[jira] [Commented] (HADOOP-19736) ABFS: Support for new auth type: User-bound SAS

Thu, 27 Nov 2025 05:05:08 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-19736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18041053#comment-18041053
 ] 

ASF GitHub Bot commented on HADOOP-19736:
-----------------------------------------

manika137 commented on code in PR #8051:
URL: https://github.com/apache/hadoop/pull/8051#discussion_r2568593275


##########
hadoop-tools/hadoop-azure/src/site/markdown/index.md:
##########
@@ -501,7 +517,7 @@ With an existing Oauth 2.0 token, make a request to the 
Active Directory endpoin
 </property>
 ```
 
-### <a name="managed-identity"></a> Azure Managed Identity
+#### <a name="managed-identity"></a> Azure Managed Identity

Review Comment:
   for better readability



##########
hadoop-tools/hadoop-azure/src/site/markdown/index.md:
##########
@@ -549,7 +565,7 @@ The Azure Portal/CLI is used to create the service identity.
 </property>
 ```
 
-### <a name="workload-identity"></a> Azure Workload Identity
+#### <a name="workload-identity"></a> Azure Workload Identity

Review Comment:
   for better readability





> ABFS: Support for new auth type: User-bound SAS
> -----------------------------------------------
>
>                 Key: HADOOP-19736
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19736
>             Project: Hadoop Common
>          Issue Type: Task
>          Components: fs/azure
>    Affects Versions: 3.4.1, 3.4.2
>            Reporter: Manika Joshi
>            Assignee: Manika Joshi
>            Priority: Major
>              Labels: pull-request-available
>
> Adding support for new authentication type: user bound SAS
> User-bound SAS (Shared Access Signature) binds a SAS token to a specific user 
> identity rather than just granting access based on possession of the token. 
> This approach addresses key vulnerabilities in previous SAS mechanisms.
> The SAS token for it includes identity-binding parameters (e.g., skdutid, 
> sduoid) that correspond to the user’s Entra tenant and object ID.
> When accessing storage, the user must present a valid Entra access token 
> matching these parameters.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to