Hi all, We are currently integrating S3 remote signing into Apache Polaris [1].
A key topic of discussion [2] is the signer endpoint, which is defined as "v1/aws/s3/sign" in s3-signer-open-api.yaml [3]. The main concern with the default value is its rigidity and lack of path parameters for important elements like namespace, table, and potentially a general-purpose prefix. This leads to my two questions regarding this endpoint: 1. Customization: is it spec-compliant to customize this endpoint's path? My understanding, based on the commit introducing the feature [4], is that it is. 2. Scope: should it be treated as a top-level endpoint (similar to the config endpoint), or is it better considered an internal implementation detail of the signer client? (This is important to Polaris because top-level endpoints require higher evolution guarantees.) I would love to hear from the community, especially those involved in the S3 remote signing implementation! Thanks, Alex [1]: https://github.com/apache/polaris/pull/2280 [2]: https://lists.apache.org/thread/8qgv9ccyhhybokmckvf20r8hl1ng74xs [3]: https://github.com/apache/iceberg/blob/main/aws/src/main/resources/s3-signer-open-api.yaml#L61 [4]: https://github.com/apache/iceberg/commit/80766723588985c4592ffb336a76eabc046d01a9
