Arko Dasgupta

yeah +1 @ShyunnY

@ShyunnY 2 options I see are * Mark and Sweep in in the publisher Gateway API Layer similar to what is done for `XdsIR` and `InfraIR` https://github.com/envoyproxy/gateway/blob/cf46fbe776918ad19444e26d637ffcc79676ca23/internal/gatewayapi/runner/runner.go#L168 * Pros *...

1 sounds good

@zirain since you're interested as well as fairly knowledgable in this area, assigning this issue to you as well, hoping you and @Xunzhuo can tackle this together in the next...

* Some limitations we have from an Upstream API perspective - there is no first class field for `claims` within the `matches` field within `HTTPRoute`, this would be made it...

there's a `clear_route_cache` option in the JWT filter config https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/jwt_authn/v3/config.proto#extensions-filters-http-jwt-authn-v3-jwtprovider which clears the route decision and recomputes it, but based on the info ``` Clears route cache in order to...

nice find @tmsnan, does that logic need to be updated to ``` provider.clear_route_cache() || ....... ``` ?

@zetaab plan on wrapping up a few higher priority work items for v1 rc before adding e2e and docs for this feature, should hopefully complete it by next week. for...

Envoy supports this https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#envoy-v3-api-msg-config-rbac-v3-principal does this feature belong in `ClientTrafficPolicy` or `SecurityPolicy` ?

if the `SecurityPolicy` with ip subnet info is applied at the Gateway level, it can be overridden at the route level if another `SecurityPolicy` is applied at route level