Recently we had internal discussion for Ian's requirement in OAK-6575. See issue for complete details. In brief
1. Need a way to provide a signed url [1] for Blobs stored in Oak if they are stored in S3 2. The url would only be created if the user can access the Binary. 3. The url would only be valid for certain time To meet this requirement various approaches were suggested like using Adaptable pattern in Sling, or having a new api in Binary object. Would follow up with a sketch for such an API Chetan Mehrotra [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html