...

A configuration option quota.type will be added with supported values "clientsclient-id" and "usersuser-principal". This option can be used to choose between the existing client-id based implementation and the new authenticated-principal based implementation.  The default value will be clients to be consistent with Kafka 0.9.0.x and 0.10.0.x.

Default quota configs will apply to authenticated user principals if quota.type=usersuser-principal.

Metrics

If quota.type=users, quota related metrics will be generated for authenticated principals rather than client-ids.

...

Authenticated user principal will be obtained from the Session object when quota.type=usersuser-principal. Base64-encoded hex string version of the Principal will be used so that it can be used as a node name in Zookeeper and as the metric name without placing any restrictions on the characters allowed in the principal.  

...

Quotas are currently configured as the rate limits for producers and consumers based on their client-id. The same set of limits can also be configured for user principals. If quota.type=usersuser-principal, the configuration specified for authenticated principals will be used. Default options will applied to either client-id or user principal based on the value of quota.type.

...

Compatibility, Deprecation, and Migration Plan

quota.typeis set to  clients client-id as default to be consistent with Kafka 0.9.0.x and 0.10.0.x. Hence the existing quota configurations will apply if new secure quotas are not defined. If quota.type is set to user-principal and default or new quotas are configured for users, clients may be throttled based on the quota limits. But no client API changes are necessary to work with the new implementation.

...