[
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15995692#comment-15995692
]
Jason Lowe commented on YARN-3053:
----------------------------------
Thanks for updating the document, Varun! I think the approach is reasonable,
since it piggybacks on the discovery problem which already needed to be solved.
Also I think it makes sense that we don't need to persist the tokens in any
way, since the collector needs to be re-discovered if restarted and new tokens
can be handed out at that point.
Not really a security concern, but I'm assuming the ATSv2 client is going to
have to buffer/spool events until the collector has been discovered or there's
some kind of flow control mitigation there. By default the AM is being started
with no way to write events until the collector is discovered (which could take
some number of heartbeats given the circuitous route the information takes) and
there's also the case where the collector becomes unavailable temporarily
(e.g.: collector restarts/crashes/etc.).
> [Security] Review and implement authentication in ATS v.2
> ---------------------------------------------------------
>
> Key: YARN-3053
> URL: https://issues.apache.org/jira/browse/YARN-3053
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Varun Saxena
> Labels: YARN-5355, yarn-5355-merge-blocker
> Attachments: ATSv2Authentication(draft).pdf,
> ATSv2Authentication.v01.pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and
> any other relevant security aspects.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
