adutra commented on PR #3170: URL: https://github.com/apache/polaris/pull/3170#issuecomment-3606973902
> By creating this approach, we are introducing a security loophole that is completely against Polaris' security modelling today. I am completely failing to see what security loopholes we would be introducing by leveraging `AssumeRoleWithWebIdentity`. Propagating the user's access token to AWS STS using `AssumeRoleWithWebIdentity` is the standard pattern recommended by AWS itself for federated OIDC access. > the client should be modified to talk to STS directly to gain credentials without Polaris' involvement. IMO Polaris should not be involved in abetting ANY security loopholes. Are you serious about allowing clients to talk to STS directly? THAT, indeed, would be a giant security loophole. > Or we can look towards [...] setting Polaris up as an intermediate token broker which the "STS" service trusts, a new credential can be minted for the client to access the storage layer. IMHO this is unrealistic, and over-engineered. That would require a form of token exchange and would be extremely hard to implement for little added-value. And again: **let's please stop considering Polaris as an OAuth2 token broker. This is legacy behavior.** > Trying to fit a simplistic solution to quick-solve a problem for a system we don't even fully support is a _very_ dangerous precedence to set. Can you clarify what "simplistic solution" you are talking about and what is this "system [that] we don't [...] fully support"? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
