Hi, I want to draw your attention to ongoing proposal < https://github.com/apache/polaris/issues/3196> and a PR < https://github.com/apache/polaris/pull/3224> that adds an option to include principal name in vended s3 credentials generated by Polaris. If enabled, the session name of the temporary credentials will look like this "polaris-<principal>". The goal is to allow for better auditing of underlying storage access. The behavior will sit behind a feature flag (details to be determined) because 1) deployment might not want to expose principal information externally and more importantly 2) the feature leads to more fragmented credential caching inside Polaris. Currently, Polaris is able to cache and reuse credentials for the same table across principals, which will no longer be possible when the feature is enabled.
Thanks, Tornike
