You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Xiao Chen (JIRA)" <ji...@apache.org> on 2016/05/25 23:47:12 UTC

[jira] [Commented] (HADOOP-10720) KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API

    [ https://issues.apache.org/jira/browse/HADOOP-10720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15301149#comment-15301149 ] 

Xiao Chen commented on HADOOP-10720:
------------------------------------

Hi [~tucu00] and [~asuresh],
Thank you very much for the nice feature and great discussions on adding this.

I have 1 question:
Since the client side has {{encKeyVersionQueue}} to protect the KMS server, when generating EEKs most requests doesn't reach the KMS server. The ACLs however, are on KMS server side only. How could the ACL's be checked in the cached case?

Thanks!

> KMS: Implement generateEncryptedKey and decryptEncryptedKey in the REST API
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-10720
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10720
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>             Fix For: 2.6.0
>
>         Attachments: COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, COMBO.patch, HADOOP-10720-10750.COMBO.patch, HADOOP-10720.1.patch, HADOOP-10720.10.patch, HADOOP-10720.11.patch, HADOOP-10720.12.patch, HADOOP-10720.13.patch, HADOOP-10720.14.patch, HADOOP-10720.15.patch, HADOOP-10720.16.patch, HADOOP-10720.17.patch, HADOOP-10720.18.patch, HADOOP-10720.19.patch, HADOOP-10720.2.patch, HADOOP-10720.20.patch, HADOOP-10720.3.patch, HADOOP-10720.4.patch, HADOOP-10720.5.patch, HADOOP-10720.6.patch, HADOOP-10720.7.patch, HADOOP-10720.8.patch, HADOOP-10720.9.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch, HADOOP-10720.patch
>
>
> KMS client/server should implement support for generating encrypted keys and decrypting them via the REST API being introduced by HADOOP-10719.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org