hi Larry, thanks for sharing your thought
On Aug 3, 2013, at 7:02 PM, larry mccay wrote: > Greetings - > > I am considering the need for an authentication provider within an > incubator project called Knox based on Amber/Oltu for OAuth based access to > Hadoop clusters. > > Previous to the Knox project authenticating to Hadoop clusters was > relegated to Kerberos or Simple/Pseudo authentication. Which essentially > limited actual authentication to kerberos only. This has been a limited > integration option for enterprise authentication solutions and I believe > also a constraint of client types being introduced. > > Within Knox, a gateway is used to authenticate or federate tokens from > external IdPs and assert the incoming identity to the Hadoop cluster in a > way that is expected and understood by the Hadoop cluster. This is done > through authentication/federation providers that plug into the Knox gateway > as servlet filters. > > I'm interested in whether: > > a. anyone here can think of compelling usecases for using OAuth to > authenticate to Hadoop - either from the enterprise integration and > application perspective or from emerging mobile/android client applications this looks really like a uses case where OAuth can help.... > b. an Amber servlet filter plugged into the Knox gateway would be > appropriate to make Knox a resource provider or whether Knox would be > appropriate as a resource provider in the first place a servlet filter is definitely a valid entry point > c. it would be interesting to the Amber community to contribute such a > servlet filter to Knox and thus have an OAuth implementation that is > providing access to Hadoop clusters based on Amber such a resource server filter (while not fully complete) already exists in the Oltu codebase in [0] > > We would certainly be able to help in getting it plugged in as a provider > in the Knox infrastructure. > > I would love to see some relevant usecase and proposal for this on the Knox > dev list. this would be great! > This could potentially open up a whole new class of Hadoop client > application types. > Anyway, just a thought. > > Thanks for your work here and I wish you continued success with your > project! > regards antonio [0] https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/resourceserver-filter/ > Cheers, > > --larry
