[
https://issues.apache.org/jira/browse/HADOOP-9671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747079#comment-13747079
]
Sanjay Radia commented on HADOOP-9671:
--------------------------------------
Kai, thanks for you comment.
Wrt to your use cases - some of them are not use cases but a design choice.
For example item 1 "Users can authenticate using their own domain specific
identity and receive an opaque token..." is an particular design choice (a
good choice). Items 2 and 5 are requirements or goals. Use cases can be derived
from 3 and 4.
Let me update the use cases with what I can extract from your comments. I will
also try and generalize U2, U3, U4 and use them as variations of common use
case. I suspect you are after the use case that says that there are many "base"
authentication providers and that they all can be used with approriate plugins.
Will get back to you on the rest of your comment after I finish digesting them.
Can you please expand on your constraint:
bq. Hadoop should only need to understand the common token and the new
authentication method instead of concrete authentication mechanism
I assume that "common token" is the one issued by the newly proposed Hadoop
Authentication Server (HAS). Do you mean that we need to replace the delegation
token and the blocks tokens with it? What is are the "new authentication
method" and the "concrete authentication method"?
> Improve Hadoop security - Use cases, Threat Model and Problems
> --------------------------------------------------------------
>
> Key: HADOOP-9671
> URL: https://issues.apache.org/jira/browse/HADOOP-9671
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Sanjay Radia
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
