search

Altinn / altinn-authorization

Altinn platform microservice for handling authorization
2 stars 3 forks source link

Make ABA ParseXacml async #794

Open TheTechArch opened 4 months ago

TheTechArch commented 4 months ago

Description

See if it is possible. Based on comment her https://github.com/Altinn/altinn-resource-registry/pull/372

Additional Information

No response

Tasks

No response

Acceptance Criterias

No response

Alxandr commented 4 months ago

I'm pretty sure it's possible (XmlReader has async APIs) - but I don't think this is the correct way of going about solving the underlying issue.

The issue is that the API as it stands makes it incredibly easy to use wrongly. Whatever API is created should be one that is hard to use wrong and easy to use correctly. Instead of just going "let's make it async" I would much rather the following questions answered:

  1. Why does it accept a XmlReader?
  2. How large (in bytes) are XacmlPolicies in the worst case? Is it reasonable to just read in the entire thing into memory?
  3. From where are XacmlPolicies typically read? Disk? Blob storage? Database? Network?
  4. Is it reasonable for someone to want to use the original stream/xml reader more after the XacmlPolicy has been constructed? Is there aditional information in the xml document not available through the created XacmlPolicy? Or can we "consume" the reader?

The answer to these questions should guide what APIs should be available.