steveloughran commented on PR #15428: URL: https://github.com/apache/iceberg/pull/15428#issuecomment-4007528040
@danielcweeks look at the top of my alternative proposal; I've discussed this with @adutra and will implement it; if you look at https://github.com/apache/iceberg/pull/15428/changes/777cbcf9a512b43a063861073d409fb50d7c3048 you can see that this was part of my original design: the auth header spitting exists, absent any tests. 1. server does all filtering, makes cache/no-cache decision 2. client uses key for the request, but caches only the signed headers. 3. next request, client does lookup as present, but compares signed headers and considers it a cache miss if those headers don't match what it wants to send. 4. If a hit, it adds its unsigned headers to the request. Outcome 1. server is in charge of what to sign 2. client never sends requests with invalid signature 3. there's never unintentional retention of an optional header which affects the new request (example, a range header in cache when the new request doesn't have one). Does this make sense? Full control in server, with the client adapting to its choices. Polaris can choose what to sign, clients can choose various checksum options, and the only consequence is an increase in cache misses if the signing service signs more headers than before. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
