Direct Database - Level 2

The scope for this level is to accomplish built-in support out of the box, without changes to the database engine, and to do so asap. Built-in means that it's part of the main service/daemon, not a separate standalone process.

Authorisation Support

OAUTH (JWT Bearer Token)

A system table manages the list of trusted servers. Stored procedures to add and remove to that list. The internal component uses this table.

Built-in Users

The connection starts on an anonymous context with no object access except for login command. The application sends an SQL login command, and gets back a session token (JWT) that can be used for persisting access. If subsequent command fails, the user may be asked to login again.

This allows applications to directly use the database user system, and this means no other external authorisation system is needed.

Role Mapping

A system table manages mapping of JWT roles to database roles.

Connection-Oriented Scalability

Ability to support 200k+ idle connections concurrently.

Ability to support 50k+ active connections concurrently.

Perhaps by changing Forked processes to a threadpool with asynchronous network IO.

Connectionless Sessions

The ability to support 1M+ disconnected connection sessions. Inactive connection contexts are persisted to disk. Least-active idle connections MAY be persisted to disk. Memory constrained machines MAY offload all idle connection session contexts to disk.

The ability to support signed or encrypted database tokens. Where a JWT token is exchanged for a database token. Where the database token defines database-specific context information, such as the UserID, permitted database roles, timezone, and other database-specific data. Where the token is returned to the client, and the client SHOULD send this for future communication for each message. Where the database MAY NOT need to read session information from disk, increasing throughput.