Locking Down the Lakehouse: Securing Apache Iceberg’s REST Catalog at Scale

Описание: This session takes a closer look at how to secure the Apache Iceberg REST Catalog, focusing on how StarRocks 4.0 implements JWT-based authentication and catalog-level governance.

Hosted by Ron Kapoor, Developer Advocate at CelerData, the webinar walks through the REST Catalog architecture, the common security challenges it brings, and how StarRocks tackles them with pre-signed JWT tokens, identity provider (IDP) integration, and fine-grained authorization.

By the end, you’ll have a clear picture of how REST Catalog authentication works, how to manage multi-tenant access securely, and how to apply these concepts in your own Iceberg and StarRocks environments.


----------------------------------------------------------------------------------------------------------------------
Timestamps

00:00 Intro & Agenda
01:13 What’s the Iceberg Catalog / REST Catalog?
05:13 Why Secure the REST Catalog: What’s at Risk
08:06 Challenges in Security
  08:26 Authorization at Scale
  09:59 Fine-Grained Access Control
  10:50 Credential Lifecycle
  12:03 Multi-Cloud Complexity
13:53 What Are Some Strategies and Patterns in REST Security?
  14:07 Query Engine Client – Compute-Enforced Permissions
  20:34 Alternatives: Catalog-Layer Governance and Security
  21:12 Query Engine Client – Catalog-Enforced Permissions
25:33 What We Have Done at StarRocks
  26:38 StarRocks 4.0 – Catalog-Enforced Permissions
29:12 Best Practices and Strategies Across REST Catalog Security
32:22 Q&A
  33:10 Sounds like if we want to support both Hive and Iceberg tables, then Hive Metastore is the only choice.
  34:21 Is there any documentation on how to set up the presented JWT flow in StarRocks 4.0?
  35:29 When you introduced the authorization process, you mentioned that catalogs often do token handoffs based on superuser access. How does StarRocks get around this?
  36:38 When do you expect this to be fully implemented?
  37:18 Can you say more about Nessie and Polaris merging?
  38:46 Can you show some demo of what you’ve already set up?

----------------------------------------------------------------------------------------------------------------------

Learn more at https://celerdata.com/

Connect with us:
LinkedIn:   / celerdata  
Twitter:   / celerdata  
CelerData Website: https://celerdata.com/
StarRocks GitHub: https://github.com/StarRocks/StarRocks
StarRocks Website: https://www.starrocks.io/
Slack: https://starrocks.io/redirecting-to-s...


#DataAnalytics #DataEngineering #RealTimeAnalytics #RealTimeData #OLAP #DataAnalyst #DataEngineer #DataInfrastructure #databaseprogramming #apacheiceberg #datalake #datalakehouse