Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9392

Token based authentication and Single Sign On

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Tags:
      Project Rhino

      Description

      This is an umbrella entry for one of project Rhino’s topic, for details of project Rhino, please refer to https://github.com/intel-hadoop/project-rhino/. The major goal for this entry as described in project Rhino was

      “Core, HDFS, ZooKeeper, and HBase currently support Kerberos authentication at the RPC layer, via SASL. However this does not provide valuable attributes such as group membership, classification level, organizational identity, or support for user defined attributes. Hadoop components must interrogate external resources for discovering these attributes and at scale this is problematic. There is also no consistent delegation model. HDFS has a simple delegation capability, and only Oozie can take limited advantage of it. We will implement a common token based authentication framework to decouple internal user and service authentication from external mechanisms used to support it (like Kerberos)”

      We’d like to start our work from Hadoop-Common and try to provide common facilities by extending existing authentication framework which support:
      1. Pluggable token provider interface
      2. Pluggable token verification protocol and interface
      3. Security mechanism to distribute secrets in cluster nodes
      4. Delegation model of user authentication

        Attachments

        1. TokenAuth-breakdown.pdf
          306 kB
          Kai Zheng
        2. token-based-authn-plus-sso-v2.0.pdf
          838 kB
          Kai Zheng
        3. token-based-authn-plus-sso.pdf
          555 kB
          Kai Zheng

          Issue Links

            Activity

              People

              • Assignee:
                hitliuyi Yi Liu
                Reporter:
                drankye Kai Zheng
              • Votes:
                4 Vote for this issue
                Watchers:
                73 Start watching this issue

                Dates

                • Created:
                  Updated: