Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPKBr-00061Z-3F for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 08:18:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKBp-0002Cl-20 for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 08:18:29 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPKBo-0002A5-Nz for pgsql-hackers@lists.postgresql.org; Wed, 02 Mar 2022 08:18:28 +0000 Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPKBk-0008Va-BR for pgsql-hackers@postgresql.org; Wed, 02 Mar 2022 08:18:27 +0000 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 860285C0256; Wed, 2 Mar 2022 03:18:22 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Wed, 02 Mar 2022 03:18:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=WERbabP9BkINGXkApTJeSlVAQCSoKSaKM/czjQxZ+ 5M=; b=fbLD6/7q+tSTD7p5q/Bu3CfojHho8GQfi/5Z5PnrPoR4VRorPM0hiW3g3 E0idWstXk9kUM7q8B13ts/XJlxHzOZhqDCfyE9w6392Sf+eonTNIkRkDTXO4t8Ol MxaSwkigH/a9XxYcD3KE4/D3XFiG3LX3XUc7W09QS1z8GsqyLAdPUIamgfoqk0sb POE9rCIAv9CTwHSEqIk3xD291kzV0+i9xQSRPzlfqS1IWMn6k2WuNeJvmQ/MLzBP p7l6YrCrHA+EZQ3Sm78iKM8xabrFGAP4YslvBV9NAI89CyCOCves5HamwXvM3pis l588XuJjbOwawNFJjU+ev3fCgdgzw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddtfedguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght vghrucfgihhsvghnthhrrghuthcuoehpvghtvghrrdgvihhsvghnthhrrghuthesvghnth gvrhhprhhishgvuggsrdgtohhmqeenucggtffrrghtthgvrhhnpeefjeegheetuefhveev udelueeftdejteeiffetvdduhfdtieefgfeutedtveeggfenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvghtvghrrdgvihhsvghnthhrrghu thesvghnthgvrhhprhhishgvuggsrdgtohhm X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 2 Mar 2022 03:18:19 -0500 (EST) Message-ID: <98e600a9-77c3-970a-93df-fbd19b54c7cd@enterprisedb.com> Date: Wed, 2 Mar 2022 09:18:17 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: [PATCH] Expose port->authn_id to extensions and triggers Content-Language: en-US To: Jacob Champion , "rjuju123@gmail.com" Cc: "pgsql-hackers@postgresql.org" , "michael@paquier.xyz" , "sfrost@snowman.net" References: <793d990837ae5c06a558d58d62de9378ab525d83.camel@vmware.com> <2e28b12b450f247d5c0994207030c862263e0297.camel@vmware.com> <20220224171538.jbf2cxzmhiwuinp4@jrouhaud> <64586c91c87c067dd912a24438570a8b8ccb93e0.camel@vmware.com> From: Peter Eisentraut In-Reply-To: <64586c91c87c067dd912a24438570a8b8ccb93e0.camel@vmware.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 01.03.22 23:05, Jacob Champion wrote: > On Tue, 2022-03-01 at 19:56 +0100, Peter Eisentraut wrote: >> This patch contains no documentation. I'm having a hard time >> understanding what the name "session_authn_id" is supposed to convey. >> The comment for the Port.authn_id field says this is the "system >> username", which sounds like a clearer terminology. > > "System username" may help from an internal development perspective, > especially as it relates to pg_ident.conf, but I don't think that's > likely to be a useful descriptor to an end user. (I don't think of a > client certificate's Subject Distinguished Name as a "system > username".) Does my attempt in v5 help? Yeah, maybe there are better names. But I have no idea what the letter combination "authn_id" is supposed to stand for. Is it an "authentication identifier"? What does it identify? Maybe I'm missing something here, but I don't find it clear.