for one of project Rhino’s topic, for details of
project Rhino, please refer to https://github.com/intel-hadoop/project-rhino/.
The major goal for this entry as described in project Rhino was
“Core, HDFS, ZooKeeper, and HBase currently support Kerberos authentication at
the RPC layer, via SASL. However this does not provide valuable attributes such
as group membership, classification level, organizational identity, or support
for user defined attributes. Hadoop components must interrogate external
resources for discovering these attributes and at scale this is problematic.
There is also no consistent delegation model. HDFS has a simple delegation
capability, and only Oozie can take limited advantage of it. We will implement
a common token based authentication framework to decouple internal user and
service authentication from external mechanisms used to support it (like
Kerberos)”
We’d like to start our work from Hadoop-Common and try to provide common
facilities by extending existing authentication framework which support:
1. Pluggable token provider interface
2. Pluggable token verification protocol and interface
3. Security mechanism to distribute secrets in cluster nodes
4. Delegation model of user authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
