[
https://issues.apache.org/jira/browse/HDDS-8829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18007643#comment-18007643
]
Wei-Chiu Chuang commented on HDDS-8829:
---------------------------------------
Summary
This pull request introduces the use of symmetric keys for signing and
verifying delegation tokens in Apache Ozone. Previously, delegation
tokens were signed using asymmetric keys tied to Ozone Manager (OM)
certificates. This change leverages the existing Secret Key Service in
the Storage Container Manager (SCM) to manage shared symmetric keys for this
purpose.
To ensure backward compatibility during cluster upgrades, a new layout
feature (DELEGATION_TOKEN_SYMMETRIC_SIGN) was added. This allows
the system to handle both the old asymmetrically-signed tokens and the new
symmetrically-signed ones, ensuring a smooth transition. The
changes are compatible with older clients and Ozone Managers.
> Symmetric Keys for Delegation Tokens
> ------------------------------------
>
> Key: HDDS-8829
> URL: https://issues.apache.org/jira/browse/HDDS-8829
> Project: Apache Ozone
> Issue Type: New Feature
> Components: Ozone Manager
> Reporter: Duong
> Assignee: Sammi Chen
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.0.0
>
>
> Apply symmetric keys for delegation tokens.
>
> cc. [~pifta]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org
