adutra commented on PR #10256:
URL: https://github.com/apache/iceberg/pull/10256#issuecomment-2114629113

   Hi @rdblue, thank you for your detailed answer. 
   
   I am really sorry that this PR, that I thought would be a fairly consensual 
one, eventually cracked open a can of worms that I did not intend to open.
   
   I'm pleased to realize that, in spite of some apparent divergences, we all 
seem to agree that the current handling of authentication suffers from a few 
loopholes – such as the `credential` passing from table routes – and that we 
should strive to make things more strict, not less. That is the mindset that I 
think we all should strive to adopt, when it comes to security.
   
   That being said, I agree to close this PR and open another one to fix the 
table routes instead.
   
   There remains, however, the broader question, mentioned a few times above, 
of a better separation of concerns between the conceptual OAuth 2.0 roles of 
"authorization" and "resource" servers. But this PR has never had the ambition 
of tackling that, so I'd like to request that we resume that discussion later 
in a more appropriate place, like our mailing list. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to