Thanks Larry! My numbering got messed up, I fixed it now! Good catch on the external IdP, I changed the wording to "Knox needs to have a clear line of sight to the IdP." The previous choice of words was confusing. Thank you for taking a look and looking forward to your feedback.
On Mon, Feb 12, 2024 at 7:30 PM larry mccay <lmc...@apache.org> wrote: > Very interesting, @Sandeep More <moresand...@gmail.com> - thank you for > this! > > Looks like there is a missing UC2. > I also note a comment that a clear line of sight is required - I may need > more information on that but need to read it greater detail. > Look forward to reading it closely! > > thanks > > --larry > > On Fri, Feb 9, 2024 at 3:39 PM Sandeep Moré <moresand...@gmail.com> wrote: > > > Hello Folks, > > With workloads moving towards Kubernetes we should think about using Knox > > for authentication and authorization in Kubernetes. > > > > I created a design document (KIP) which includes design and usecases I > can > > think of: > > > > > https://cwiki.apache.org/confluence/display/KNOX/KIP-16+Knox+as+External+Authorizer+in+Kubernetes > > > > I would love to know your thoughts, comments and critiques on this. > > > > Best, > > Sandeep > > >