[jira] [Commented] (HBASE-6222) Add per-KeyValue Security

Mon, 04 Mar 2013 02:07:20 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13592095#comment-13592095
 ] 

nkeywal commented on HBASE-6222:
--------------------------------

If I understand well, the choice depends on the number of different ACL are we 
expecting and if we have access patterns that would make caching efficient. Do 
we know this? With a reference based implementation, for a scan it would make 
sense  to first check the reference of the ACL that gives us a read access, and 
then use this for all the kv in the table. The caching duration policy could be 
per scan. 

Lastly, if it's considered as "nearly immutable" data, it's possible to use a 
ZooKeeper node to invalidate the cache on an update. This works well if you 
have a few update per hour (with as many insert as you like).  Then policy is 
'infinite cache'.
                
> Add per-KeyValue Security
> -------------------------
>
>                 Key: HBASE-6222
>                 URL: https://issues.apache.org/jira/browse/HBASE-6222
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.96.0, 0.98.0
>            Reporter: stack
>            Assignee: Andrew Purtell
>         Attachments: 6222-aclcf.patch, 6222.pdf, 
> cell-acls-kv-tags-not-for-review.zip, 
> HBaseCellRow-LevelSecurityDesignDoc.docx, HBaseCellRow-LevelSecurityPRD.docx
>
>
> Saw an interesting article: 
> http://www.fiercegovernmentit.com/story/sasc-accumulo-language-pro-open-source-say-proponents/2012-06-14
> "The  Senate Armed Services Committee version of the fiscal 2013 national 
> defense authorization act (S. 3254) would require DoD agencies to foreswear 
> the Accumulo NoSQL database after Sept. 30, 2013, unless the DoD CIO 
> certifies that there exists either no viable commercial open source database 
> with security features comparable to [Accumulo] (such as the HBase or 
> Cassandra databases)..."
> Not sure what a 'commercial open source database' is, and I'm not sure whats 
> going on in the article, but tra-la-la'ing, if we had per-KeyValue 'security' 
> like Accumulo's, we might put ourselves in the running for federal 
> contributions?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to