[
https://issues.apache.org/jira/browse/HADOOP-9653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13690468#comment-13690468
]
Kai Zheng commented on HADOOP-9653:
-----------------------------------
This falls into the 3rd case in situations where SPNEGO might not work for web
services, and special filter should be used to contact the IdP like Ping
Federate first, get authentication result, exchange identity token and so on. I
would discuss about this concrete flow separately.
> Token validation and transmission
> ---------------------------------
>
> Key: HADOOP-9653
> URL: https://issues.apache.org/jira/browse/HADOOP-9653
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Labels: rhino
> Fix For: 3.0.0
>
>
> HADOOP-9392 proposes to have customizable token authenticator for services to
> implement the TokenAuthn method and it was thought supporting pluggable token
> validation is a significant feature itself so it serves to be addressed in a
> separate JIRA. It will also consider how to securely transmit token in Hadoop
> RPC in a way the defends against all of the classical attacks. Note the
> authentication negotiation and wrapping of Hadoop RPC should be backwards
> compatible and interoperable with existing deployments, so therefore be SASL
> based.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
