[jira] [Commented] (OOZIE-249) GH-332: Authentication module for oozie

Fri, 09 Sep 2011 19:21:34 -0700 

    [ 
https://issues.apache.org/jira/browse/OOZIE-249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101736#comment-13101736
 ] 

Hadoop QA commented on OOZIE-249:
---------------------------------

anew remarked:
Alejandro,

I am coming back to your earlier comment:

   * ...the WF schema does not care of what goes in the extension schema, so 
changes in the extension schema do not affect the WF schema. That is the whole 
point of using extensions.  

Strictly speaking, that means the schema for actions should also be in a 
separate xsd, because the workflow schema does not change if the action schema 
changes, right?

The question here is, what do you consider an "extension"? It seems that using 
schema extensions makes most sense if the extension is defined by a third party 
(that is not under control of the party that defines the main schema). And in 
that case, the schema extension should be accompanied by a library that knows 
how to parse the extension, and provides a well-defined API to interact with 
it. 

That is not the case here, and by the way, it is not the case for the SLA 
extension either - in current Oozie, if the SLA schema changes, Oozie core code 
has to change. I do believe that you know better than I why it was done this 
way for SLA, so please help me understand if I am missing something.

So, for the sake of code simplicity, I would prefer to add the authentication 
to the workflow schema, and _not_ define a new extension a a separate xsd. 

-Andreas.

> GH-332: Authentication module for oozie
> ---------------------------------------
>
>                 Key: OOZIE-249
>                 URL: https://issues.apache.org/jira/browse/OOZIE-249
>             Project: Oozie
>          Issue Type: Bug
>            Reporter: Hadoop QA
>
> As Oozie is the workflow engine on the gateway, it has to be integrated with 
> all other grid systems in order to run jobs and compliant with their 
> authentication policy. Oozie should authenticate those users and propagate 
> credentials (i.e delegation tokens) to the tasks through job conf by that 
> they can be used by the tasks to authenticate themselves against those 
> systems while running.
> We need one unified interface for user by which they can specify what all the 
> systems they want to use and authenticate against and should be able to 
> provide configuration for authentication.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to