I haven't looked into the proposal, but a meta comment:
I don't think there is a real reason for Hadoop to favor this design or
only stay with HADOOP-4343 or another proposal at this state. It is
healthy if we have different designs and implementation proceed
independently. If you are willing to, I think you should proceed with a
prototype so that others interested can play with. This is true not just
for this feature, but many others as well.
This of course should not discourage others from reviewing your design.
Raghu.
Amandeep Khurana wrote:
Bouncing the thread... Waiting to hear from people about the proposal.
Amandeep Khurana
Computer Science Graduate Student
University of California, Santa Cruz
On Fri, Mar 20, 2009 at 2:47 PM, Amandeep Khurana <ama...@gmail.com> wrote:
1. The Jira covers only authentication using Kerberos. I dont think
Kerberos is the best way to do it since I feel the scalability is limited.
All keys have to be negotiated by the Kerberos server. The design in the
paper has a little different protocol for authentication.
2. The Jira doesnt have cover the access control aspect of things. As a
client, I can skip talking to the NN and get blocks from the DN straight
away. There is no way to prevent it. This paper takes care of that aspect as
well.
Amandeep Khurana
Computer Science Graduate Student
University of California, Santa Cruz
On Fri, Mar 20, 2009 at 12:54 PM, Doug Cutting <cutt...@apache.org> wrote:
Amandeep Khurana wrote:
http://www.soe.ucsc.edu/~akhurana/Hadoop_Security.pdf<http://www.soe.ucsc.edu/%7Eakhurana/Hadoop_Security.pdf>
How does this relate to the current proposal in Jira?
https://issues.apache.org/jira/browse/HADOOP-4343
Doug
