Left some comments. Overall, I'm in favor of decoupling the authn entity resolution from the authorization process.
Mike On Fri, Feb 6, 2026 at 4:29 PM Dmitri Bourlatchkov <[email protected]> wrote: > Hi Sung, > > I went through the doc and left a few minor comments. Overall, it feels > like the right direction for the Authorizer refactoring. > > Thanks for diligent backward compatibility considerations! > > I'll check the PR out next week (hopefully on Mon). > > Cheers, > Dmitri. > > On Thu, Feb 5, 2026 at 10:20 PM Sung Yun <[email protected]> wrote: > > > Hi folks, > > > > I’ve put together an updated RFC[1] on refactoring the > > PolarisAuthorizer SPI and would appreciate community review and > > feedback. > > > > The RFC builds on the recent community sprint discussion[2] and pivots > > slightly from the previous RFC[3] to propose an incremental path to > > better support external PDP-backed authorizers, while keeping existing > > RBAC behavior and resolver semantics intact. It also outlines a > > multi-phase implementation plan and calls out a few longer-term > > questions around evolving the SPI from here. > > > > I'm looking forward to your feedback! > > > > Once it is reviewed and if there is support for this RFC in the > > mailing list, I'd like to proceed to break up the proposal into > > individual PRs corresponding to each implementation phase and start > > contributing incremental changes. > > > > Thanks, > > Sung > > > > [1] RFC: > > > https://docs.google.com/document/d/1OaiQG_C4-yUe0ihaDBxtw_mEcOOzUBnWPazzVbjQi5U/edit?tab=t.0 > > [2] Community Sprint Notes: > > > > > https://docs.google.com/document/d/1cUg4HnUGDN0JKMr0JWQTaKkgzSXENHZ4VMuyRfJ9oTQ/edit?tab=t.lzwxdgyu5e82#heading=h.jax6biqfrx3x > > [3] Previous RFC (Withdrawn): > > > > > https://docs.google.com/document/d/1vV4p35feUqrEuG4ciZ2ccPJTli1tR4c9YD4M_2Bi0Wc/edit?tab=t.0 > > >
