Mark Robson wrote:
2009/12/2 Ted Zlatanov <[email protected] <mailto:[email protected]>>OK. So what should the API be? Just one method, as Robin suggested? void login( Map<String, String> credentials, String keyspace ) throws AuthenticationException, AuthorizationException In this model the backend would still have login() and setKeyspace()/getKeyspace() separately to distinguish between authentication and authorization but the frontend API would merge them. I'd be against moving to a stateful protocol.
Strong agreement. The login method should return an opaque token which is passed on each call. If that messes up the API, that says more about Thrift than the auth model.
Bill
