Is this an issue with short-lived credentials with the recent additions to return and refresh credentials via Iceberg REST?
> On 7. Dec 2024, at 00:16, Michael Collado <collado.m...@gmail.com> wrote: > > Hey folks > > Someone pinged about https://github.com/apache/polaris/pull/389 yesterday > and I thought it was worth bringing up for discussion. > > On-prem s3 compat sounds like a super useful feature and I'm fully on board > with supporting it, but I think we need to make a decision about whether we > support vending long-lived storage credentials in the REST endpoint. I > think we generally favor compatibility and extensibility, but I am of the > opinion that we should disallow obvious security risks, such as vending > long-lived credentials. The blast radius of accidentally vending > short-lived tokens is fairly contained, whereas the consequences of vending > long-lived credentials can be unbounded. > > I think this is one of those areas where the project/community should be > opinionated and say we should not sacrifice security for the sake of > compatibility with specific environments. If some environments promote less > secure credential handling by disallow session token generation, then we > should simply not support those environments. > > What are your thoughts on that issue? Is that a suitable design tenet we > can add to our project documentation? Or am I just being stubborn? > > Mike
