The Pulsar code base uses different terms (principal, role, client-id, app-id, etc..) when referring to authentication and authorization. Different places use different terms that may or may not mean the same thing. All these different terms get overloaded and make it confusing to reason about the code. Additionally, it makes it challenging to talk/discuss code related to authentication/authorization.
I propose we standardize on a few terms and then clean up the code and docs to reflect this. I suggest the following terms: principal => this identifies a client and is a unique value. role => a role or roles are associated with a principal and the role(s) are used to determine whether or not the principal can perform a certain action. Based on these definitions I think the job of the two auth interfaces are. AuthenticationProvider => identify the client and return the principal AuthorizationProvider => determine whether or not the principal can perform a certain action. Thoughts?
