In your KIP you added security. provider as rejected alternative and specified "its not the correct way". Do you mind explaining why its not? I didn't find any evidence in Java docs to say so. Contrary to your statement it does say in the java docs " However, please note that a provider can be used to implement any security service in Java that uses a pluggable architecture with a choice of implementations that fit underneath."
Java Security Providers have been used by other projects to provide such integration . I am not sure if you looked into Spiffe project to efficiently distribute certificates but here is an example of Java provider https://github.com/spiffe/spiffe-example/blob/master/java-spiffe/spiffe-security-provider/src/main/java/spiffe/api/provider/SpiffeProvider.java which obtains certificates from local daemons. These integrations are being used in Tomcat, Jetty etc.. We are also using Security provider to do the same in our Kafka clusters. So unless I see more evidence why security.provider doesn't work for you adding new interfaces while there exists more cleaner way of achieving the goals of this KIP is unnecessary and breaks the well known security interfaces provided by Java itself. Thanks, Harsha On Thu, Aug 08, 2019 at 6:54 AM, Harsha Chintalapani <ka...@harsha.io> wrote: > Hi Maulin, > Not sure if you looked at my previous replies. This changes > are not required as there is already security Provider to do what you are > proposing. This KIP https://cwiki.apache.org/confluence/display/KAFKA/ > KIP-492%3A+Add+java+security+providers+in+Kafka+Security+config also > addresses easy registration of such providers. > > Thanks, > Harsha > > > On Wed, Aug 07, 2019 at 11:31 PM, Maulin Vasavada <maulin.vasavada@gmail. > com> wrote: > > Bump! Can somebody please review this? > > On Tue, Jul 16, 2019 at 1:51 PM Maulin Vasavada <maulin.vasav...@gmail.com> > wrote: > > Bump! Can somebody please review this? > >
