[jira] [Commented] (HBASE-6222) Add per-KeyValue Security

Lars George (JIRA) Mon, 18 Jun 2012 13:05:44 -0700

    [ 
https://issues.apache.org/jira/browse/HBASE-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13396197#comment-13396197
 ]


Lars George commented on HBASE-6222:
------------------------------------

A comparable concept in the RDBMS world is Oracle's label security:

http://www.oracle.com/us/products/database/options/label-security/overview/index.html

This is much more involved as it has labels, departments, and so on. It also 
combines default labels with runtime ones, making up the actual value to check 
against. The data labels are stored in a hidden column in the table and is for 
the entire row.

Accumulo stores the labels with the policy in each KV, for example "A&B&(D|E)". 
The system level filter evaluates the labels and compares them to the actual 
authorization details of the user. It then let's the user access the data or 
not. So this is simpler compared to OLS.

I was thinking that adding "tags" is the actual support feature to enable the 
same functionality. Then we need a coprocessor to apply the rules. The part we 
do not have here is the authorization against the labels. The labels in 
Accumulo are created ad-hoc, which means we would need to attach the user 
authorization in the ACL table, but that can be cached. 
                
> Add per-KeyValue Security
> -------------------------
>
>                 Key: HBASE-6222
>                 URL: https://issues.apache.org/jira/browse/HBASE-6222
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>            Reporter: stack
>
> Saw an interesting article: 
> http://www.fiercegovernmentit.com/story/sasc-accumulo-language-pro-open-source-say-proponents/2012-06-14
> "The  Senate Armed Services Committee version of the fiscal 2013 national 
> defense authorization act (S. 3254) would require DoD agencies to foreswear 
> the Accumulo NoSQL database after Sept. 30, 2013, unless the DoD CIO 
> certifies that there exists either no viable commercial open source database 
> with security features comparable to [Accumulo] (such as the HBase or 
> Cassandra databases)..."
> Not sure what a 'commercial open source database' is, and I'm not sure whats 
> going on in the article, but tra-la-la'ing, if we had per-KeyValue 'security' 
> like Accumulo's, we might put ourselves in the running for federal 
> contributions?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HBASE-6222) Add per-KeyValue Security

Reply via email to