[
https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14043836#comment-14043836
]
Owen O'Malley commented on HDFS-6134:
-------------------------------------
Todd, it is *still* transparent encryption if you use cfs:// instead of
hdfs://. The important piece is that the application doesn't need to change to
access the decrypted storage.
My problem is by refusing to layer the change over the storage layer, this jira
is making much disruptive and unnecessary changes to the critical
infrastructure and its API.
NSE is whole disk encryption and is equivalent to using lm-crypt to encrypt the
block files. That level of encryption is always very transparent and is already
available in HDFS without a code change.
Aaron, I can't do a meeting tomorrow afternoon. How about tomorrow morning? Say
10am-noon?
> Transparent data at rest encryption
> -----------------------------------
>
> Key: HDFS-6134
> URL: https://issues.apache.org/jira/browse/HDFS-6134
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.3.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HDFSDataatRestEncryptionProposal_obsolete.pdf,
> HDFSEncryptionConceptualDesignProposal-2014-06-20.pdf
>
>
> Because of privacy and security regulations, for many industries, sensitive
> data at rest must be in encrypted form. For example: the healthÂcare industry
> (HIPAA regulations), the card payment industry (PCI DSS regulations) or the
> US government (FISMA regulations).
> This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can
> be used transparently by any application accessing HDFS via Hadoop Filesystem
> Java API, Hadoop libhdfs C library, or WebHDFS REST API.
> The resulting implementation should be able to be used in compliance with
> different regulation requirements.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
