Details
-
Task
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
security
Description
In light of the proposed changes to Hadoop security in Hadoop-9533 and Hadoop-9392, having a common, detailed understanding (in the form of a document) of the benefits/drawbacks of the current security model and how it works would be useful. The document should address all security principals, their authentication mechanisms, and handling of shared secrets through the lens of the following principles: Minimize attack surface area, Establish secure defaults, Principle of Least privilege, Principle of Defense in depth, Fail securely, Don’t trust services, Separation of duties, Avoid security by obscurity, Keep security simple, Fix security issues correctly.
Attachments
Attachments
Issue Links
- is related to
-
HADOOP-9392 Token based authentication and Single Sign On
- Open
-
HADOOP-9533 Centralized Hadoop SSO/Token Server
- Open
-
HADOOP-10086 User document for authentication in secure cluster
- Closed
- relates to
-
HADOOP-4487 Security features for Hadoop
- Closed
-
YARN-4653 Document YARN security model from the perspective of Application Developers
- Closed