The problem description is too narrow. It focuses on the cloud use-case and omits to mention that the same problem may exist within an organisation.
Tom said:
This is a specific example of a problem that can exist even without cloud in the picture. It's simply about the trust boundaries within an organisation. If compliance requirements dictate that the people (internal or external) who run the Kafka cluster (and therefore have broker access) should not be trusted to see the business data being stored there (e.g. by some other business function in the org) then essentially the same problem exists.
If we're aiming this at decision makers then let's not give them the excuse of misunderstanding and thinking "we run Kafka on-prem, so this doesn't apply to us". I.e. describe the general problem and use cloud only as ac concrete example of it.
The problem description is too narrow. It focuses on the cloud use-case and omits to mention that the same problem may exist within an organisation.
Tom said:
This is a specific example of a problem that can exist even without cloud in the picture. It's simply about the trust boundaries within an organisation. If compliance requirements dictate that the people (internal or external) who run the Kafka cluster (and therefore have broker access) should not be trusted to see the business data being stored there (e.g. by some other business function in the org) then essentially the same problem exists.
If we're aiming this at decision makers then let's not give them the excuse of misunderstanding and thinking "we run Kafka on-prem, so this doesn't apply to us". I.e. describe the general problem and use cloud only as ac concrete example of it.
_Originally posted by @tombentley in https://github.com/kroxylicious/kroxylicious.github.io/pull/25#discussion_r1464148885_