GitHub user flyrain added a comment to the discussion: Is STS Token Passthrough 
Supported in Polaris Federated Catalogs?

Hi @RB-ETArch, what you described is the expected behavior. Passing through 
vended credentials across catalog federation is not considered safe.

One of the main reasons is that federation between catalogs is typically 
performed using a service principal. As a result, the vended credentials 
returned by the remote catalog could unintentionally carry administrative 
privileges.

To safely support credential passthrough, the original user or principal would 
first need to be propagated to the remote catalog so that both catalogs 
recognize the same identity. However, that alone is not sufficient. Even if 
both catalogs identify the same principal, they may not enforce the same 
permissions. For example, a user may have write permission in Catalog A but 
only read permission in Catalog B. In that case, blindly passing through the 
remote catalog's vended credentials could grant privileges that are 
inconsistent with the authorization decisions made by the central catalog.

GitHub link: 
https://github.com/apache/polaris/discussions/4929#discussioncomment-17477333

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]

Reply via email to