1 & 4 both sound good to me! From the perspective of the EXTERNAL catalog connection, we're talking about a situation where the connection itself does not manage or describe any authentication mechanism.
ENVIRONMENT seems simultaneously both too vague (what environment? The client's? The metastore's? The Polaris server(s)'s?) and too specific (what if there's a catalog type that genuinely has no auth, not even an environment variable based mechanism? PROVIDER has a similar problem; we don't use the term provider anywhere else so I'm not sure I'd know what this means as a person creating an EXTERNAL catalog. At best, it feels very similar to UNMANAGED in that we are saying Polaris does not manage the auth, but leaves it up to the underlying catalog (the provider of the catalog?), but at worst this could sound like it's describing e.g. an OAUTH provider. --EM
