I browsed the code and documentation, here some notes and questions: Was the HAS developed as open source project in public? In readme I see some links to github.com/intel-bigdata/has but that only gives 404.
Are all the contributors already ASF committers or have an ICLA on file? Otherwise I'm afraid IP clearance is required. Dependencies: * MySQL JDBC driver is GPLv2 which is not compatible with Apache. (alternative: Drizzle JDBC) * Some dependencies (Jersey, Glassfish) are CDDL licensed which is not compatible with Apache. (alternatives: CXF, Geronimo) * For some dependencies I cannot find a license: com.aliyun:aliyun-java-sdk-core and com.aliyun:aliyun-java-sdk-ram Plugins, especially "RAM": * What does "RAM" mean? * The RAM plugin is not included but tests and default config seem to require it. Classes org.apache.hadoop.has.plugins.client.aliyun.AliyunHasClientPlugin and org.apache.hadoop.has.plugins.server.aliyun.AliyunHasServerPlugin are not available. Will those also be contributed? * There is no other (default) implementation of HasClientPlugin. Is the project still already usable? Or is it only a framework and more development effort is requried to implement the plugins? Hadoop or Kerby/Directory: * The project name includes Hadoop, the Maven groupId is org.apache.hadoop, Java package names are org.apache.hadoop.has. Was it planned to contribute this to Hadoop? Or does it make more sense to contribute it to Hadoop directly? * On the other hand it seems to be also useful otherwise, like to configure Kerby KDC via REST and to be able to plugin other authentication providers, am I right? Then it totally makes sense to include it into Kerby. But in that case I'd suggest to change the names. Kind Regards, Stefan On 11/24/2017 04:30 AM, Li, Jiajia wrote: > Hi all, > > I would like to post a proposal about merging a new project HAS (Hadoop > Authentication Service) to Apache Kerby. HAS is led by Intel and Alibaba, it > is a solution to support the authentication of open source big data ecosystem > in cloud computing platforms. I've created a new branch "has-project" in > Kerby, HAS is under "has" folder. Please look at > https://github.com/apache/directory-kerby/tree/has-project/has for details. > > Background and motivation: > At present, the open source big data ecosystems (Hadoop/Spark) only has the > built-in Kerberos support on the security authentication. HAS aims to build a > standalone authentication service for the big data ecosystem that simplifies > the support of Kerberos and allows to use more authentication methods. > > Targets users: > HAS supports various authentication mechanisms other than just Kerberos, and > it provides a new authentication mechanism can be easy customized and plugin > with existing user authentication and authorization system, and security > admins won't have to migrate and sync up their user accounts to Kerberos back > and forth. > > Architecture & Design: > HAS provides a new authentication mechanism ("Kerberos-based token > authentication"), depending on the "TokenPreauth" provided by Apache Kerby. > Please look at > https://github.com/apache/directory-kerby/blob/has-project/has/README.md for > details. > > Features: > 1. Provides new authentication mechanism plugin APIs to customize and > plugin with existing user authentication and authorization system. Please > look at > https://github.com/apache/directory-kerby/blob/has-project/has/README.md for > details. > 2. Provides lots of REST APIs and facility tools to simplify the support > of Kerberos. Kerberos is essentially a protocol, or secure channel, doesn't > have to be that complex to users. Please look at > https://github.com/apache/directory-kerby/blob/has-project/has/doc/rest-api.md > for details. > 3. Provides MySQL backend for High Availability. Please look at > https://github.com/apache/directory-kerby/blob/has-project/has/doc/mysql-backend.md > for details. > 4. New authentication mechanism now supports most of the components of > open source big data ecosystem with little or no changes to components, > including HDFS, HBase, Zookeeper, Hive, Spark.... Please look at > https://github.com/apache/directory-kerby/tree/has-project/has/supports for > details. > > Practice > This solution has been deployed in Alibaba Cloud E-MapReduce production. > > Why to merge? > HAS provides a complete Hadoop/Spark authentication framework and solution > based on Kerberos, HAS can help to upgrade Kerby KDC, make it more solid and > stronger. And if HAS can be merged to Apache Kerby, community will help HAS > grow faster and users can more easily using this solution in their own > production. We have two suggestions about how to merge: > - Option1: > Create a standalone module "kerby-has", putting HAS project under this module. > - Option2: > Suggest replacing kerby-kdc module with HAS, upgrade the Kerby KDC. > > Contributors: > Jiajia, Li (Intel) > Lin, Zeng (Intel) > Zhiqiang, Zhang (Intel) > Kai, Zheng (Intel) > Wei, Wu (Alibaba) > Jun, Song (Alibaba) > Long, Cao (Alibaba) > Zhenyuan, Wei (Alibaba) > > Your review efforts are truly appreciated, please feel free to provide us > your feedback. > > Regards, > Jiajia > > > >
