[jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API

Wed, 25 May 2016 16:49:02 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15301149#comment-15301149
 ] 

Xiao Chen commented on HADOOP-10720:
------------------------------------

Hi [~tucu00] and [~asuresh],
Thank you very much for the nice feature and great discussions on adding this.

I have 1 question:
Since the client side has {{encKeyVersionQueue}} to protect the KMS server, 
when generating EEKs most requests doesn't reach the KMS server. The ACLs 
however, are on KMS server side only. How could the ACL's be checked in the 
cached case?

Thanks!

> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10720
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10720
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>             Fix For: 2.6.0
>
>         Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, 
> COMBO.patch, HADOOP-10720-10750.COMBO.patch, HADOOP-10720.1.patch, 
> HADOOP-10720.10.patch, HADOOP-10720.11.patch, HADOOP-10720.12.patch, 
> HADOOP-10720.13.patch, HADOOP-10720.14.patch, HADOOP-10720.15.patch, 
> HADOOP-10720.16.patch, HADOOP-10720.17.patch, HADOOP-10720.18.patch, 
> HADOOP-10720.19.patch, HADOOP-10720.2.patch, HADOOP-10720.20.patch, 
> HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.5.patch, 
> HADOOP-10720.6.patch, HADOOP-10720.7.patch, HADOOP-10720.8.patch, 
> HADOOP-10720.9.patch, HADOOP-10720.patch, HADOOP-10720.patch, 
> HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and 
> decrypting them via the REST API being introduced by HADOOP-10719.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to