2026-06-06 –, Doddington Forum
Modern lakehouse architectures promise flexibility and scale — but governance is often an afterthought. While we version data and evolve schemas, we rarely version or test access policies.
This talk explores how to implement governance-as-code in a lakehouse using the REST Catalog from Apache Iceberg, applying Zero Trust principles and enforcing fine-grained policies with Open Policy Agent (OPA) and Cedar.
Attendees will learn how to move from static IAM and implicit trust to centralized, engine-agnostic, policy-driven governance.
Lakehouse architectures unify data lakes and warehouses, but governance models often lag behind the architectural innovation. Access control is frequently engine-specific, policies are fragmented, and trust is implicit.
This talk argues that the missing layer in many lakehouse implementations is governance-as-code enforced at the catalog boundary.
We explore:
- How the Iceberg REST Catalog introduces a centralized enforcement point decoupled from compute engines
- Why Zero Trust principles apply to data platforms (no implicit trust between engines, users, or services)
- How policy-as-code systems such as OPA and Cedar enable versioned, testable, auditable access control
- Patterns for implementing fine-grained authorization (row/column-level policies, environment isolation, service-to-service trust)
- How governance becomes reproducible and portable across Spark, Flink, Trino, and other engines
The session focuses on architectural patterns rather than vendor-specific tooling and highlights practical trade-offs when implementing policy enforcement in production lakehouses.
Key Takeaways
1. Understand why traditional RBAC is insufficient for modern lakehouses
3. Learn how REST-based catalog architectures enable centralized governance
5. See how Zero Trust can be applied to data access workflows
7. Discover how to implement policy-as-code using OPA or Cedar
9. Gain a reference architecture for governance-first lakehouse design
Viktor Kessler, is Co-Founder of Vakamo and the creator of Lakekeeper, an Apache Licensed Iceberg REST Catalog. He’s a big believer in open standards like Apache Iceberg, which he sees as the backbone of today’s modern, composable Data & Analytics systems.