[jira] [Commented] (YARN-3053) [Security] Review and implement security in ATS v.2

["Rohith Sharma K S (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15581449#comment-15581449 ] 

Rohith Sharma K S commented on YARN-3053:
-----------------------------------------

I have basic question on ATSv2 security model. ATSv2 claims that all the communication is based on REST end points. How does it solve custom web authentication issue invoked from CLI commands? Let say, in YARN ApplicationClientProtocol is RPC based API and ApplicationCLI make use of getting the reports and other stuff. This was secured communication by doing kinit . 

Now, If same ApplicationCLI want to get application report from ATSv2, then expected to invoke REST call to ATSv2 for application report. But If user has custom web authentication which always to provide username and password then how does ATSv2 guarantee security for this?

> [Security] Review and implement security in ATS v.2
> ---------------------------------------------------
>
>                 Key: YARN-3053
>                 URL: https://issues.apache.org/jira/browse/YARN-3053
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Sangjin Lee
>            Assignee: Varun Saxena
>              Labels: YARN-5355
>         Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and any other relevant security aspects.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org