This talk will cover the topics of attribute-based access control (ABAC), Apache Ranger, and Apache Accumulo.
Attribute-based access control (ABAC) is a relatively new standard from NIST that provides a flexible framework that replaces the complex matrix nightmare scenario of user/group/role mappings in enterprise role-based access control (RBAC) systems. ABAC provides the ability to manage and enforce authorizations for both person and non-person entities and makes policy decisions based on subject, action, resource, and environment attributes.
Ranger and Accumulo are two technologies that, when combined, allow creation of systems that support ABAC at the cell-level. Ranger provides an extensible framework for distributed policy decision and enforcement with centralized administration as well as auditing authorization decisions within the Apache Hadoop ecosystem. Accumulo's pluggable security model enables the integration of Ranger providing GUI- and REST-driven authorization management, user and group synchronization with LDAP endpoints, and a centralized authorization audit repository.
The combination of Ranger and Accumulo enables alignment with NIST ABAC standards for the Hadoop ecosystem. This talk will cover why that matters, the mechanics of Ranger's authorization model, and demonstrate an integration of the two systems.