-
Notifications
You must be signed in to change notification settings - Fork 0
Concept
Extend Apache Ranger to support Policy Management of Web Services off the Hadoop Ecosystem.
Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. It provides a single point to manage the authorization in the environment. This centralisation is important as disparate management policies can lead to an ambiguous security landscape and mismanagement of access policies.
Apache Ranger has the following goals:
- Centralized security administration to manage all security related tasks in a central UI or using REST APIs.
- Fine grained authorization to do a specific action and/or operation with Hadoop component/tool and managed through a central administration tool
- Standardize authorization method across all Hadoop components.
- Enhanced support for different authorization methods - Role based access control, attribute based access control etc.
- Centralize auditing of user access and administrative actions (security related) within all the components of Hadoop.
The aim of this repository is to combine 2 facts:
- There is significant benefit in centralising security administration
- There may be components in a Data Platform that do not exist in the Hadoop Ecosystem
With these 2 points realised, this repo is starting with a simple extension to prove value. The initial goal is to extend Ranger to support HTTP Service Endpoints (i.e. a WebApp or API). This could be used to manage microservices that support the Data Platform, expose ML / AI models or provide an interface to other data stores.
After this service has been built out, I am looking to write a security extension to Neo4J that would enable Apache Ranger to provide fine-grain access control to resources, essentially providing the framework for ABAC functionality in a graph database.