Security Within Ozone

This section documents the various security features used within Ozone.

📄️ Kerberos

1. Kerberos

📄️ Symmetric Encryption

In secure mode, Ozone issues tokens to authorize and verify each block and container access. Traditionally, each token is signed by Ozone Manager (OM) or Storage Container Manager (SCM) using RSA private keys and verified by Datanodes using public keys and certificates. However, with RSA private key sizes of 2048 bits, the signing operation is computationally expensive and can contribute more than 80% to the latency of read/write operations in Ozone Manager.

📄️ Tokens

Ozone uses token-based authentication to secure access to data stored in containers and blocks.

📄️ Certificates

TODO: File a subtask under HDDS-9862 and complete this page or section.

📄️ TLS

TODO: File a subtask under HDDS-9862 and complete this page or section.

📄️ SASL

TODO: File a subtask under HDDS-9862 and complete this page or section.

📄️ S3 Credentials

TODO: File a subtask under HDDS-9862 and complete this page or section.