[
https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur resolved HDFS-6134.
--------------------------------------
Resolution: Duplicate
[Cross-posting with HADOOP-10150, closing this JIRA as duplicate, discussion
to continue in HADOOP-10150]
Larry, Steve, Nicholas, thanks for your comments.
Todd Lipcon and I had an offline discussion with Andrew Purtell, Yi Liu and
Avik Dey to see if we could combine what HADOOP-10150 and HDFS-6134 into one
proposal while supporting both, encryption for multiple filesystems and
transparent encryption for HDFS.
Also, following Steve’s suggestion, I’ve put together a Attack Vectors Matrix
for all approaches.
I think both documents, the proposal and the attack vectors, address most if
not all the questions/concerns raised in the JIRA.
Please look for the documents in HADOOP-10150.
> Transparent data at rest encryption
> -----------------------------------
>
> Key: HDFS-6134
> URL: https://issues.apache.org/jira/browse/HDFS-6134
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.3.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HDFSDataAtRestEncryption.pdf
>
>
> Because of privacy and security regulations, for many industries, sensitive
> data at rest must be in encrypted form. For example: the healthcare industry
> (HIPAA regulations), the card payment industry (PCI DSS regulations) or the
> US government (FISMA regulations).
> This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can
> be used transparently by any application accessing HDFS via Hadoop Filesystem
> Java API, Hadoop libhdfs C library, or WebHDFS REST API.
> The resulting implementation should be able to be used in compliance with
> different regulation requirements.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
