You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@accumulo.apache.org by Sujee Maniyam <su...@sujee.net> on 2013/12/16 21:50:37 UTC
when a security token is compromised?
Hi all
I am trying to understand the security model of Accumulo
Let's say a security token has been 'compromised'. How can the data be
safe guarded? Do we need to replace all cells with the old security token
with a new one?
Or is it the security tokens are 'well known' (as in not secret) and the
data access is controlled via granting / revoking specific tokens to
specific users?
thanks very much
Sujee Maniyam (http://sujee.net)
Re: when a security token is compromised?
Posted by Josh Elser <jo...@gmail.com>.
On 12/16/13, 4:56 PM, Sujee Maniyam wrote:
>
> On Mon, Dec 16, 2013 at 1:40 PM, Michael Allen <michael@sqrrl.com
> <ma...@sqrrl.com>> wrote:
>
> Hi Sujee, I'm not exactly following you when you are talking about a
> "security token". Are you maybe referring to the visibility labels
> within the cell level security feature of Accumulo?
>
>
> yes, I meant the cell level 'visibility token'
>
> So I guess, that kind of answers my question :-)
> These are not super-secret tokens... just visibility levels.
> Admins grants the visibility levels per user , to control access
You got it!
Re: when a security token is compromised?
Posted by Josh Elser <jo...@gmail.com>.
dang, asf mail servers beat me!
On 12/16/13, 5:02 PM, Michael Allen wrote:
> You got it. :)
>
>
> On Mon, Dec 16, 2013 at 4:56 PM, Sujee Maniyam <sujee@sujee.net
> <ma...@sujee.net>> wrote:
>
>
> On Mon, Dec 16, 2013 at 1:40 PM, Michael Allen <michael@sqrrl.com
> <ma...@sqrrl.com>> wrote:
>
> Hi Sujee, I'm not exactly following you when you are talking
> about a "security token". Are you maybe referring to the
> visibility labels within the cell level security feature of
> Accumulo?
>
>
> yes, I meant the cell level 'visibility token'
>
> So I guess, that kind of answers my question :-)
> These are not super-secret tokens... just visibility levels.
> Admins grants the visibility levels per user , to control access
>
>
>
Re: when a security token is compromised?
Posted by Christopher <ct...@apache.org>.
To be clear, Accumulo also has per-user security tokens, which are
tied to the user, not the data. These are used for user
authentication. Once a user is authenticated, the labels on the data
are used for filtering the data for that user's authorizations.
--
Christopher L Tubbs II
http://gravatar.com/ctubbsii
On Mon, Dec 16, 2013 at 5:02 PM, Michael Allen <mi...@sqrrl.com> wrote:
> You got it. :)
>
>
> On Mon, Dec 16, 2013 at 4:56 PM, Sujee Maniyam <su...@sujee.net> wrote:
>>
>>
>> On Mon, Dec 16, 2013 at 1:40 PM, Michael Allen <mi...@sqrrl.com> wrote:
>>>
>>> Hi Sujee, I'm not exactly following you when you are talking about a
>>> "security token". Are you maybe referring to the visibility labels within
>>> the cell level security feature of Accumulo?
>>
>>
>> yes, I meant the cell level 'visibility token'
>>
>> So I guess, that kind of answers my question :-)
>> These are not super-secret tokens... just visibility levels.
>> Admins grants the visibility levels per user , to control access
>>
>>
>
Re: when a security token is compromised?
Posted by Michael Allen <mi...@sqrrl.com>.
You got it. :)
On Mon, Dec 16, 2013 at 4:56 PM, Sujee Maniyam <su...@sujee.net> wrote:
>
> On Mon, Dec 16, 2013 at 1:40 PM, Michael Allen <mi...@sqrrl.com> wrote:
>
>> Hi Sujee, I'm not exactly following you when you are talking about a
>> "security token". Are you maybe referring to the visibility labels within
>> the cell level security feature of Accumulo?
>>
>
> yes, I meant the cell level 'visibility token'
>
> So I guess, that kind of answers my question :-)
> These are not super-secret tokens... just visibility levels.
> Admins grants the visibility levels per user , to control access
>
>
>
Re: when a security token is compromised?
Posted by Sujee Maniyam <su...@sujee.net>.
On Mon, Dec 16, 2013 at 1:40 PM, Michael Allen <mi...@sqrrl.com> wrote:
> Hi Sujee, I'm not exactly following you when you are talking about a
> "security token". Are you maybe referring to the visibility labels within
> the cell level security feature of Accumulo?
>
yes, I meant the cell level 'visibility token'
So I guess, that kind of answers my question :-)
These are not super-secret tokens... just visibility levels.
Admins grants the visibility levels per user , to control access
Re: when a security token is compromised?
Posted by Michael Allen <mi...@sqrrl.com>.
Hi Sujee, I'm not exactly following you when you are talking about a
"security token". Are you maybe referring to the visibility labels within
the cell level security feature of Accumulo?
- Mike Allen
On Mon, Dec 16, 2013 at 3:50 PM, Sujee Maniyam <su...@sujee.net> wrote:
> Hi all
>
> I am trying to understand the security model of Accumulo
>
> Let's say a security token has been 'compromised'. How can the data be
> safe guarded? Do we need to replace all cells with the old security token
> with a new one?
>
> Or is it the security tokens are 'well known' (as in not secret) and the
> data access is controlled via granting / revoking specific tokens to
> specific users?
>
> thanks very much
> Sujee Maniyam (http://sujee.net)
>