[
https://issues.apache.org/jira/browse/HBASE-8660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13670918#comment-13670918
]
Andrew Purtell commented on HBASE-8660:
---------------------------------------
A couple of thoughts.
- Originally the REST gateway was packaged as a servlet. This was undone for
the Mavenization. However, the idea was authentication, security, and caching
are other layers in a RESTful architecture and so out of scope of a HBase REST
service. When setting up the servlet container the user can do whatever they
like. An all in one construction may be convenient but limiting in flexibility.
Maybe we can look at servlet packaging again.
- The threat model of the current REST gateway is of only trusted access,
within the perimeter. I don't think it can ever be a good idea to allow
uncontrolled untrusted user access directly to your datastore. Directly over
the Internet?? On the other hand, SPEGNO auth and user impersonation are great
ideas. It's limiting to have all access to the cluster via REST appear to come
from the service principal of the REST gateway. Those enhancements will be
really useful. Let's put some more thought into the threat model here though
and describe it explicitly.
- Within a trusted perimeter HTTPS is only added overhead of handshaking and
crypto, even more latency injected into an access method already burdened with
HTTP transaction overheads. It can be useful if the goal is mutual
authentication of gateway and service users. Otherwise this should be optional
for the above reason.
- I would expect that it will often (usually?) be the case that access control
and caching together are set up beyond the HBase REST gateway in a reverse
proxy tier.
> [rest] support secure REST access
> ---------------------------------
>
> Key: HBASE-8660
> URL: https://issues.apache.org/jira/browse/HBASE-8660
> Project: HBase
> Issue Type: Improvement
> Components: REST, security
> Reporter: Jimmy Xiang
>
> REST interface is accessed over http, which is most likely done from outside
> of a HBase cluster, perhaps over internet. It will be great if we can make
> it secure. To be secure, we need to:
> 1. authenticate the caller,
> 2. check authorization if needed,
> 3. make the connection secure (https)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
