hubcio commented on PR #2656: URL: https://github.com/apache/iggy/pull/2656#issuecomment-4029637686
@Tyooughtul good questions, but don't worry about VSR here and don't expand the scope - let's finish this PR first. There are still a few unresolved inline comments from @spetz's latest review - please mark them as resolved if you did that. As for the architectural stuff: - Identity mapping / permissions- valid concerns, but let's track them as separate issues. No need to solve everything in one PR. - JWKS cache - local-only with short TTLs is totally fine. Fits our shared-nothing model, no need to sync state across nodes. - Protocol - HTTP-only is good enough for now. We can always extend to other transports later if there's demand. For clustering: JWKS keys could be replicated via the metadata plane, same way PATs are - one node fetches, all replicas get them through VSR. No need for each node to hit external IdP endpoints independently. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
