HI everyone. Can we get 2 more binding votes on this KIP (and non-binding votes, too)?
Ron On Fri, May 4, 2018 at 11:53 AM, Rajini Sivaram <rajinisiva...@gmail.com> wrote: > Hi Ron, > > +1 (binding) > > Thanks for the KIP! > > Regards, > > Rajini > > On Fri, May 4, 2018 at 4:55 AM, Ron Dagostino <rndg...@gmail.com> wrote: > > > Hi everyone. I would like to start the vote for KIP-255: > > https://cwiki.apache.org/confluence/pages/viewpage. > action?pageId=75968876 > > > > This KIP proposes to add the following functionality related to > > SASL/OAUTHBEARER: > > > > 1) Allow clients (both brokers when SASL/OAUTHBEARER is the inter-broker > > protocol as well as non-broker clients) to flexibly retrieve an access > > token from an OAuth 2 authorization server based on the declaration of a > > custom login CallbackHandler implementation and have that access token > > transparently and automatically transmitted to a broker for > authentication. > > > > 2) Allow brokers to flexibly validate provided access tokens when a > client > > establishes a connection based on the declaration of a custom SASL Server > > CallbackHandler implementation. > > > > 3) Provide implementations of the above retrieval and validation features > > based on an unsecured JSON Web Token that function out-of-the-box with > > minimal configuration required (i.e. implementations of the two types of > > callback handlers mentioned above will be used by default with no need to > > explicitly declare them). > > > > 4) Allow clients (both brokers when SASL/OAUTHBEARER is the inter-broker > > protocol as well as non-broker clients) to transparently retrieve a new > > access token in the background before the existing access token expires > in > > case the client has to open new connections. > > > > Thanks, > > > > Ron > > >
