snazy commented on issue #3059: URL: https://github.com/apache/polaris/issues/3059#issuecomment-3543486262
It seems that the description lacks information about the concrete use-case. Principals are uniquely identified by the principal name, and I think it should stay like this. The principal ID is IMHO purely a technical and internal Polaris concern, and should really neither be exposed nor accepted as an input. There are a couple of things that confuse me: * `OIDC providers cannot determine or supply the correct internal principal_id.` That's totally correct. That ID is generated by exclusively Polaris, not defined or supplied by an external system. * `Users unknowingly depend on an undocumented behavior (principal_id = 0) to make authentication work.` How can a user rely on something that's not returned from the API? * `The current mix of ID-based and name-based logic is ambiguous and confusing.` The ID is not returned. How can it be ambiguous then? * `The user experience degrades because the expected mapping logic is not transparent.` Why does it degrade? The API visible mapping is clear: principal-name -> principal. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
