singhpk234 commented on PR #13879: URL: https://github.com/apache/iceberg/pull/13879#issuecomment-3874446451
> do we have any guidance on how catalogs are supposed to deny access to untrusted engines catalogs can deny with a 403 if they want, if the question how does the catalog identifies if its a trusted engine or not imho its something between catalog and client, we discussed a bit about it in the DEFINER views discussions too, trust can be established by mTls / on behalf of flow using Oauth .... we just define an optional evaluated policy well defined structure which a catalog is free to fill if it trusts the client that it will enforce it -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
