GitHub user dimas-b added a comment to the discussion: Security Concern: Vended Credentials — Credential Delegation Violation & Workload Identity Binding
> Is there any mechanism — where S3 can verify that the entity presenting the > token is the same entity that originally authenticated with Polaris? In short this is related to what #3170 originally proposed (even though it might be a bit simplistic). For a more complete picture, this probably deserves a dedicated discussion on the `dev` ML. GitHub link: https://github.com/apache/polaris/discussions/3972#discussioncomment-16086418 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
