Hi Mike, I left some comments in the doc, but overall it looks good to me :)
I still think there are some hidden dependencies on Persistence. For example, whether and how we can have composite keys for persisted federated entities... but I guess we can work that out later. Also, I think it is important for the Authorizer API to avoid assuming that all principals are persisted. Specific authorizer implementations (including the default one) can certainly expect persisted principals, but the API should require that for the sake of flexibility of possible AuthN/Z extensions. WDYT? Cheers, Dmitri. On Thu, Nov 14, 2024 at 7:43 PM Michael Collado <collado.m...@gmail.com> wrote: > Hey folks > > As discussed during the community sync, I've put together some thoughts on > how we'd add support for federated identities in Polaris. I copied over > some of what I had in the issue at > https://github.com/apache/polaris/issues/441 and put it into the doc here: > > > https://docs.google.com/document/d/15_3ZiRB6Lhzw0nxij341QUdxEIyFGTrI9_18bFIyJVo/edit?tab=t.0 > . > > Please take a look when you get some time and let me know what you think. > Given that our next community sync is scheduled for the Thanksgiving > holiday in the US, it might be useful to schedule a meeting specifically > for this. I can schedule that sync if needed. > > Mike >
