You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2013/07/31 16:21:50 UTC

[jira] [Commented] (HADOOP-9804) Hadoop RPC TokenAuthn method

    [ https://issues.apache.org/jira/browse/HADOOP-9804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13725283#comment-13725283 ] 

Larry McCay commented on HADOOP-9804:
-------------------------------------

Kai - it's great to finally start seeing some code. Unfortunately, I think this patch is a bit overreaching. You should consider limiting it to the description of this JIRA. I realize that it is helpful for testing but it is less composable and harder to review this way. If you set other patches as required they can be pulled in with it for testing. 

We also need to incorporate the JsonWebToken patch that was contributed to HADOOP-9781 JWT SSO Token and Authority.
This should be able to be utilized as the token as you described in your recent design doc. If you want to prove the ability to use something else as well then that should be a separate JIRA and patch.

The token endpoints included in this patch should also be a separate JIRA and patch. Unless I misunderstand the HAS JIRA, they would probably be more appropriate there.

This is a great start though. I will be reviewing this and the UGI changes today.
                
> Hadoop RPC TokenAuthn method
> ----------------------------
>
>                 Key: HADOOP-9804
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9804
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>              Labels: TokenAuth
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-9804-v1.patch
>
>
> As defined in TokenAuth framework, TokenAuthn as a new authentication method is to be added in current Hadoop SASL authentication framework, to allow client to access service with access token. The scope of this is as follows: 
>  
> * Add a new SASL mechanism for TokenAuthn method, including necessary SASL client and SASL server with corresponding callbacks;
> * Add TokenAuthn method in UGI and allow the method to be configured for Hadoop and the ecosystem;
> * Allow TokenAuthn method to be negotiated between client and server;
> * Define the IDP-initiated flow and SP-initiated flow in the RPC access;
> * Allow access token to be negotiated between client and server, considering both IDP-initiated case and SP-initiated case. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira