Hi Rulin, Thanks for the informative description in the PR!
It looks like the authentication method relies on STS. As such it is a sub-case of SigV4, I believe, because SigV4 can be used with plain key/secret credentials without assuming a role. If that is so, could you clarify that in the description? Is there any particular reason for not supporting plain key/secret credentials? When STS is in use, where is Polaris expected to get credentials for STS requests? Thanks, Dmitri. On Thu, May 1, 2025 at 5:37 PM Rulin Xing <ru...@apache.org> wrote: > Hi folks, > > Just wanted to surface a new API spec update proposal related to Catalog > Federation: > > https://github.com/apache/polaris/pull/1506 > > This adds support for AWS SigV4 authentication, enabling Polaris to > federate to external Iceberg REST catalogs hosted behind services like AWS > Glue, S3Tables, or API Gateway. > > It builds on earlier federation work and introduces a set of properties to > support role assumption and request signing via SigV4. > > Feedback on the spec or implementation is welcome! > > Best, > Rulin >
