Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> [DISCUSS] Hadoop SSO/Token Server Components


Copy link to this message
-
Re: [DISCUSS] Hadoop SSO/Token Server Components
Perhaps this is also a good opportunity to try out the new "branch
committers" clause in the bylaws, enabling non-committers who are working
on this to commit to the feature branch.

http://mail-archives.apache.org/mod_mbox/hadoop-general/201308.mbox/%3CCACO5Y4we4d8knB_xU3a=hr2gbeQO5m3vaU+[EMAIL PROTECTED]%3E

Chris Nauroth
Hortonworks
http://hortonworks.com/

On Tue, Aug 6, 2013 at 1:04 PM, Alejandro Abdelnur <[EMAIL PROTECTED]>wrote:

> Larry,
>
> Sorry for the delay answering. Thanks for laying down things, yes, it makes
> sense.
>
> Given the large scope of the changes, number of JIRAs and number of
> developers involved, wouldn't make sense to create a feature branch for all
> this work not to destabilize (more ;) trunk?
>
> Thanks again.
>
>
> On Tue, Jul 30, 2013 at 9:43 AM, Larry McCay <[EMAIL PROTECTED]>
> wrote:
>
> > The following JIRA was filed to provide a token and basic authority
> > implementation for this effort:
> > https://issues.apache.org/jira/browse/HADOOP-9781
> >
> > I have attached an initial patch though have yet to submit it as one
> since
> > it is dependent on the patch for CMF that was posted to:
> > https://issues.apache.org/jira/browse/HADOOP-9534
> > and this patch still has a couple outstanding issues - javac warnings for
> > com.sun classes for certification generation and 11 javadoc warnings.
> >
> > Please feel free to review the patches and raise any questions or
> concerns
> > related to them.
> >
> > On Jul 26, 2013, at 8:59 PM, Larry McCay <[EMAIL PROTECTED]> wrote:
> >
> > > Hello All -
> > >
> > > In an effort to scope an initial iteration that provides value to the
> > community while focusing on the pluggable authentication aspects, I've
> > written a description for "Iteration 1". It identifies the goal of the
> > iteration, the endstate and a set of initial usecases. It also enumerates
> > the components that are required for each usecase. There is a scope
> section
> > that details specific things that should be kept out of the first
> > iteration. This is certainly up for discussion. There may be some of
> these
> > things that can be contributed in short order. If we can add some things
> in
> > without unnecessary complexity for the identified usecases then we
> should.
> > >
> > > @Alejandro - please review this and see whether it satisfies your point
> > for a definition of what we are building.
> > >
> > > In addition to the document that I will paste here as text and attach a
> > pdf version, we have a couple patches for components that are identified
> in
> > the document.
> > > Specifically, COMP-7 and COMP-8.
> > >
> > > I will be posting COMP-8 patch to the HADOOP-9534 JIRA which was filed
> > specifically for that functionality.
> > > COMP-7 is a small set of classes to introduce JsonWebToken as the token
> > format and a basic JsonWebTokenAuthority that can issue and verify these
> > tokens.
> > >
> > > Since there is no JIRA for this yet, I will likely file a new JIRA for
> a
> > SSO token implementation.
> > >
> > > Both of these patches assume to be modules within
> > hadoop-common/hadoop-common-project.
> > > While they are relatively small, I think that they will be pulled in by
> > other modules such as hadoop-auth which would likely not want a
> dependency
> > on something larger like
> hadoop-common/hadoop-common-project/hadoop-common.
> > >
> > > This is certainly something that we should discuss within the community
> > for this effort though - that being, exactly how to add these libraries
> so
> > that they are most easily consumed by existing projects.
> > >
> > > Anyway, the following is the Iteration-1 document - it is also attached
> > as a pdf:
> > >
> > > Iteration 1: Pluggable User Authentication and Federation
> > >
> > > Introduction
> > > The intent of this effort is to bootstrap the development of pluggable
> > token-based authentication mechanisms to support certain goals of
> > enterprise authentication integrations. By restricting the scope of this
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB