Thanks for bringing this to discussion. Credential vending is very important for catalog services.
There are several points which I want to discuss with you. 1. Will the Iceberg REST catalog service and Gravitino service share the credential vending? How do they collaborate? 2. Do you need to provide some information for remote signing about Iceberg REST service in your document? This is supported by many projects, like Nessie. Xiaojing Fang <xiaoj...@datastrato.com> 于2024年9月5日周四 16:24写道: > Hello everyone, > > It's essential for Gravitino to support credential vending to prevent the > explicit setting of user credentials on the client side. Consequently, I > have proposed a design on how to implement this feature. > > You can track this proposal via the GitHub epic issue: > https://github.com/apache/gravitino/issues/4398 > Here's the design document for a detailed overview: > > https://docs.google.com/document/d/1fovK0ylSmI45ynrCPcnRZqzyPDn7DRNb_ExdbjVPq0k/edit > > I would greatly appreciate the community’s feedback on: > > 1. Any concerns or potential issues that should be addressed? > 2. Suggestions to enhance the design or implementation approach? > > Thank you for your time and insights. >
