Hi naresh, Right now the Pulsar can only get the role from a common name, your PIP is an awesome idea that supports URI, DNS, RID, IP based Token as role, and is very helpful for large organizations.
In this PIP, you will introduce many configurations of identity mechanisms, which are complex if users are not clear about their application scenarios. I voted 0 for this PIP, and I suggest you implement your authentication provider by https://pulsar.apache.org/docs/next/security-extending. Thanks, Zixuan naresh <vnareshku...@gmail.com> 于2024年6月15日周六 16:24写道: > Hello, > > This is my PIP Request at https://github.com/apache/pulsar/pull/22917 > > If this PIP is acceptable, i am considering the following for the code > changes: > > 1. Enhance the existing > org.apache.pulsar.broker.authentication.AuthenticationProviderTls class > to > support these changes > 2. Create a new class > org.apache.pulsar.broker.authentication.AuthenticationProviderTlsSan > thats > backward compatible with current implementation > > Currently, I have made code changes on my local to support option-2. Before > I go far, requesting some feedback on the overall proposal. > > Thanks > Naresh >
