Re: [PR] Core, OpenApi: Add X-Iceberg-Client-Capabilities header [iceberg]

Tue, 19 May 2026 22:37:14 -0700 


singhpk234 commented on code in PR #16394:
URL: https://github.com/apache/iceberg/pull/16394#discussion_r3271446099


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -2019,6 +2058,50 @@ components:
       explode: false
       example: "vended-credentials,remote-signing"
 
+    client-capabilities:
+      name: X-Iceberg-Client-Capabilities
+      in: header
+      description: >
+        This header is a forward-compatibility hint, not a security mechanism.
+        Clients can trivially spoof its value; servers MUST NOT base trust or
+        authorization decisions on it.
+
+
+        Optional signal from the client declaring the set of capabilities that
+        the client SDK supports, as a comma-separated list. This header is
+        sent on every request. The server may use this information to tailor
+        its responses.
+
+
+        Defined capability values:
+
+        - `vended-credentials`: The client supports receiving and using
+          storage credentials vended by the catalog server.
+
+        - `remote-signing`: The client supports delegating request signing
+          to a remote signing service provided by the catalog server.
+
+        - `scan-planning`: The client supports server-side scan planning.

Review Comment:
   From spec pov of the read restrictions we just need "if you don't understand 
you fail" baked into it so if new masks get added it would lead client to fail, 
presently there is no way for the older clients to bake this in. 
   
   Versioning is good call out, my understanding is this stems from fact that 
rest spec is itself not versioned, hence we always introduce changes in a 
backward compatible way, so if one uses v1 client (in terminology) and send v2 
read restrictions (new mask) ... expectation is it should fail since the spec 
says if you dont understand you fail.
   
   Please let me know what do you think considering above



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to