// audiences of the token, and otherwise should reject the token. A
  // token issued for multiple audiences may be used to authenticate
  // against any of the audiences listed but implies a high degree of
  // trust between the target audiences.
  repeated string audiences = 1;

  // ExpirationSeconds is the requested duration of validity of the request. The
  // token issuer may return a token with a different validity duration so a

  //  2. If it's a kubelet serving certificate, it is assigned
  //     "kubernetes.io/kubelet-serving".
  //  3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
  // Distribution of trust for signers happens out of band.
  // You can select on this field using `spec.signerName`.
  // +optional
  optional string signerName = 7;

  // expirationSeconds is the requested duration of validity of the issued

    Java8Compatibility.flip(buffer);
    while (buffer.remaining() >= chunkSize) {
      // we could limit the buffer to ensure process() does not read more than
      // chunkSize number of bytes, but we trust the implementations
      process(buffer);
    }
    buffer.compact(); // preserve any remaining data that do not make a full chunk
  }

    return ListTestSuiteBuilder.using(
            new TestStringListGenerator() {
              @Override
              protected List<String> create(final String[] elements) {
                // For this test we trust ArrayList works
                final List<String> list = new ArrayList<>();
                Collections.addAll(list, elements);
                return new AbstractSequentialList<String>() {
                  @Override

				inconsistent++
			}
		}
	}

	erasureDistributionReliable := true
	if inconsistent > len(partsMetadata)/2 {
		// If there are too many inconsistent files, then we can't trust erasure.Distribution (most likely
		// because of bugs found in CopyObject/PutObjectTags) https://github.com/minio/minio/pull/10772
		erasureDistributionReliable = false
	}

	metaErrs := make([]error, len(errs))

**NOTE:**

MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN    (list)      ";" separated list of group search base DNs e.g. "dc=myldapserver,dc=com"
MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY         (on|off)    trust server TLS without verification (default: 'off')
MINIO_IDENTITY_LDAP_SERVER_INSECURE         (on|off)    allow plain text connection to AD/LDAP server (default: 'off')

 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the
 * host platform (like Android). In July 2018 Android had 134 trusted root certificates for its HTTP
 * clients to trust.
 *
 * For example, in order to establish a secure connection to `https://www.squareup.com/`,
 * these three certificates are used.
 *
 * ```
 * www.squareup.com certificate:
 *
 * Common Name: www.squareup.com

## 4. Install Certificates from Third-party CAs

MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by placing these certificates under one of the following MinIO configuration paths:

* **Linux:** `~/.minio/certs/CAs/`
* **Windows**: `C:\Users\<Username>\.minio\certs\CAs`

password                          (string)    NATS password
token                             (string)    NATS token
tls                               (on|off)    set to 'on' to enable TLS
tls_skip_verify                   (on|off)    trust server TLS without verification, defaults to "on" (verify)
ping_interval                     (duration)  client ping commands interval in s,m,h,d. Disabled by default