docs

Synadia Platform

Schema Registry Architecture and Dependencies

Components

Schema Registry

  • NATS Microservice
  • KV Store backed
  • Multi-tenancy using Accounts
  • Access Control Plane UI and API

Pre-existing NATS system

  • Managed by Control Plane
  • Access configured using Platform Components and can be disabled per account

Schema Registry account

  • Control Plane manages an account for Schema Registry called SynadiaPlatform
  • SynadiaPlatform account stores schemas in a Key Value store called schemas
  • Account is exported to other accounts to enable multi-tenancy

Control Plane

  • Controls the SynadiaPlatform account
  • Configures Platform Component access for Schema Registry
  • Sets up account imports and exports for account schema isolation

Security and Access Control

  • Only supports decentralized authentication to enable schema isolation at the account level
  • Clients must connect with user credentials for the account the schemas are stored in

Notes

Schema Registry leverages decentralized authentication to achieve account isolation through the use of subject import and exports. The import/exports use a feature called account token position to identify which account schemas belong to without requiring any change to the subject for clients.

This means that clients from account_a and account_b can both use the same subject, e.g.$SR.v1.LIST, but have complete isolation from each other's schemas.

Previous
Schema Registry
Next
Deployment