Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Tags:
      Project Rhino

      Description

      This is an umbrella entry for one of project Rhino’s goal, “common authorization framework for the Hadoop ecosystem”. For details of project Rhino and the goal, please refer to https://github.com/intel-hadoop/project-rhino/.

      We’d like to start this work from Hadoop-Common, based on token based authentication (HADOOP-9392), provide an unified and common authorization framework as follows:
      1. Abstract and extensible denote for authorization resources;
      2. Unified authorization policy and configuration;
      3. Unified and pluggable authorization enforcement engine;
      4. Authorization trust transferring and management;
      And based on this framework,
      5. Role based access control;
      6. Default implementation of service level authorization with backward compatibility;
      7. Extended file ACL for HDFS

      As design considerations, we keep the following in mind:
      1. Authorization enforcement is done with input policies and common authentication token;
      2. Authorization configuration and policy management is separated from authorization enforcement;
      3. Allows to support advanced authorization model, such as ABAC and XACML standard;
      4. Allows to support domain based authorization for multi-tenancy scenario;
      5. Unified access control exception message for log.

        Issue Links

          Activity

          Hide
          Kai Zheng added a comment -

          This unified authorization model requires and makes use of the common token proposed in the JIRA.

          Show
          Kai Zheng added a comment - This unified authorization model requires and makes use of the common token proposed in the JIRA.

            People

            • Assignee:
              Kai Zheng
              Reporter:
              Kai Zheng
            • Votes:
              0 Vote for this issue
              Watchers:
              25 Start watching this issue

              Dates

              • Created:
                Updated:

                Development