Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> [DISCUSS] Hadoop SSO/Token Server Components


Copy link to this message
-
Re: [DISCUSS] Hadoop SSO/Token Server Components
All -

Given that we have moved forward with the branch committerships for the
initial set of security branch contributors, I think that we should propose
a branch for iteration-1 as described in this thread.

My proposal is that we limit the scope of this initial branch to be only
that which is required for the pluggable authentication mechanism as
described in iteration-1. We will then create a separate branch in order to
introduce whole new services - such as: TAS Server Instances and a Key
Management Service.

This will make the ability to review each branch easier and the merging of
each into trunk less destabilizing/risky.

In terms of check-in philosophy, we should take a review then check-in
approach to the branch with lazy consensus - wherein we do not need to
explicitly +1 every check-in to the branch but we will honor any -1's with
discussion to resolve before checking in. This will provide us each with
the opportunity to track the work being done and ensure that we understand
it and find that it meets the intended goals.

I am excited to get this work really moving and look forward to working on
it with you all.

One outstanding question for me - how do we go about getting the branches
created?

Off the top of my head, I believe there to be a need for 3 for the related
security efforts actually: pluggable authentication/sso, security services
and cryptographic filesystem.

thanks!

--larry
On Tue, Aug 6, 2013 at 6:22 PM, Chris Nauroth <[EMAIL PROTECTED]>wrote:

> Near the bottom of the bylaws, it states that addition of a "New Branch
> Committer" requires "Lazy consensus of active PMC members."  I think this
> means that you'll need to get a PMC member to sponsor the vote for you.
>  Regular committer votes happen on the private PMC mailing list, and I
> assume it would be the same for a branch committer vote.
>
> http://hadoop.apache.org/bylaws.html
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Tue, Aug 6, 2013 at 2:48 PM, Larry McCay <[EMAIL PROTECTED]>
> wrote:
>
> > That sounds perfect!
> > I have been thinking of late that we would maybe need an incubator
> project
> > or something for this - which would be unfortunate.
> >
> > This would allow us to move much more quickly with a set of patches
> broken
> > up into consumable/understandable chunks that are made functional more
> > easily within the branch.
> > I assume that we need to start a separate thread for DISCUSS or VOTE to
> > start that process - correct?
> >
> > On Aug 6, 2013, at 4:15 PM, Alejandro Abdelnur <[EMAIL PROTECTED]>
> wrote:
> >
> > > yep, that is what I meant. Thanks Chris
> > >
> > >
> > > On Tue, Aug 6, 2013 at 1:12 PM, Chris Nauroth <
> [EMAIL PROTECTED]
> > >wrote:
> > >
> > >> Perhaps this is also a good opportunity to try out the new "branch
> > >> committers" clause in the bylaws, enabling non-committers who are
> > working
> > >> on this to commit to the feature branch.
> > >>
> > >>
> > >>
> >
> http://mail-archives.apache.org/mod_mbox/hadoop-general/201308.mbox/%3CCACO5Y4we4d8knB_xU3a=hr2gbeQO5m3vaU+[EMAIL PROTECTED]%3E
> > >>
> > >> Chris Nauroth
> > >> Hortonworks
> > >> http://hortonworks.com/
> > >>
> > >>
> > >>
> > >> On Tue, Aug 6, 2013 at 1:04 PM, Alejandro Abdelnur <[EMAIL PROTECTED]
> > >>> wrote:
> > >>
> > >>> Larry,
> > >>>
> > >>> Sorry for the delay answering. Thanks for laying down things, yes, it
> > >> makes
> > >>> sense.
> > >>>
> > >>> Given the large scope of the changes, number of JIRAs and number of
> > >>> developers involved, wouldn't make sense to create a feature branch
> for
> > >> all
> > >>> this work not to destabilize (more ;) trunk?
> > >>>
> > >>> Thanks again.
> > >>>
> > >>>
> > >>> On Tue, Jul 30, 2013 at 9:43 AM, Larry McCay <[EMAIL PROTECTED]
> >
> > >>> wrote:
> > >>>
> > >>>> The following JIRA was filed to provide a token and basic authority
> > >>>> implementation for this effort:
> > >>>> https://issues.apache.org/jira/browse/HADOOP-9781

CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB