Hi Anand and Dmitri, I just approved the PR. Anand - thanks again for the PR and for responding to all of the review comments so quickly!
Sung On 2026/06/22 14:40:36 Anand Kumar Sankaran via dev wrote: > Hi Dmitry, > > Thanks again. Sorry I’m in endless meetings at work that I’ve been unable to > attend the weekly syncs. These are often customer / partner meetings. > > I’ve addressed all the comments. I hope I’ve addressed the testing concerns > Adnan had as well. If I missed something, please post a comment in the PR and > / or tag me in slack. > > Get Outlook for iOS<https://aka.ms/o0ukef> > ________________________________ > From: Anand Kumar Sankaran via dev <[email protected]> > Sent: Thursday, 11 June 2026 09:20:48 > To: Polaris Dev Mailing List <[email protected]> > Cc: Anand Kumar Sankaran <[email protected]> > Subject: GCP counterpart to AWS STS session tags > > https: //urldefense. com/v3/__https: //github. > com/apache/polaris/issues/4706__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx5JrSNJZQ$ > https: //urldefense. com/v3/__https: //github. > com/apache/polaris/pull/4707__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx4vd5uy8Q$ > > > https://urldefense.com/v3/__https://github.com/apache/polaris/issues/4706__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx5JrSNJZQ$ > > https://urldefense.com/v3/__https://github.com/apache/polaris/pull/4707__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx4vd5uy8Q$ > > Polaris can correlate vended-credential data access back to the catalog > operation that issued the credentials on AWS — via > SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL, which stamps polaris:principal, > polaris:realm, polaris:catalog, etc. as AWS STS session tags that then appear > in CloudTrail S3 data events. There is no equivalent on GCP. GCS Data Access > audit logs cannot today be tied to the Polaris principal that requested the > credential, which breaks audit correlation, chargeback/attribution, and > incident response for GCS-backed catalogs. > > This issue and PR provide a way to achieve similar correlation using WIFs in > GCP. > > Please review. > > - > Anand > >
