apache#1326 update realm doc based on PR comments (apache#5)

Author: fabio-rizzo-01

site/content/in-dev/unreleased/realm.md

@@ -26,32 +26,36 @@ This page explains what a realm is and what it is used for in Polaris.
 
 ### What is it?
 
-A realm in software systems often refers to a security or authentication domain. It represents a boundary within which security policies and isolation mechanisms are applied and enforced. <br/> 
-In the context of applications, a realm could define a scope for managing user identities, authentication, and authorization.  <br/>
-To be more specific, a realm in Polaris represents an isolated "universe" within the system, such as different deployments, environments, regions or distinct accounts.  <br/>
-Realms serve as a way to partition and manage data and services, ensuring that operations are performed within the correct logical context.  <br/>
-Every REST request has a realm associated with it. If not specified the default realm is used (POLARIS). Refer to [Configuration]({{% ref "configuration" %}}) for more details.
+A realm in Polaris serves as logical partitioning mechanism within the catalog system. This isolation allows for multitenancy, enabling different teams, environment or organizations to operate independently within the same Polaris deployment.
 
-### What problem does it solve?
+### Key Characteristics
 
-**Security Management:** By defining a realm, systems can manage authentication and authorization in a modular and organized way. It allows for the separation of security concerns and the application of policies specific to different areas of an application.  <br/> 
+**Isolation:** Each realm encapsulates its own set of resources, ensuring that operations, security breaches or policies in one realm do not affect others.
 
-**Scalability:** Realms help manage users and roles across different services or modules, providing flexibility and scalability.  <br/>
+**Authentication Context:** When configuring Polaris, credentials are associated with a specific realm. This allows for the separation of security concerns across different realms.
 
-**Isolation:** Realms can isolate different parts of a system, ensuring that security breaches or policies in one realm do not affect others.
+For example: 
 
-### How is it used in the system?
+`./gradlesw run -Dpolaris.bootstrap.credentials=POLARIS,root,secret
+`
+In this case POLARIS is the realm, root is the clientID and secret is the client secret.
 
-**Authentication and Authorization:** For example, in `BasePolarisAuthenticator`, `RealmContext` is used to provide context about the current security domain, which can be crucial for authenticating users or services.  <br/>
+**ConfigurationScope:** Realm identifiers are used in various configurations, such as database paths:
 
-**Configuration:** Realms are configured to specify which users or services are allowed to access resources or perform certain actions.  <br/>
+For example:
 
-**Isolation:** In methods like `createEntityManagerFactory(@Nonnull RealmContext realmContext)` from `PolarisEclipseLinkPersistenceUnit` interface, the realm context influence how resources are created or managed based on the security policies of that realm.  <br/>
-An example of this is the way a realm name is used to create a database connection url so that you have one database instance per realm.
+`jdbc:h2:file:./build/test_data/polaris/{realm}/db
+`
+This ensures that each realm's data is stored separately.
 
-**RealmContext:**  It is a key concept used to identify and resolve the context in which operations are performed. For example, in `DefaultRealmContextResolver`, a realm is resolved from request headers, and operations are performed based on the resolved realm identifier. <br/>
+### How is it used in the system?
 
-**MetaStore and Cache Management:** Realms are used to manage different instances or configurations of meta stores and caches. For instance, in `LocalPolarisMetaStoreManagerFactory`, realms help in segregating data per realm.
+**Authentication and Authorization:** For example, in `BasePolarisAuthenticator`, `RealmContext` is used to provide context about the current security domain, which is used to retrieve the correct `PolarisMetastoreManager` that manages all Polaris entities and associated grant records metadata for
+authorization.
 
+**Isolation:** In methods like `createEntityManagerFactory(@Nonnull RealmContext realmContext)` from `PolarisEclipseLinkPersistenceUnit` interface, the realm context influence how resources are created or managed based on the security policies of that realm.
+An example of this is the way a realm name is used to create a database connection url so that you have one database instance per realm, or it can be more granular and applied at primary key level (within the same database instance).
 
+**RealmContext:**  It is a key concept used to identify and resolve the context in which operations are performed. For example `DefaultRealmContextResolver`, a realm is resolved from request headers, and operations are performed based on the resolved realm identifier.
 
+**MetaStore and Cache Management:** Realms are used to manage different instances or configurations of metadata stores and caches. An example of this is `LocalPolarisMetaStoreManagerFactory`.