[ https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13995828#comment-13995828 ]
Andrew Purtell commented on HDFS-6134: -------------------------------------- {quote} Because of this, the idea is now: - A common set of Crypto Input/Output streams. [ ... ] - CryptoFileSystem. [ ... ] - HDFS client encryption. [ ... ] {quote} I would be great if the work is structured this way. A filtering CryptoFileSystem is needed for filesystem agnostic client side use cases, but e.g. if we want to push compression and encryption in HBase down into HDFS (which I think is desirable), or Hive or Pig or really any HDFS hosted Hadoop application, then doing so is far simpler if the DFS client supports transparent encryption directly. > Transparent data at rest encryption > ----------------------------------- > > Key: HDFS-6134 > URL: https://issues.apache.org/jira/browse/HDFS-6134 > Project: Hadoop HDFS > Issue Type: New Feature > Components: security > Affects Versions: 2.3.0 > Reporter: Alejandro Abdelnur > Assignee: Alejandro Abdelnur > Attachments: HDFSDataAtRestEncryption.pdf > > > Because of privacy and security regulations, for many industries, sensitive > data at rest must be in encrypted form. For example: the healthÂcare industry > (HIPAA regulations), the card payment industry (PCI DSS regulations) or the > US government (FISMA regulations). > This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can > be used transparently by any application accessing HDFS via Hadoop Filesystem > Java API, Hadoop libhdfs C library, or WebHDFS REST API. > The resulting implementation should be able to be used in compliance with > different regulation requirements. -- This message was sent by Atlassian JIRA (v6.2#6252)