All, Looks like there is little interest in this proposal. I will wait for few more days and close this.
Thanks for reading. Naresh On Sat, 22 Jun 2024 at 8:35 PM, Zixuan Liu <node...@gmail.com> wrote: > https://github.com/apache/pulsar/issues/4696 is different from this PIP. > When using mTLS authentication, the users must set the common name in the > cert, when using mTLS transport, the common name is unnecessary. > > This PIP's goal is how to get the role from the TLS certificate. > > > Environments like SPIFFE would get out-of-the-box support from pulsar > > Today I learned again about SPIFFE, which is widely used in the k8s > environment. This is a benefit for the pulsar. > > > Are you suggesting the pulsar community wont benefit from this and host > it > > in other git repo as separate plugin ? > > I don't object to this PIP, I just feel that it introduces a lot of > configuration values(san-ip,san-dns.....). > > Let's wait for feedback from others. > > Thanks, > Zixuan > > > naresh <vnareshku...@gmail.com> 于2024年6月22日周六 14:05写道: > > > Hi Liu, > > > > Only 2 new properties are added. I have already implemented code > extending > > AuthenticationProviderTls > > > > I have gone through older tickets which asked for this feature > > https://github.com/apache/pulsar/issues/4696 > > > > Environments like SPIFFE would get out-of-the-box support from pulsar > with > > this PIP as well as above ticket. > > > > Are you suggesting the pulsar community wont benefit from this and host > it > > in other git repo as separate plugin ? > > > > Thanks > > Naresh > > On Thu, 20 Jun 2024 at 7:54 PM, Zixuan Liu <node...@gmail.com> wrote: > > > > > Hi naresh, > > > > > > Right now the Pulsar can only get the role from a common name, your PIP > > is > > > an awesome idea that supports URI, DNS, RID, IP based Token as role, > and > > is > > > very helpful for large organizations. > > > > > > In this PIP, you will introduce many configurations of identity > > mechanisms, > > > which are complex if users are not clear about their application > > scenarios. > > > > > > I voted 0 for this PIP, and I suggest you implement your authentication > > > provider by https://pulsar.apache.org/docs/next/security-extending. > > > > > > Thanks, > > > Zixuan > > > > > > naresh <vnareshku...@gmail.com> 于2024年6月15日周六 16:24写道: > > > > > > > Hello, > > > > > > > > This is my PIP Request at > https://github.com/apache/pulsar/pull/22917 > > > > > > > > If this PIP is acceptable, i am considering the following for the > code > > > > changes: > > > > > > > > 1. Enhance the existing > > > > org.apache.pulsar.broker.authentication.AuthenticationProviderTls > > > class > > > > to > > > > support these changes > > > > 2. Create a new class > > > > > org.apache.pulsar.broker.authentication.AuthenticationProviderTlsSan > > > > thats > > > > backward compatible with current implementation > > > > > > > > Currently, I have made code changes on my local to support option-2. > > > Before > > > > I go far, requesting some feedback on the overall proposal. > > > > > > > > Thanks > > > > Naresh > > > > > > > > > >
