[
https://issues.apache.org/jira/browse/HADOOP-9796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kai Zheng updated HADOOP-9796:
------------------------------
Affects Version/s: (was: 3.0.0)
Fix Version/s: (was: 3.0.0)
> Pluggable TokenAuth framework and core facilities
> -------------------------------------------------
>
> Key: HADOOP-9796
> URL: https://issues.apache.org/jira/browse/HADOOP-9796
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Kai Zheng
>
> As discussed in HADOOP-9392, we're proposing a pluggable TokenAuth framework
> to abstract and address the requirements, goals and collaboration concerns
> already widely discussed in the JIRA with the design doc, and in community.
> In this JIRA, we'll:
> * Define the framework itself, and clarifies the key goals, properties, and
> facilities that this framework should meet with and provide. Most of the
> points have already been explained in HADOOP-9392 and the TokenAuth design
> doc. To collaborate with HSSO and more importantly to allow other solutions,
> TokenAuth itself is just defined as a framework with required APIs,
> protocols, flows, and facilities along with some simple implementations for
> related constructs, entities and even services. The framework is neutral, no
> vendor specific, and subject to be widely discussed and defined together as a
> common effort of community. As the most important key point, the framework
> should be pluggable in all the key places to allow certain solutions to
> employ their own product level implementations. Based on this framework,
> Rhino will come up HAS solution. The framework related discussions in high
> level aspects can be in this separate umbrella JIRA, and sub task JIRAs will
> be opened to address each aspect of the framework.
> * Define APIs for all the important entities and parties involved in
> TokenAuth framework.
> * Define important procedures and protocols, for example, the protocol
> between token authn client and server.
> * Implement this framework with the defined APIs, procedures and protocols.
> Meanwhile, leave pluggable extension points in key places for solutions to
> customize and implement with their own complicated mechanisms.
> * Initially, we have the following items for the framework. It’s to be
> complemented. Each of the items will be defined and discussed separately in
> corresponding subtask JIRA.
> ** Token definition and API;
> ** TokenAuthn method for Hadoop RPC;
> ** Authentication Service API;
> ** Identity Token Service API;
> ** Access Token Service API;
> ** Attribute Service API;
> ** Token authentication client;
> ** Token cache for TokenAuth;
> ** Common configuration for TokenAuth;
> ** Hadoop token command;
> ** Key Provider API;
> ** Web SSO for TokenAuth;
> ** REST SSO for TokenAuth;
> ** Auditing for TokenAuth;
> ** And etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
