Oops. Sorry. Will re-initiate the vote. On Thu, Feb 14, 2013 at 8:25 PM, Mattmann, Chris A (388J) <chris.a.mattm...@jpl.nasa.gov> wrote: > s/Apache Open Climate Workbench/Apache Knox Hadoop Gateway/ :) > > May want to resend the [VOTE] thread. > > On 2/14/13 5:26 PM, "Devaraj Das" <d...@hortonworks.com> wrote: > >>Hi Folks, >> >>Thanks for participating in the discussion. I'd like to call a VOTE >>for acceptance of Apache Knox Hadoop Gateway Project into the >>Incubator. The vote will close on Feb 21 at 6:00 p.m. >> >>[ ] +1 Accept Apache Open Climate Workbench into the Incubator >>[ ] +0 Don't care. >>[ ] -1 Don't accept Apache Open Climate Workbench into the Incubator >>because... >> >>Full proposal is pasted at the bottom of this email, and the >>corresponding wiki is http://wiki.apache.org/incubator/knox. Only >>VOTEs from Incubator PMC members are binding. >> >>Here's my +1 (binding). >> >>Thanks, >>Devaraj. >> >>p.s. In the last day, Tom White has been added as a mentor, and >>Venkatesh Seetharam has been added in the list of initial committers. >> >>-------- >>Knox Gateway Proposal >> >>Abstract >> >>Knox Gateway is a system that provides a single point of secure access >>for Apache Hadoop clusters. >> >>Proposal >> >>The Knox Gateway (³Gateway² or ³Knox²) is a system that provides a >>single point of authentication and access for Apache Hadoop services >>in a cluster. The goal is to simplify Hadoop security for both users >>(i.e. who access the cluster data and execute jobs) and operators >>(i.e. who control access and manage the cluster). The Gateway runs as >>a server (or cluster of servers) that serve one or more Hadoop >>clusters. >> >>Provide perimeter security to make Hadoop security setup easier >>Support authentication and token verification security scenarios >>Deliver users a single cluster end-point that aggregates capabilities >>for data and jobs >>Enable integration with enterprise and cloud identity management >>environments >> >>Background >> >>An Apache Hadoop cluster is presented to consumers as a loose >>collection of independent services. This makes it difficult for users >>to interact with Hadoop since each service maintains it¹s own method >>of access and security. As well, for operators, configuration and >>administration of a secure Hadoop cluster is a complex and many Hadoop >>clusters are insecure as a result. >> >>The goal of the project is to provide coverage for all existing Hadoop >>ecosystem projects. In addition, the project will be extensible to >>allow for new and/or proprietary Hadoop components without requiring >>changes to the gateway source code. The gateway is expected to run in >>a DMZ environment where it will provide controlled access to these >>Hadoop services. In this way Hadoop clusters can be protected by a >>firewall and only limited access provided through the firewall for the >>gateway. The authentication components of the gateway will be modular >>and extensible such that it can be integrated with existing security >>infrastructure. >> >>Rationale >> >>Organizations that are struggling with Hadoop cluster security result >>in a) running Hadoop without security or b) slowing adoption of >>Hadoop. The Gateway aims to provide perimeter security that integrates >>more easily into existing organizations¹ security infrastructure. >>Doing so will simplify security for these organizations and benefit >>all Hadoop stakeholders (i.e. users and operators). Additionally, >>making a dedicated perimeter security project part of the Apache >>Hadoop ecosystem will prevent fragmentation in this area and further >>increase the value of Hadoop as a data platform. >> >>Current Status >> >>Prototype available, developed by the list of initial committers. >> >>Meritocracy >> >>We desire to build a diverse developer community around Gateway >>following the Apache Way. We want to make the project open source and >>will encourage contributors from multiple organizations following the >>Apache meritocracy model. >> >>Community >> >>We hope to extend the user and developer base in the future and build >>a solid open source community around Gateway. Apache Hadoop has a >>large ecosystem of open source projects, each with a strong community >>of contributors. All project communities in this ecosystem have an >>opportunity to participate in the advancement of the Gateway project >>because ultimately, Gateway will enable the security capabilities of >>their project to be more enterprise friendly. >> >>Core Developers >> >>Gateway is currently being developed by several engineers from >>Hortonworks - Kevin Minder, Larry McCay, John Speidel, Tom Beerbower >>and Sumit Mohanty. All the engineers have deep expertise in >>middleware, security & identity systems and are quite familiar with >>the Hadoop ecosystem. >> >>Alignment >> >>The ASF is a natural host for Gateway given that it is already the >>home of Hadoop, Hive, Pig, HBase, Oozie and other emerging big data >>software projects. Gateway is designed to solve the security >>challenges familiar to the Hadoop ecosystem family of projects. >> >>Known Risks >> >>Orphaned products & Reliance on Salaried Developers >> >>The core developers plan to work full time on the project. We believe >>that this project will be of general interest to many Hadoop users and >>will attract a diverse set of contributors. We intend to demonstrate >>this by having contributors from several organizations recognized as >>committers by the time Knox graduates from incubation. >> >>Inexperience with Open Source >> >>All of the core developers are active users and followers of open >>source. As well, Hortonworks and the affiliated mentors have a strong >>heritage of success with contributions to Apache Hadoop Projects. >> >>Homogeneous Developers >> >>The current core developers are from Hortonworks, however, we hope to >>establish a developer community that includes contributors from >>several corporations. >> >>Reliance on Salaried Developers >> >>Currently, the developers are paid to do work on Gateway. However, >>once the project has a community built around it, we expect to get >>committers and developers from outside the current core developers. >> >>Relationships with Other Apache Products >> >>Gateway is going to be used by the users and operators of Hadoop, and >>the Hadoop ecosystem in general. >> >>A Excessive Fascination with the Apache Brand >> >>Our interest in developing Gateway in Apache project is to follow an >>established development model, as well since many of the Hadoop >>ecosystem projects also are part of Apache, Gateway will complement >>those projects by following the same development and contribution >>model. >> >>Documentation >> >>There is documentation in Hortonworks¹ internal repositories. These >>can be shared upon request and will be transferred into the Apache CM >>system if this proposal is accepted. >> >>Initial Source >> >>The current initial source can be found in a GitHub repository. >>https://github.com/hortonworks/knox.git >> >>Source and Intellectual Property Submission Plan >> >>The complete Gateway code is under Apache Software License 2. >> >>External Dependencies >> >>The Gateway dependencies are listed below, separated by Category A and >>Category B as defined in the Apache Third-Party Licensing Policy. >>Note: These are the direct dependencies. Indirect dependencies are not >>included. >> >>Category A Dependencies >> >>Apache Commons - ASLv2.0 >> >>commons-io:commons-io#2.4 >>commons-cli:commons-cli#1.2 >>commons-codec:commons-codec#1.7 >>org.apache.commons:commons-digester3#3.2 >>org.apache.commons:commons-vfs2#2.0 >> >>Apache Hadoop - ASLv2.0 >> >>org.apache.hadoop:hadoop-auth#0.23.3 >>org.apache.hadoop:hadoop-core#1.0.3 >> >>Apache Geronimo - ASLv2.0 >> >>org.apache.geronimo.components:geronimo-jaspi#2.0.0 >>org.apache.geronimo.specs:geronimo-osgi-locator#1.1 >> >>Apache Shiro - ASLv2.0 >> >>org.apache.shiro:shiro-web#1.2.1 >> >>ApacheDS - ASLv2.0 >> >>org.apache.directory.server:apacheds-all#1.5.5 >> >>Log4J - ASLv2.0 >> >>log4j:log4j#1.2.17 >> >>SL4J - MIT >> >>org.slf4j:slf4j-api#1.6.6 >>org.slf4j:slf4j-log4j12#1.6.6 >> >>Guava - ASLv2.0 >> >>com.google.guava:guava#14.0-rc1 >> >>HttpClient - ASLv2.0 >> >>org.apache.httpcomponents:httpclient#4.2.1 >> >>Jetty - ASLv2.0 >> >>org.eclipse.jetty:jetty-server#8.1.7.v20120910 >>org.eclipse.jetty:jetty-servlet#8.1.7.v20120910 >>org.eclipse.jetty:jetty-webapp#8.1.7.v20120910 >>org.eclipse.jetty:jetty-jaspi#8.1.7.v20120910 >>org.eclipse.jetty.aggregate:jetty-all#8.1.7.v20120910 >>org.eclipse.jetty:test-jetty-servlet#8.1.7.v20120910 >> >>JBoss ShrinkWrap - ASLv2.0 >> >>org.jboss.shrinkwrap:shrinkwrap-api#1.0.1 >>org.jboss.shrinkwrap:shrinkwrap-impl-base#1.0.1 >>org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-javaee#2.0.0-a >>lpha-4 >>org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-javaee#2.0.0- >>alpha-4 >> >>Category A Dependencies (Test) >> >>EasyMock - ASLv2.0 >> >>org.easymock:easymock#3.0 >> >>XML Matchers - ASLv2.0 >> >>org.xmlmatchers:xml-matchers#0.10 >> >>Hamcrest - BSDv3 >> >>org.hamcrest:hamcrest-api#1.0 >>org.hamcrest:hamcrest-core#1.2.1 >>org.hamcrest:hamcrest-library#1.2.1 >> >>JsonPath - ASLv2.0 >> >>com.jayway.jsonpath:json-path#0.8.1 >>com.jayway.jsonpath:json-path-assert#0.8.1 >> >>XMLTool - ASLv2.0 >> >>com.mycila.xmltool:xmltool#3.3 >> >>REST-assured - ASLv2.0 >> >>com.jayway.restassured:rest-assured#1.6.2 >> >>Category B Dependencies >> >>Jersey - CDDLv1.1 or GPL2wCPE >> >>com.sun.jersey:jersey-server#1.14 >>com.sun.jersey:jersey-servlet#1.14 >> >>Jerico - EPLv1.0 >> >>net.htmlparser.jericho:jericho-html#3.2 >> >>Servlet - CDDLv1.0 or GPLv2 >> >>javax.servlet:javax.servlet-api#3.0.1 >> >>JUnit - CPLv1.0 >> >>junit:junit#4.11 >> >>Cryptography >> >>The Gateway uses cryptographic software indirectly as a result of >>having two dependencies: ApacheDS and Apache Shiro. Gateway does not >>include any special or custom cryptographic technologies. >> >>ApacheDS is an ASF project and has been classified Export Commodity >>Control Number (ECCN) 5D002.C.1 due to it¹s dependency on Bouncy >>Castle. More information on the ApacheDS classification can be found >>at >>http://svn.apache.org/repos/asf/directory/apacheds/trunk/installers/README >> >>Apache Shiro is an ASF project and has been classified Export >>Commodity Control Number (ECCN) 5D002.C.1. More information on the >>Apache Shiro classification can be found at >>http://svn.apache.org/repos/asf/shiro/trunk/README >> >>Required Resources >> >>Mailing lists >> >>knox-dev AT incubator DOT apache DOT org knox-commits AT incubator DOT >>apache DOT org knox-user AT hms incubator apache DOT org knox-private >>AT incubator DOT apache DOT org >> >>Subversion Directory >> >>https://svn.apache.org/repos/asf/incubator/knox >> >>Issue Tracking >> >>JIRA Knox (KNOX) >> >>Initial Committers >> >>Kevin Minder (kevin DOT minder AT hortonworks DOT com) >> >>Larry McCay (lmccay AT hortonworks DOT com) >> >>John Speidel (jspeidel AT hortonworks DOT com) >>Tom Beerbower (tbeerbower AT hortonworks DOT com) >>Sumit Mohanty (smohanty AT hortonworks DOT com) >>Venkatesh Seetharam (venkatesh AT hortonworks DOT com) >> >>Affiliations >> >>Kevin Minder (Hortonworks) >> >>Larry McCay (Hortonworks) >> >>John Speidel (Hortonworks) >>Tom Beerbower (Hortonworks) >>Sumit Mohanty (Hortonworks) >>Venkatesh Seetharm (Hortonworks) >>Owen O'Malley (Hortonworks) >>Mahadev Konar (Hortonworks) >>Alan Gates (Hortonworks) >>Devaraj Das (Hortwonrks) >>Chris Douglas (Microsoft) >>Chris Mattmann (NASA) >>Tom White (Cloudera) >> >>Sponsors >> >>Champion >> >>Devaraj Das (ddas AT apache DOT org) >> >>Nominated Mentors >> >>Owen O¹Malley (omalley AT apache DOT org) >>Mahadev Konar (mahadev AT apache DOT org) >>Alan Gates (gates AT apache DOT org) >>Devaraj Das (ddas AT apache DOT org) >>Chris Douglas (cdouglas AT apache DOT org) >>Chris Mattmann (chris DOT a DOT mattmann AT jpl DOT nasa DOT gov) >>Tom White (tom DOT e DOT white AT gmail DOT com) >> >>Sponsoring Entity >> >>Incubator PMC >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>For additional commands, e-mail: general-h...@incubator.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org >
--------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
