GitHub user flyrain added a comment to the discussion: Is STS Token Passthrough Supported in Polaris Federated Catalogs?
Hi @RB-ETArch, what you described is the expected behavior. Passing through vended credentials across catalog federation is not considered safe. One of the main reasons is that federation between catalogs is typically performed using a service principal. As a result, the vended credentials returned by the remote catalog could unintentionally carry administrative privileges. To safely support credential passthrough, the original user or principal would first need to be propagated to the remote catalog so that both catalogs recognize the same identity. However, that alone is not sufficient. Even if both catalogs identify the same principal, they may not enforce the same permissions. For example, a user may have write permission in Catalog A but only read permission in Catalog B. In that case, blindly passing through the remote catalog's vended credentials could grant privileges that are inconsistent with the authorization decisions made by the central catalog. GitHub link: https://github.com/apache/polaris/discussions/4929#discussioncomment-17477333 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
