Hi everyone, I would like to start a discussion regarding a proposed enhancement to the Iceberg REST Catalog Specification: adding an optional, fixed UUID field to the Namespace object. Currently, our REST specification identifies Namespaces by their path (a tuple of strings). While sufficient for basic navigation, this creates significant challenges for security and catalog management.
In managed environments (such as BigLake), IAM policies are often attached at the Namespace level. We face a "name reuse" risk: if Namespace A is deleted and recreated, a system relying solely on the name might incorrectly apply "stale" permissions from the old resource to the new one. UUID is required to distinguish the identity of a resource from its name. Beyond security, I also saw there was a ticket for Namespace Renaming [1] and outlined in this design doc. We often use UUID for tables and views to decouple renaming in Apache Iceberg. Supporting a rename operation becomes significantly more robust if the namespace has a stable UUID. Without it, a rename is essentially a "delete-and-create" from the perspective of external observers (governance tools, IAM, or cached metadata). A fixed UUID allows us to decouple the identity of the namespace from its current label, ensuring that policies and lineage remain intact even after a rename. I would like to hear your thoughts about this issue. Talat [1] https://github.com/apache/iceberg/issues/13023
