2019-03-05 06:04:49 UTC - jia zhai: Hi @Matteo Merli @Rajan Dhabalia I have one question about Authorization code. Seems in AuthorizationProvider, the passed in AuthenticationDataSource is not used: <https://github.com/apache/pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java#L90> Could it be removed from the code? ---- 2019-03-05 06:46:37 UTC - Matteo Merli: It’s not used in the default provider (based on zk), but that is not necessarily always true ---- 2019-03-05 06:47:40 UTC - Matteo Merli: for example, could do the authorization based on: * Some attributes from the client TLS certificate * Using tokens, the token itself might contains info on what the client is allowed to do ---- 2019-03-05 06:48:23 UTC - Matteo Merli: finally, once something is in the API, we cannot just remove it :slightly_smiling_face: ---- 2019-03-05 07:59:52 UTC - jia zhai: @Matteo Merli I see. Thanks for the explanation. I thought once it get a Role from Authentication, it is not useful. ----
