Open snazy opened 2 weeks ago
Should we add this to the "Iceberg REST Catalog" milestone?
Should we add this to the "Iceberg REST Catalog" milestone?
I have added now.
There is also a weekly sync planned for REST catalog. We have one on next Monday here the second point in agenda is to discuss the same. https://lists.apache.org/thread/yy2qjbwk5lzd1ro2opl8zvb3lflw1pd8
Proposed Change
Following up on the mailing list discussion, we propose the following changes to Apache Iceberg. The following summary chapter is a summary of the initial message on this topic on the iceberg-dev mailing list.
We think that the ‘/v1/oauth/tokens’ endpoint in the Iceberg REST spec poses potential security and OAuth2 compliance issues, and excessively restricts how authorization should be implemented.
The goals of this proposal are:
Proposed "milestones" are: M1: Deprecate the /v1/oauth/tokens endpoint, targeting Apache Iceberg 1.7.0 M2: Update & clarify documentation, asap M3: Define a pluggable REST client authorization framework, before M4 M4: Reference client authorization implementation(s) in Java, targeting Iceberg 1.8.0 or 2.0 M5: Removal the /v1/oauth/tokens endpoint, targeting Iceberg 1.9.0 or 2.0
Details in the linked document.
Proposal document
https://docs.google.com/document/d/1Xi5MRk8WdBWFC3N_eSmVcrLhk3yu5nJ9x_wC0ec6kVQ/
Specifications