Hi All, I approved PR 4707 in GH.
Any concerns / volunteers for additional review before merging? Thanks, Dmitri. On Thu, Jun 11, 2026 at 12:22 PM Anand Kumar Sankaran via dev < [email protected]> wrote: > https://github.com/apache/polaris/issues/4706 > > https://github.com/apache/polaris/pull/4707 > > Polaris can correlate vended-credential data access back to the catalog > operation that issued the credentials on AWS — via > SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL, which stamps polaris:principal, > polaris:realm, polaris:catalog, etc. as AWS STS session tags that then > appear in CloudTrail S3 data events. There is no equivalent on GCP. GCS > Data Access audit logs cannot today be tied to the Polaris principal that > requested the credential, which breaks audit correlation, > chargeback/attribution, and incident response for GCS-backed catalogs. > > This issue and PR provide a way to achieve similar correlation using WIFs > in GCP. > > Please review. > > - > Anand >
