1. Will the Iceberg REST catalog service and Gravitino service share the credential vending? How do they collaborate?
Yes, this is one of the design goals, Gravitino server and GravitinoIcebergREST server could use same GravitinoCredentialManager to create CredentialProvider, which is responsible for generate tokens for Gravitino server and IcebergREST server 2. Do you need to provide some information for remote signing about Iceberg REST service in your document? This is supported by many projects, like Nessie. Yes, this is very useful for the systems without the token service, we could add a sth like S3RemoteSigningProvider to do this. I have added related information in the design doc, thanks for your question, it's indeed valuable. On Thu, Sep 5, 2024 at 9:21 PM roryqi <ror...@apache.org> wrote: > Thanks for bringing this to discussion. Credential vending is very > important for catalog services. > > There are several points which I want to discuss with you. > > 1. Will the Iceberg REST catalog service and Gravitino service share the > credential vending? How do they collaborate? > 2. Do you need to provide some information for remote signing about Iceberg > REST service in your document? This is supported by many projects, like > Nessie. > > Xiaojing Fang <xiaoj...@datastrato.com> 于2024年9月5日周四 16:24写道: > > > Hello everyone, > > > > It's essential for Gravitino to support credential vending to prevent the > > explicit setting of user credentials on the client side. Consequently, I > > have proposed a design on how to implement this feature. > > > > You can track this proposal via the GitHub epic issue: > > https://github.com/apache/gravitino/issues/4398 > > Here's the design document for a detailed overview: > > > > > https://docs.google.com/document/d/1fovK0ylSmI45ynrCPcnRZqzyPDn7DRNb_ExdbjVPq0k/edit > > > > I would greatly appreciate the community’s feedback on: > > > > 1. Any concerns or potential issues that should be addressed? > > 2. Suggestions to enhance the design or implementation approach? > > > > Thank you for your time and insights. > > >
