You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Xianqing Yu (JIRA)" <ji...@apache.org> on 2012/09/13 19:28:07 UTC

[jira] [Commented] (HADOOP-8803) Make Hadoop running more secure public cloud envrionment

    [ https://issues.apache.org/jira/browse/HADOOP-8803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13455025#comment-13455025 ] 

Xianqing Yu commented on HADOOP-8803:
-------------------------------------

I would like to discuss this topic with hadoop community to see if people want or need those features in future's Hadoop. Please post your thoughts here.
                
> Make Hadoop running more secure public cloud envrionment
> --------------------------------------------------------
>
>                 Key: HADOOP-8803
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8803
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs, ipc, security
>    Affects Versions: 0.20.204.0
>            Reporter: Xianqing Yu
>              Labels: hadoop
>   Original Estimate: 2m
>  Remaining Estimate: 2m
>
> I have two major goals in the project.
> One is bring fine-grain access control to Hadoop. Based on 0.20.204, Hadoop 
> access control is based on user or block granularity, e.g. HDFS Delegation 
> Token only check if the file can be accessed by certain user or not, Block 
> Token only proof which block or blocks can be accessed. I would like to make 
> Hadoop can do byte-granularity access control, each access party, user or 
> task process can only access the bytes she or he least needed.
> Second one is that make Hadoop work more secure in Cloud environment, 
> especially in public Cloud environment. So the communication between 
> hadoop's node should be protected. And if some nodes of hadoop is 
> compromised, the damage should be minimized (e.g. known wildly shared-key 
> problem of Block Access Token problem).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira