xunliu opened a new issue, #6762: URL: https://github.com/apache/gravitino/issues/6762
### Background The Gravitino implementation permission pushdown underlying data source to authorization (Just like Apache Ranger, IAM, etc.,), Because every data source has a different permissions system, This way lets us difficulty unified authentication, So we consider the implementation a unified metadata authentication in the Gravitino API services. - Metadata Authentication Design doc: https://docs.google.com/document/d/1KL7Ffbh7dIwPaGrinjq3TcCA2vlcsFvyrUUO-tRnEpI/edit?tab=t.0#heading=h.k0lgyx370gfp - DEMO PR: https://github.com/apache/gravitino/pull/6676 ### Advantages Provider unified metadata authentication in the Gravitino RESTful interface, support curl command and Gravitino Java/Python client to connect Gravitino check authentication based on the user identity. The Gravitino RESTful interface supports GET/POST/PUT/DELETE operations. These operations map metadata Get a metadata/Create a metadata/Update a metadata/Delete a metadata. ### Disadvantages We are through the RESTful interface only checking authentication metadata permission, Not checking data permission. ### Task list - Authentication framework - [x] #6774 - [x] #6775 - [x] #6783 - [x] #6785 - [x] #6786 - [x] #6787 - [x] #6788 - Jcasbin - [x] #6826 - [x] #6827 - User - [x] #6784 - [ ] #6789 - Connector - [ ] #6790 - [ ] #6791 - [ ] #6792 - Client - [x] #6793 - [ ] Python client - Storage - [x] #6794 - Performance - TODO - User & Group - #7710 - #7711 - #7712 - #7713 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
