Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9533 Centralized Hadoop SSO/Token Server
  3. HADOOP-9536

HSSO Server - Certificate Authority and Publisher of Service Public Keys

Add voteVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security
    • None

    Description

      This task provides the Hadoop cluster with a central authority for issuing and signing PKI keypairs for all of the Hadoop services.

      It will leverage the CMF for rolling, versioning and managing keystores and publishing the public keys for all registered Hadoop services.

      This allows services to easily acquire a new public key for verifying tokens signed by each other when signing keys have been rolled.

      Public keys are safe to distribute freely we will only want to insure that the service is requesting the published keys from the actual HSSO service. This will require the use of SSL or some other server authentication scheme to avoid spoofing.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            lmccay Larry McCay
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 168h
                168h
                Remaining:
                Remaining Estimate - 168h
                168h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Slack

                  Issue deployment