> > > On 3/20/09 2:47 PM, "Amandeep Khurana" <ama...@gmail.com> wrote: > > > > > 2. The Jira doesnt have cover the access control aspect of things. As a > > client, I can skip talking to the NN and get blocks from the DN straight > > away. There is no way to prevent it. This paper takes care of that aspect > as > > well. > > > > Have you looked at HADOOP-4359? In that JIRA, we discussed the idea of > using > public-key signed capabilities and dismissed it in favor of symmetric-key > based capabilities. That said, you're welcome to explore the public-key > idea > further.
Yes, I read through that. The issue with that approach is that the moment a single DN gets compromised somehow (which isnt a big deal in a big system containing 1000s of nodes), the symmetric key gets exposed and the entire system is compromised. The whole idea of asymmetric key crypto is to allow only a single authorized prinicipal to sign stuff. > Kan > >
