-
Notifications
You must be signed in to change notification settings - Fork 7
ClientIdentity
Tom Bentley edited this page May 24, 2022
·
3 revisions
Some filters need to know the identity of the client. E.g. for audit logging or config policy.
But there are multiple ways a proxy might know this:
- By observing a successful authentication exchange (e.g. intercepting
SaslHandshake
andSaslAuthenticate
RPCs) - By authenticating the client on the proxy itself, and having the broker trust the identity passed to it from the proxy. See the authentication use case.
In order to be pluggable, the identity-using filters shouldn't need to know which of these methods is being used.
So we need a mechanism for one filter to pass the identity to later filters in the chain.