Secure MapReduce

WARNING: Work In Progress

The descriptions of the interactions below take this form.

[Protocol] message( input ) : output

The [Protocol] portion describes the protocol, authentication mechanism and identities exchanged.

[KRB] = Kerberos Protocol
[RSK:

] = RPC protocol with SASL mutual authentication using Kerberos tickets.
[RSD:\{delegation\-token] = RPC protocol with SASL mutual authentication using delegation tokens.
[DTP] = Data transfer protocol between the DataNode and a client. HTTP protocol with block tokens plus SHA1 hash exchange

Suffixes are used in many cases to denote type
tgt = Kerberos Ticket Granting Ticket
kp = Kerberos Principal: nn-kp = The Kerberos principal for the NameNode nn
kt = Kerberos Ticket: u-jt-kt = A Kerberos Ticket for User u to access the JobTracker jt

nn-kp = NameNode's Kerberos Principal
dn-kp = DataNode's Kerberos Principal (Unique principal for each DataNode on every node)
jt-kp = JobTracker's Kerberos Principal
tt-kp = TaskTracker's Kerberos Principal (Unique principal for each TaskTracker on every node)

u-nn-kt = Kerberos service ticket for User u to access NameNode nn
u-jt-kt = Kerberos service ticket for User u to access JobTracker jt
dn-nn-kt = Kerberos service ticket for DataNode dn to access NameNode nn
jt-nn-kt = Kerberos service ticket for JobTracker dn to access NameNode nn
tt-jt-kt = Kerberos service ticket for TaskTracker tt to access JobTracker jt