2009/12/2 Ted Zlatanov <tzz@lifelogs.com>
OK.  So what should the API be?  Just one method, as Robin suggested?

void login( Map<String, String> credentials, String keyspace )
 throws AuthenticationException, AuthorizationException

In this model the backend would still have login() and
setKeyspace()/getKeyspace() separately to distinguish between
authentication and authorization but the frontend API would merge them.

I'd be against moving to a stateful protocol.

Currently there isn't any per-connection state held by the API (correct me someone, if I'm wrong), which means you can transparently reconnect (perhaps to a different server) on error and retry (updates are always safely repeatable in Cassandra without any bad effects, right?)

Adding a session state means that the application would need to handle reconnection at a higher level.

Given that only a small proportion of the Cassandra users are likely to want authentication (immediately), why not leave the keyspace parameter in all existing methods, but allow the server to throw a AuthenticationException if you aren't authorised for that keyspace (yet).

Then applications which need to authentication wouldn't need to change.

Mark