> why would Polaris restrict that in controlled environments To Michael's point, I think this kind of reasoning is a little dangerous. We need to clearly define what Polaris will and won't support, rather than adopting the mentality that anything is in scope so long as the admin configures it. Of course, these definitions can change over time.
For now, I am supportive of restricting Polaris from vending long-lived credentials altogether. The purpose behind credential vending is to avoid giving clients credentials with too much power. If someone has a use case for a file system that only supports long-lived credentials, let the clients supply those credentials and forego credential vending.