Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> [DISCUSS] Hadoop SSO/Token Server Components


Copy link to this message
-
Re: [DISCUSS] Hadoop SSO/Token Server Components
Hey Andrew -

I largely agree with that statement.
My intention was to let the differences be worked out within the individual components once they were identified and subtasks created.

My reference to HSSO was really referring to a SSO *server* based design which was not clearly articulated in the earlier documents.
We aren't trying to compare and contrast one design over another anymore.

Let's move this collaboration along as we've mapped out and the differences in the details will reveal themselves and be addressed within their components.

I've actually been looking forward to you weighing in on the actual discussion points in this thread.
Could you do that?

At this point, I am most interested in your thoughts on a single jira to represent all of this work and whether we should start discussing the SSO Tokens.
If you think there are discussion points missing from that list, feel free to add to it.

thanks,

--larry

On Jul 3, 2013, at 7:35 PM, Andrew Purtell <[EMAIL PROTECTED]> wrote:

> Hi Larry,
>
> Of course I'll let Kai speak for himself. However, let me point out that,
> while the differences between the competing JIRAs have been reduced for
> sure, there were some key differences that didn't just disappear.
> Subsequent discussion will make that clear. I also disagree with your
> characterization that we have simply endorsed all of the design decisions
> of the so-called HSSO, this is taking a mile from an inch. We are here to
> engage in a collaborative process as peers. I've been encouraged by the
> spirit of the discussions up to this point and hope that can continue
> beyond one design summit.
>
>
>
> On Wed, Jul 3, 2013 at 1:10 PM, Larry McCay <[EMAIL PROTECTED]> wrote:
>
>> Hi Kai -
>>
>> I think that I need to clarify something…
>>
>> This is not an update for 9533 but a continuation of the discussions that
>> are focused on a fresh look at a SSO for Hadoop.
>> We've agreed to leave our previous designs behind and therefore we aren't
>> really seeing it as an HSSO layered on top of TAS approach or an HSSO vs
>> TAS discussion.
>>
>> Your latest design revision actually makes it clear that you are now
>> targeting exactly what was described as HSSO - so comparing and contrasting
>> is not going to add any value.
>>
>> What we need you to do at this point, is to look at those high-level
>> components described on this thread and comment on whether we need
>> additional components or any that are listed that don't seem necessary to
>> you and why.
>> In other words, we need to define and agree on the work that has to be
>> done.
>>
>> We also need to determine those components that need to be done before
>> anything else can be started.
>> I happen to agree with Brian that #4 Hadoop SSO Tokens are central to all
>> the other components and should probably be defined and POC'd in short
>> order.
>>
>> Personally, I think that continuing the separation of 9533 and 9392 will
>> do this effort a disservice. There doesn't seem to be enough differences
>> between the two to justify separate jiras anymore. It may be best to file a
>> new one that reflects a single vision without the extra cruft that has
>> built up in either of the existing ones. We would certainly reference the
>> existing ones within the new one. This approach would align with the spirit
>> of the discussions up to this point.
>>
>> I am prepared to start a discussion around the shape of the two Hadoop SSO
>> tokens: identity and access. If this is what others feel the next topic
>> should be.
>> If we can identify a jira home for it, we can do it there - otherwise we
>> can create another DISCUSS thread for it.
>>
>> thanks,
>>
>> --larry
>>
>>
>> On Jul 3, 2013, at 2:39 PM, "Zheng, Kai" <[EMAIL PROTECTED]> wrote:
>>
>>> Hi Larry,
>>>
>>> Thanks for the update. Good to see that with this update we are now
>> aligned on most points.
>>>
>>> I have also updated our TokenAuth design in HADOOP-9392. The new
>> revision incorporates feedback and suggestions in related discussion with