Security is a consideration of Query Server development. I have a TODO item in this area, but haven't fleshed it out too much yet. My thinking is that we'll follow the model example provided by HBase's own REST gateway. HTTPS between client and server; grabbing kerbros credentials from the environment; server acting on authenticated user's behalf while interacting with the cluster. I don't know where LDAP might fit into this, but I'm happy to take some direction. If you're interested in contributing, this would be a great area as we can always use more help on security.