[jira] [Commented] (HDFS-6134) Transparent data at rest encryption

Tue, 12 Aug 2014 12:11:42 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14094527#comment-14094527
 ] 

Sanjay Radia commented on HDFS-6134:
------------------------------------

bq. Regarding HAR, could you lay out the usecase ...
Alejandro summarize the problem and also the solution of modifying har in his 
comment of June 24th  
https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14042797&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14042797
Andrew you are missing one of the usage models of HAR: The user creating the 
har is not the only user accessing the har - har is a general tool used by an 
admin to compact files and replace the original.

I can think of at least the following  use cases so far :
* A subtree being har'ed has subtree that is EZ - some files in the har will be 
encrypted and some will not. The reader should be able to transparently read 
each of the two kinds 
* A subtree being har'ed is part of subtree that is EZ  - the whole har should 
be encrypted and transparently decrypted when its contents are read.
* A user har's a non-EZ subtree and copies it into a EZ  - should just work as 
you suggest the whole thing is encrypted and requires that the user has access 
to the keys to read the har.



> Transparent data at rest encryption
> -----------------------------------
>
>                 Key: HDFS-6134
>                 URL: https://issues.apache.org/jira/browse/HDFS-6134
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 3.0.0, 2.3.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Charles Lamb
>         Attachments: HDFS-6134.001.patch, HDFS-6134.002.patch, 
> HDFS-6134_test_plan.pdf, HDFSDataatRestEncryption.pdf, 
> HDFSDataatRestEncryptionProposal_obsolete.pdf, 
> HDFSEncryptionConceptualDesignProposal-2014-06-20.pdf
>
>
> Because of privacy and security regulations, for many industries, sensitive 
> data at rest must be in encrypted form. For example: the health­care industry 
> (HIPAA regulations), the card payment industry (PCI DSS regulations) or the 
> US government (FISMA regulations).
> This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can 
> be used transparently by any application accessing HDFS via Hadoop Filesystem 
> Java API, Hadoop libhdfs C library, or WebHDFS REST API.
> The resulting implementation should be able to be used in compliance with 
> different regulation requirements.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to