All - I've thrown together a proposal KIP for adding Virtual Group Mapping to Knox identity assertion providers. [1]
Being able to create virtual groups based on aspects of the established security context, identity, group memberships and attributes from the request or other things will enabled a number of new capabilities. Things like, more advanced and dynamic authorization policies and acls, custom routing, throttling, QoS levels, etc. Thoughts? thanks, --larry 1. https://cwiki.apache.org/confluence/display/KNOX/KIP-16+-+Virtual+Groups+in+Apache+Knox
