[jira] [Commented] (HADOOP-10528) A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)

Tue, 22 Apr 2014 17:45:13 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977674#comment-13977674
 ] 

Larry McCay commented on HADOOP-10528:
--------------------------------------

[~apurtell] I regret that you read my comments as dismissive and disappointing. 
I certainly don't want to come across as dismissive of what looks like a good 
amount of work. What I was hoping to do is get a sense for what the Token 
aspect of this provider is and help determine how it fits into the existing 
KeyProvider API.

As for your characterization of that work, it seems to me that a common need 
was identified across multiple projects. It was started and continues to evolve 
to meet the needs of its consumers. It would be perfectly reasonable for the 
needs represented in this jira to inform further evolution in the KeyProvider 
API and KMS work.

Cross cutting concerns such as these types of security efforts are difficult 
and I can fully appreciate the frustration there.

> A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-10528
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10528
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: howie yu
>         Attachments: HADOOP-10528.patch
>
>
> This is a key provider based on HADOOP-9331. HADOOP-9331 has designed a 
> complete Hadoop crypto codec framework, but the key can only be retrieved 
> from a local Java KeyStore file. To the convenience, we design a Centralized 
> Key Manager Server (BEE: bee-key-manager) and user can use this 
> TokenKeyProvider to retrieve keys from the Centralized Key Manager Server. By 
> the way, to secure the key exchange, we leverage HTTPS + SPNego/SASL to 
> protect the key exchange. To the detail design and usage, please refer to 
> https://github.com/trendmicro/BEE. 
> Moreover, there are still much more requests about Hadoop Data Encryption 
> (such as provide standalone module, support KMIP...etc.), if anyone has 
> interested in those features, pleas let us know. 
>  
> Ps. Because this patch based on HADOOP-9331, please use patch HADOOP-9333, 
> and HADOOP-9332 and before use our patch HADOOP-10528.patch.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to