Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Hadoop, mail # dev - [DISCUSS] Hadoop SSO/Token Server Components


+
Larry McCay 2013-07-02, 20:03
+
Zheng, Kai 2013-07-03, 18:39
+
Larry McCay 2013-07-03, 20:10
+
Andrew Purtell 2013-07-03, 23:35
+
Larry McCay 2013-07-03, 23:49
+
Andrew Purtell 2013-07-04, 18:40
+
Alejandro Abdelnur 2013-07-04, 20:09
+
Zheng, Kai 2013-07-05, 17:34
+
Larry McCay 2013-07-05, 18:25
+
Larry McCay 2013-07-05, 19:24
+
Larry McCay 2013-07-10, 13:42
+
Daryn Sharp 2013-07-10, 16:30
+
Alejandro Abdelnur 2013-07-10, 15:14
+
Brian Swan 2013-07-10, 17:06
+
Larry McCay 2013-07-10, 17:39
Copy link to this message
-
RE: [DISCUSS] Hadoop SSO/Token Server Components
Brian Swan 2013-07-10, 17:59
Thanks, Larry. That is what I was trying to say, but you've said it better and in more detail. :-) To extract from what you are saying: "If we were to reframe the immediate scope to the lowest common denominator of what is needed for accepting tokens in authentication plugins then we gain... an end-state for the lowest common denominator that enables code patches in the near-term is the best of both worlds."

-Brian

-----Original Message-----
From: Larry McCay [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 10, 2013 10:40 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Kai Zheng; Alejandro Abdelnur
Subject: Re: [DISCUSS] Hadoop SSO/Token Server Components

It seems to me that we can have the best of both worlds here...it's all about the scoping.

If we were to reframe the immediate scope to the lowest common denominator of what is needed for accepting tokens in authentication plugins then we gain:

1. a very manageable scope to define and agree upon 2. a deliverable that should be useful in and of itself 3. a foundation for community collaboration that we build on for higher level solutions built on this lowest common denominator and experience as a working community

So, to Alejandro's point, perhaps we need to define what would make #2 above true - this could serve as the "what" we are building instead of the "how" to build it.
Including:
a. project structure within hadoop-common-project/common-security or the like b. the usecases that would need to be enabled to make it a self contained and useful contribution - without higher level solutions c. the JIRA/s for contributing patches d. what specific patches will be needed to accomplished the usecases in #b

In other words, an end-state for the lowest common denominator that enables code patches in the near-term is the best of both worlds.

I think this may be a good way to bootstrap the collaboration process for our emerging security community rather than trying to tackle a huge vision all at once.

@Alejandro - if you have something else in mind that would bootstrap this process - that would great - please advise.

thoughts?

On Jul 10, 2013, at 1:06 PM, Brian Swan <[EMAIL PROTECTED]> wrote:

> Hi Alejandro, all-
>
> There seems to be agreement on the broad stroke description of the components needed to achieve pluggable token authentication (I'm sure I'll be corrected if that isn't the case). However, discussion of the details of those components doesn't seem to be moving forward. I think this is because the details are really best understood through code. I also see *a* (i.e. one of many possible) token format and pluggable authentication mechanisms within the RPC layer as components that can have immediate benefit to Hadoop users AND still allow flexibility in the larger design. So, I think the best way to move the conversation of "what we are aiming for" forward is to start looking at code for these components. I am especially interested in moving forward with pluggable authentication mechanisms within the RPC layer and would love to see what others have done in this area (if anything).
>
> Thanks.
>
> -Brian
>
> -----Original Message-----
> From: Alejandro Abdelnur [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 10, 2013 8:15 AM
> To: Larry McCay
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Kai Zheng
> Subject: Re: [DISCUSS] Hadoop SSO/Token Server Components
>
> Larry, all,
>
> Still is not clear to me what is the end state we are aiming for, or that we even agree on that.
>
> IMO, Instead trying to agree what to do, we should first  agree on the final state, then we see what should be changed to there there, then we see how we change things to get there.
>
> The different documents out there focus more on how.
>
> We not try to say how before we know what.
>
> Thx.
>
>
>
>
> On Wed, Jul 10, 2013 at 6:42 AM, Larry McCay <[EMAIL PROTECTED]> wrote:
>
>> All -
>>
>> After combing through this thread - as well as the summit session
+
Larry McCay 2013-07-27, 00:59
+
Larry McCay 2013-07-30, 16:43
+
Alejandro Abdelnur 2013-08-06, 20:04
+
Chris Nauroth 2013-08-06, 20:12
+
Alejandro Abdelnur 2013-08-06, 20:15
+
Larry McCay 2013-08-06, 21:48
+
Chris Nauroth 2013-08-06, 22:22
+
Larry McCay 2013-09-03, 12:20
+
Chris Douglas 2013-09-03, 22:44
+
Larry McCay 2013-09-03, 22:55
+
Zheng, Kai 2013-09-04, 02:00
+
Larry McCay 2013-09-04, 18:19
+
Chris Douglas 2013-09-04, 19:39
+
Suresh Srinivas 2013-09-05, 06:41
+
Zheng, Kai 2013-09-05, 07:29
+
Li, Tianyou 2013-07-04, 04:19
+
Larry McCay 2013-07-04, 10:52
+
Zheng, Kai 2013-07-04, 11:21
+
Larry McCay 2013-07-04, 16:18
+
Brian Swan 2013-07-03, 18:32
+
Larry McCay 2013-07-03, 20:13