dimas-b commented on issue #4291: URL: https://github.com/apache/polaris/issues/4291#issuecomment-4426658866
@sneethiraj : your analysis of current Polaris behaviour in this issue's description seems correct. However, I'm more sure the intended use case for user-define `PolarisPrincipal` properties is clear. How do you foresee these properties to be use in practice? Please note that the `PolarisPrincipal` class is distinct from Polaris Principal Entities. The former represents any authenticated actor, whose identity may be managed outside of Polaris (e.g. in Keycloak). The latter represents only local Polaris users. A user managed in an external IdP may not have a corresponding Polaris Principal Entity. In general, the current design calls for (pluggable) Authenticators to populate `PolarisPrincipal` properties from the information available in each request (e.g. from JWT claims). Properties of internal Polaris users can certainly be propagated into `PolarisPrincipal`, but it does not mean that such properties are available in all cases. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
