singhpk234 commented on PR #13879: URL: https://github.com/apache/iceberg/pull/13879#issuecomment-3880250114
I don't think we are recommending what a catalog should do to establish trust, its a catalog implementation choice on how they wanna do it. The scope of this spec is just to define the policy evaluation results and the actions the client should take to apply these results, its entirely upto the catalog if it wants to return this or not its optional for catalog. > There is an inherent risk that someone could take their trusted engine cert and use it with a non-trusted engine instead right? I mean if we question certificate leaks, then i am not sure even passwords or Oauth creds are safe its users responsibility to protect its password so IMHO its trusted engine responsibility to protect these imho. Nevertheless mTLs is one way, you can have on-behalf of oauth flow as well where in token itself contains who is the engine if its running with a service principal, IMHO we should not get into giving recommendation even and lets catalog implementer choose what they prefer per their client contract, is my take -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
