Greetings - I am considering the need for an authentication provider within an incubator project called Knox based on Amber/Oltu for OAuth based access to Hadoop clusters.
Previous to the Knox project authenticating to Hadoop clusters was relegated to Kerberos or Simple/Pseudo authentication. Which essentially limited actual authentication to kerberos only. This has been a limited integration option for enterprise authentication solutions and I believe also a constraint of client types being introduced. Within Knox, a gateway is used to authenticate or federate tokens from external IdPs and assert the incoming identity to the Hadoop cluster in a way that is expected and understood by the Hadoop cluster. This is done through authentication/federation providers that plug into the Knox gateway as servlet filters. I'm interested in whether: a. anyone here can think of compelling usecases for using OAuth to authenticate to Hadoop - either from the enterprise integration and application perspective or from emerging mobile/android client applications b. an Amber servlet filter plugged into the Knox gateway would be appropriate to make Knox a resource provider or whether Knox would be appropriate as a resource provider in the first place c. it would be interesting to the Amber community to contribute such a servlet filter to Knox and thus have an OAuth implementation that is providing access to Hadoop clusters based on Amber We would certainly be able to help in getting it plugged in as a provider in the Knox infrastructure. I would love to see some relevant usecase and proposal for this on the Knox dev list. This could potentially open up a whole new class of Hadoop client application types. Anyway, just a thought. Thanks for your work here and I wish you continued success with your project! Cheers, --larry
