+1 (non-binding)
On Tue, Aug 6, 2013 at 10:52 AM, Sravya Tirukkovalur <sra...@cloudera.com>wrote: > +1 Accept > > > On Mon, Aug 5, 2013 at 1:29 PM, Patrick Hunt <ph...@apache.org> wrote: > > > +1 Accept Sentry in the Incubator > > > > Regards, > > > > Patrick > > > > On Mon, Aug 5, 2013 at 6:23 AM, Shreepadma Venugopalan > > <shreepa...@cloudera.com> wrote: > > > Following the discussions last week, I'm calling a vote to accept > Sentry > > as > > > a new project in the Apache Incubator. > > > > > > The proposal draft is available at: > > > https://wiki.apache.org/incubator/SentryProposal and is also pasted to > > the > > > bottom of this email. It is identical to what was proposed except for > a) > > > addition of two new mentors, and b) removal of the user list for now, > per > > > Marvin's suggestion. The proposal thread is available at: > > > http://goo.gl/bvvJPh > > > > > > [ ] +1 Accept Sentry in the Incubator > > > [ ] +/-0 Don't care > > > [ ] -1 Don't accept Sentry in the Incubator because... > > > > > > Thanks. > > > Shreepadma > > > > > > > > > = Sentry - A fine-grained Authorization System for the Hadoop > ecosystem = > > > > > > == Abstract == > > > > > > Sentry is a highly modular system for providing fine grained role based > > > authorization to both data and metadata stored on an Apache Hadoop > > cluster. > > > Sentry can be used to enforce various access policy rules when > accessing > > > data stored on Hadoop Distributed File System through various Hadoop > > > ecosystem components such as Apache Hive, Apache Pig or others. > > > > > > == Proposal == > > > > > > Traditionally, user access control in Apache Hadoop has been > implemented > > > using file based permissions on HDFS. Following the UNIX permissions > > model, > > > HDFS offers all or nothing semantics allowing administrator to > configure > > > system to allow certain users or user groups read, write or perform > both > > > operations on files. This system does not enable more fine grained > > > permissions that allow access policies for logical parts within one > file. > > > Furthermore, this model can't be used to restrict access to the rich > set > > of > > > objects in the metadata catalog that are stored outside HDFS. > > > > > > Sentry will provide true role-based fine-grained user access control > for > > > Apache Hadoop and its ecosystem components such as Hive, Pig or HBase. > > This > > > includes providing fine- grained role based access to both data as well > > as > > > the metadata, which provides a rich object based abstraction such as > > > databases, tables or columns. > > > > > > == Background == > > > > > > Sentry was initially developed by Cloudera to allow users fine grained > > > access to data as well as the metadata in Apache Hadoop. > > > > > > Sentry has been maintained as an open source project on Cloudera’s > > github. > > > Sentry was previously called “Access”. All code in Sentry is open > source > > > and has been made publicly available under the Apache 2 license. During > > > this time, Sentry has been formally released two times as versions > 1.0.0 > > > and 1.1.0. > > > > > > == Rationale == > > > > > > Currently, users don't have a way to achieve fine grained enforceable > > user > > > access control to data stored in HDFS and their associated metadata. > > While > > > users can use file based permissions to control access to specific > > > directories and files, it is insufficient because access can't be > > > restricted to file parts i.e., to specific lines or logical columns. In > > the > > > absence of such support, users have to resort to duplicating data. > > > Furthermore, file based permissions are insufficient to provide any > form > > of > > > access control to the metadata that provides an object abstraction such > > as > > > databases, tables, columns or partitions over the data stored in HDFS. > > > > > > Current Sentry developers subscribe to the mission of ASF and are > > familiar > > > with the open source development process. Several members are already > > > committers and PMC members of various other Apache projects. > > > > > > == Initial Goals == > > > > > > Sentry is currently in its first major release with a considerable > number > > > of enhancement requests, tasks, and issues recorded towards its future > > > development. The initial goal of this project will be to continue to > > build > > > community in the spirit of the "Apache Way", and to address the highly > > > requested features and bug-fixes towards the next dot release. > > > > > > == Current Status == > > > === Meritocracy === > > > > > > Intent of the proposal is to build a diverse community of developers > > around > > > Sentry. Sentry started as a open source project on Github, driven in > the > > > spirit of open source and we would like to continue in this spirit by, > > for > > > example, encouraging contributors from a variety of organizations. > > > > > > === Community === > > > > > > Sentry stakeholders desire to expand the user and developer base of > > Sentry > > > further in the future. The current sets of developers in Sentry are > > > committed to building a strong user base and open source community > around > > > the project. Development discussions within the current team have been > > on a > > > public mailing [[ > > > https://groups.google.com/a/cloudera.org/forum/#!forum/access-dev | > > list]]. > > > > > > === Core Developers === > > > > > > The core developers for the Sentry project are Brock Noland, Shreepadma > > > Venugopalan, Prasad Mujumdar and Jarek Jarcec Cecho. Other > contributors > > > include Arvind Prabhakar and Xuefu Zhang. All engineers have deep > > expertise > > > in Hadoop and various other ecosystem components. > > > > > > === Alignment === > > > > > > Sentry complements the access control feature of some projects in the > > > Apache Hadoop ecosystem, such as HDFS file permissions, by providing > > finer > > > grained access control to data and metadata. It supersedes the access > > > control capabilities of some other projects such as Apache Hive by > > > providing stronger guarantees against malicious access. Currently, > > Sentry > > > integrates with Apache Hive, however we are planning to provide support > > for > > > other components such as Apache Pig. > > > > > > While projects such as Apache Knox aim to provide perimeter security, > the > > > goal of Sentry is to implement a fine-grained role-based access control > > > policy. Thus Sentry complements Apache Knox. > > > > > > == Known Risks == > > > > > > === Orphaned Products === > > > > > > Sentry is already deployed in production at a few well established > > > companies and they are actively sharing feature requests. The risks of > it > > > being orphaned is negligible. > > > > > > === Inexperience with Open Source === > > > > > > All committers of the Sentry project are intimately familiar with the > > > Apache model for open-source development and are experienced with > working > > > with various Apache open -source communities. > > > > > > === Homogeneous Developers === > > > > > > The initial set of committers includes developers from several > > > organizations - Cloudera, Oracle, Lab41, Nvidia and Wibidata. We > expect > > > that once approved for incubation, the project will further attract new > > > contributors. > > > > > > === Reliance on Salaried Developers === > > > > > > It is expected that Sentry will be developed on both salaried and > > volunteer > > > time, although all of the initial developers will work on it mainly on > > > salaried time. > > > > > > === Relationships with Other Apache Products === > > > > > > Sentry depends on other Apache Projects: Apache Hadoop, Apache Log4J, > > > Apache Hive, Apache Shiro, multiple Apache Commons components. Build is > > > orchestrated by Apache Maven. Sentry complements Apache Knox. > > > > > > === An Excessive Fascination with the Apache Brand === > > > > > > We would like Sentry to become an Apache project to further foster a > > > healthy community of users and developers around it. Since Sentry > solves > > an > > > important problem faced by Apache Hadoop users and interacts with other > > > components of the Apache Hadoop ecosystem, we believe that Apache is > the > > > right home for Sentry. > > > > > > == Documentation == > > > > > > * Cloudera provides documentation specific to its distribution of > > Sentry > > > at: > > > > > > http://www.cloudera.com/content/cloudera-content/cloudera-docs/Sentry/Sentry.pdf > > > * Sentry jira at Cloudera: https://issues.cloudera.org/browse/access > > > > > > == Initial Source == > > > > > > https://github.com/cloudera/access > > > > > > == Source and Intellectual Property Submission Plan == > > > > > > All of Sentry’s code is under Apache 2 license already. > > > > > > == External Dependencies == > > > > > > All dependencies have licenses compatible with ASL. Dependencies that > are > > > not directly using ASL are, > > > > > > * Junit - Eclipse Public License > > > > > > == Cryptography == > > > > > > Sentry currently doesn’t directly use any cryptographic libraries. > > However, > > > Sentry uses Apache Shiro, which provides support for cryptography > > features > > > such as hash, cipher etc. > > > > > > == Required Resources == > > > > > > === Mailing Lists === > > > > > > * priv...@sentry.incubator.apache.org for private PMC discussions > > (with > > > moderated subscriptions) > > > * secur...@sentry.incubator.apache.org for private security related > > > discussions > > > * d...@sentry.incubator.apache.org > > > * comm...@sentry.incubator.apache.org > > > > > > === Source code repository === > > > > > > Git repository running at http://git-wip-us.apache.org/. > > > > > > === Issue Tracking === > > > > > > JIRA Sentry (SENTRY) > > > > > > === Other Resources === > > > > > > The existing code already has unit and integration tests so we would > > like a > > > Jenkins CI instance that would run the tests on reference environment. > We > > > would also like to use Jenkins to run tests for every newly submitted > > patch > > > (so called pre-commit hook), however this can be added after project > > > creation. > > > > > > == Initial Committers == > > > > > > * Ali Rizvi (ali.rizvi at oracle.com) > > > * Arvind Prabhakar (arvind at apache.org) > > > * Brock Noland (brock at apache.org) > > > * Chaoyu Tang (ctang at cloudera.com) > > > * Daisy Zhou (daisy at wibidata.com) > > > * David Nalley (ke4qqq at apache.org) > > > * Erick Tryzelaar(etryzelaar at iqt.org) > > > * Greg Chanan (gchanan at apache.org) > > > * Hadi Nahari (hnahari at nvidia.com) > > > * Jarek Jarcec Cecho (jarcec at apache.org) > > > * Johnny Zhang (xiaoyuz at cloudera.com) > > > * Karthik Ramachandran (kramachandran at iqt.org) > > > * Mark Grover (mgrover at cloudera.com) > > > * Milo Polte (milo at wibidata.com) > > > * Lenni Kuff (lskuff at cloudera.com) > > > * Patrick Daly (daly at cloudera.com) > > > * Patrick Hunt (phunt at apache.org) > > > * Prasad Mujumdar (prasadm at apache.org) > > > * Raghu Mani (raghu.mani at oracle.com) > > > * Sean Mackrory (sean at cloudera.com) > > > * Shreepadma Venugopalan (shreepadma at cloudera.com) > > > * Sravya Tirukkovalur (sravya at cloudera.com) > > > * Tom White (tomwhite at apache.org) > > > * Xuefu Zhang (xuefu at apache.org) > > > > > > == Affiliations == > > > > > > * Ali Rizvi (Oracle) > > > * Arvind Prabhakar (Cloudera) > > > * Brock Noland (Cloudera) > > > * Chaoyu Tang (Cloudera) > > > * Daisy Zhou (Wibidata) > > > * David Nalley (Citrix) > > > * Erick Tryzelaar (Lab41) > > > * Greg Chanan (Cloudera) > > > * Hadi Nahari (Nvidia) > > > * Jarek Jarcec Cecho (Cloudera) > > > * Johnny Zhang (Cloudera) > > > * Karthik Ramachandran (Lab41) > > > * Mark Grover (Cloudera) > > > * Milo Polte (Wibidata) > > > * Lenni Kuff (Cloudera) > > > * Patrick Daly (Cloudera) > > > * Patrick Hunt (Cloudera) > > > * Prasad Mujumdar (Cloudera) > > > * Raghu Mani (Oracle) > > > * Sean Mackrory (Cloudera) > > > * Shreepadma Venugopalan (Cloudera) > > > * Sravya Tirukkovalur (Cloudera) > > > * Tom White (Cloudera) > > > * Xuefu Zhang (Cloudera) > > > > > > == Sponsors == > > > > > > === Champion === > > > > > > * Arvind Prabhakar (Cloudera) > > > > > > === Nominated Mentors === > > > > > > * Arvind Prabhakar (Cloudera) > > > * David Nalley (Citrix) > > > * Joe Brockmeier (Citrix) > > > * Olivier Lamy (Ecetera) > > > * Patrick Hunt (Cloudera) > > > * Tom White (Cloudera) > > > > > > === Sponsoring Entity === > > > > > > We are requesting the Incubator to sponsor this project. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > -- > Sravya Tirukkovalur > -- Apache MRUnit - Unit testing MapReduce - http://mrunit.apache.org
