[jira] [Commented] (YARN-3053) [Security] Review and implement security in ATS v.2

Fri, 11 Nov 2016 05:57:34 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15657128#comment-15657128
 ] 

Varun Saxena commented on YARN-3053:
------------------------------------

Thanks [~gtCarrera9] and [~sjlee0] for the comments. I will address them one by 
one.

Regarding Li's comment, 
bq. Under the current design, our app collectors will assist AMs to get 
timeline delegation tokens. I'm not sure if and how we're actually checking if 
the AM is authenticated before the collector can reply a token?
As discussed in the call yesterday, in option 1, AM will not directly get 
delegation token upon authentication from Collector. When collector manager 
receives the request to launch an app collector, it will generate a token and 
send it back along with timeline service address to NM Collector service. We 
will send this as part of collector protocol to make sure this works when 
Collector runs as a separate process / system container. Once Collector 
responds to NM with token, token will be forwarded along with timeline service 
address to RM and then RM can inform AM with the token. Please note RM already 
knows that the AM connecting with it is not some spurious process so it will be 
safe to forward the token. AM will have to update this token and timeline 
client will pick it up based on type. This option has been primarily chosen 
because this uses large parts of ATSv1 security code.




> [Security] Review and implement security in ATS v.2
> ---------------------------------------------------
>
>                 Key: YARN-3053
>                 URL: https://issues.apache.org/jira/browse/YARN-3053
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Sangjin Lee
>            Assignee: Varun Saxena
>              Labels: YARN-5355
>         Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for 
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and 
> any other relevant security aspects.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to