[
https://issues.apache.org/jira/browse/HADOOP-9621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15126426#comment-15126426
]
Larry McCay commented on HADOOP-9621:
-------------------------------------
I can look into top converting it.
Couple questions first:
1. would it be better in wiki (I believe there is a plantuml plugin too)?
2. if so, could we still put a link in the navigation bar of the site that
points to the wiki?
3. if not, how would we like to link it from the Hadoop site navigation bar - I
assume it would be a top level and standalone set of docs and not part of any
other part of the security docs.
> Document/analyze current Hadoop security model
> ----------------------------------------------
>
> Key: HADOOP-9621
> URL: https://issues.apache.org/jira/browse/HADOOP-9621
> Project: Hadoop Common
> Issue Type: Task
> Components: security
> Reporter: Brian Swan
> Priority: Minor
> Labels: documentation
> Attachments: HadoopSecurityAnalysis-20130612.pdf,
> HadoopSecurityAnalysis-20130614.pdf, HadoopSecurityAnalysis-20130624.pdf,
> ThreatsforToken-basedAuthN-20130619.pdf
>
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> In light of the proposed changes to Hadoop security in Hadoop-9533 and
> Hadoop-9392, having a common, detailed understanding (in the form of a
> document) of the benefits/drawbacks of the current security model and how it
> works would be useful. The document should address all security principals,
> their authentication mechanisms, and handling of shared secrets through the
> lens of the following principles: Minimize attack surface area, Establish
> secure defaults, Principle of Least privilege, Principle of Defense in depth,
> Fail securely, Don’t trust services, Separation of duties, Avoid security by
> obscurity, Keep security simple, Fix security issues correctly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
