Hi, I have a very high-level basic question: what’s the difference between RBAC and (whitelist/blacklist) policy?
Both are service->service access control mechanisms.
I believe RBAC is enforced by the Envoys (based on IDs from the mTLS SVIDs), whereas Policy is a Mixer thing (requiring “policy” to be on, which causes every request to be checked with Mixer, yes?).
Apart from the difference in config format, what’s the deal here? Is Envoy-based RBAC newer and preferred? Or are the two somehow complimentary?