Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
Description
In KIP-504 there was mention to Make authorize() asynchronous, saying "In future, we can add async authorize as a new method on the API if required." Many high-performance systems out there (Envoy, Kubernetes, ...) have external authorization mechanisms and I think it would be nice if Kafka did the same. I am currently working on a Kafka integration, basically custom authn/authz modules that work with Apigee/Google, and the lack of asynchronous authorization makes the ideal approach impossible. (Ideally, an asynchronous authorize() would consult Apigee/Google and let the thirdparty dictate what rules it enforced instead of expecting Kafka to do this, or having to drive Kafka's users/ACLs to perform only some of the authorization needs.)