Kai Zheng created HADOOP-9466:
---------------------------------
Summary: Unified authorization framework
Key: HADOOP-9466
URL: https://issues.apache.org/jira/browse/HADOOP-9466
Project: Hadoop Common
Issue Type: Improvement
Components: security
Reporter: Kai Zheng
Assignee: Kai Zheng
This is an umbrella entry for one of project Rhino’s goal, “common
authorization framework for the Hadoop ecosystem”. For details of project Rhino
and the goal, please refer to https://github.com/intel-hadoop/project-rhino/.
We’d like to start this work from Hadoop-Common, based on token based
authentication (HADOOP-9392), provide an unified and common authorization
framework as follows:
1. Abstract and extensible denote for authorization resources;
2. Unified authorization policy and configuration;
3. Unified and pluggable authorization enforcement engine;
4. Authorization trust transferring and management;
And based on this framework,
5. Role based access control;
6. Default implementation of service level authorization with backward
compatibility;
7. Extended file ACL for HDFS
As design considerations, we keep the following in mind:
1. Authorization enforcement is done with input policies and common
authentication token;
2. Authorization configuration and policy management is separated from
authorization enforcement;
3. Allows to support advanced authorization model, such as ABAC and XACML
standard;
4. Allows to support domain based authorization for multi-tenancy scenario;
5. Unified access control exception message for log.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
