Re: How does Accumulo compare to HBase

Mon, 23 Jun 2014 11:50:36 -0700

Another way you could word this is that Accumulo has a very "mature" security implementation, whereas, like you pointed out, HBase has only recently added this in 0.98.
The note about how visibility being in the Key as opposed to the Value also has impact when writing Iterators. Because the visibility is a "first class citizen" instead of an afterthought, having it uniquely define some pair makes aggregations much easier to think about, IMO. This is especially prevalent when doing this server-side with an Accumulo Iterator. 


There are also other differences between the implementations visibility 
filtering, the most common being the support of a "NOT" operator in 
HBase whereas Accumulo explicitly chose not to implement this. By 
allowing "NOT" into the syntax, it becomes much more possible that data 
is inadvertently leaked. Marking data correctly is more difficult than 
it seems and introducing the ability to negate certain branches makes it 
even more difficult. Auditors are scary :)


- Josh

On 6/23/14, 2:34 PM, Aaron wrote:

I'm not sure of all the differences, but, wrt HBase Cell Level security
(CLS)..while similar..not 100% the same.  If I understand how the HBase
CLS works it's extension to ACL system.  And that ACL is "applied" to a
cell.  In Accumulo's case, it is part of the key.  So the ramification
is that in Accumulo, you can have:

RowID, CF, CQ, VIS1, TS --> Value1
RowID, CF, CQ, VIS2, TS --> Value2

If everything is the same, including the timestamp, the visibility can
actually determine which value to return.  So, a more concrete example
would be:

XXX, METADATA, NAME, everyone,  100--> Bruce Wayne
XXX, METADATA, NAME, alfred-only,  100--> Batman

Where Alfred could/would see both "values"...but, everyone else would
only see "Bruce"

Hope that helps.

Cheers,
Aaron

PS:  this is my understanding of how HBase CLS works...based on what I
have read/interpreted.



On Mon, Jun 23, 2014 at 1:55 PM, Jianshi Huang <[email protected]
<mailto:[email protected]>> wrote:

    Er... basically I need to explain to my manager why choosing
    Accumulo, instead of HBase.

    So what are the pros and cons of Accumulo vs. HBase? (btw HBase 0.98
    also got cell-level security, modeled after Accumulo)

    --
    Jianshi Huang

    LinkedIn: jianshi
    Twitter: @jshuang
    Github & Blog: http://huangjs.github.com/
























					Reply via email to