Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
As discussed in HADOOP-9392, we're proposing a pluggable TokenAuth framework to abstract and address the requirements, goals and collaboration concerns already widely discussed in the JIRA with the design doc, and in community. In this JIRA, we'll:
- Define the framework itself, and clarifies the key goals, properties, and facilities that this framework should meet with and provide. Most of the points have already been explained in HADOOP-9392 and the TokenAuth design doc. To collaborate with HSSO and more importantly to allow other solutions, TokenAuth itself is just defined as a framework with required APIs, protocols, flows, and facilities along with some simple implementations for related constructs, entities and even services. The framework is neutral, no vendor specific, and subject to be widely discussed and defined together as a common effort of community. As the most important key point, the framework should be pluggable in all the key places to allow certain solutions to employ their own product level implementations. Based on this framework, Rhino will come up HAS solution. The framework related discussions in high level aspects can be in this separate umbrella JIRA, and sub task JIRAs will be opened to address each aspect of the framework.
- Define APIs for all the important entities and parties involved in TokenAuth framework.
- Define important procedures and protocols, for example, the protocol between token authn client and server.
- Implement this framework with the defined APIs, procedures and protocols. Meanwhile, leave pluggable extension points in key places for solutions to customize and implement with their own complicated mechanisms.
- Initially, we have the following items for the framework. It’s to be complemented. Each of the items will be defined and discussed separately in corresponding subtask JIRA.
- Token definition and API;
- TokenAuthn method for Hadoop RPC;
- Authentication Service API;
- Identity Token Service API;
- Access Token Service API;
- Attribute Service API;
- Token authentication client;
- Token cache for TokenAuth;
- Common configuration for TokenAuth;
- Hadoop token command;
- Key Provider API;
- Web SSO for TokenAuth;
- REST SSO for TokenAuth;
- Auditing for TokenAuth;
- And etc.
Attachments
Issue Links
- contains
-
HADOOP-9835 Identity Token Service API
-
- Open
-
-
HADOOP-9836 Token definition and API
-
- Patch Available
-
-
HADOOP-9842 Common auditing log API and facilities
-
- Open
-
-
HADOOP-9804 Hadoop RPC TokenAuthn method
-
- Open
-
-
HADOOP-9808 Web SSO support for TokenAuth
-
- Open
-
-
HADOOP-9809 REST SSO support for TokenAuth
-
- Open
-
-
HADOOP-9810 Token cache for TokenAuth
-
- Open
-
-
HADOOP-9814 Access Token Service API
-
- Open
-
-
HADOOP-9815 Authorization Service API
-
- Open
-
-
HADOOP-9825 Key Provider for TokenAuth
-
- Open
-
-
HADOOP-9826 Authentication client for TokenAuth
-
- Open
-
-
HADOOP-9827 Attribute Service in TokenAuth
-
- Open
-
-
HADOOP-9828 Common configuration for TokenAuth
-
- Open
-
-
HADOOP-9834 Authentication Service API
-
- Open
-
-
HADOOP-9837 Hadoop Token Command
-
- Resolved
-