2009/12/2 Ted Zlatanov <email@example.com>
I'd be against moving to a stateful protocol.
OK. So what should the API be? Just one method, as Robin suggested?
void login( Map<String, String> credentials, String keyspace )
throws AuthenticationException, AuthorizationException
In this model the backend would still have login() and
setKeyspace()/getKeyspace() separately to distinguish between
authentication and authorization but the frontend API would merge them.
Currently there isn't any per-connection state held by the API (correct me someone, if I'm wrong), which means you can transparently reconnect (perhaps to a different server) on error and retry (updates are always safely repeatable in Cassandra without any bad effects, right?)
Adding a session state means that the application would need to handle reconnection at a higher level.
Given that only a small proportion of the Cassandra users are likely to want authentication (immediately), why not leave the keyspace parameter in all existing methods, but allow the server to throw a AuthenticationException if you aren't authorised for that keyspace (yet).
Then applications which need to authentication wouldn't need to change.