[ https://issues.apache.org/jira/browse/HADOOP-9671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747079#comment-13747079 ]
Sanjay Radia commented on HADOOP-9671: -------------------------------------- Kai, thanks for you comment. Wrt to your use cases - some of them are not use cases but a design choice. For example item 1 "Users can authenticate using their own domain specific identity and receive an opaque token..." is an particular design choice (a good choice). Items 2 and 5 are requirements or goals. Use cases can be derived from 3 and 4. Let me update the use cases with what I can extract from your comments. I will also try and generalize U2, U3, U4 and use them as variations of common use case. I suspect you are after the use case that says that there are many "base" authentication providers and that they all can be used with approriate plugins. Will get back to you on the rest of your comment after I finish digesting them. Can you please expand on your constraint: bq. Hadoop should only need to understand the common token and the new authentication method instead of concrete authentication mechanism I assume that "common token" is the one issued by the newly proposed Hadoop Authentication Server (HAS). Do you mean that we need to replace the delegation token and the blocks tokens with it? What is are the "new authentication method" and the "concrete authentication method"? > Improve Hadoop security - Use cases, Threat Model and Problems > -------------------------------------------------------------- > > Key: HADOOP-9671 > URL: https://issues.apache.org/jira/browse/HADOOP-9671 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Sanjay Radia > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira