|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "Introducing the Arrow security model" |
| 4 | +date: "2026-02-05 00:00:00" |
| 5 | +author: pmc |
| 6 | +categories: [arrow] |
| 7 | +--- |
| 8 | +<!-- |
| 9 | +{% comment %} |
| 10 | +Licensed to the Apache Software Foundation (ASF) under one or more |
| 11 | +contributor license agreements. See the NOTICE file distributed with |
| 12 | +this work for additional information regarding copyright ownership. |
| 13 | +The ASF licenses this file to you under the Apache License, Version 2.0 |
| 14 | +(the "License"); you may not use this file except in compliance with |
| 15 | +the License. You may obtain a copy of the License at |
| 16 | +
|
| 17 | +http://www.apache.org/licenses/LICENSE-2.0 |
| 18 | +
|
| 19 | +Unless required by applicable law or agreed to in writing, software |
| 20 | +distributed under the License is distributed on an "AS IS" BASIS, |
| 21 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 22 | +See the License for the specific language governing permissions and |
| 23 | +limitations under the License. |
| 24 | +{% endcomment %} |
| 25 | +--> |
| 26 | + |
| 27 | +We are thrilled to announce the official publication of a |
| 28 | +[Security model](https://arrow.apache.org/docs/dev/format/Security.html) for Apache Arrow. |
| 29 | + |
| 30 | +The Arrow security model covers a core subset of the Arrow specifications: |
| 31 | +the [Arrow columnar format](https://arrow.apache.org/docs/dev/format/Columnar.html), |
| 32 | +the [Arrow C Data Interface](https://arrow.apache.org/docs/dev/format/CDataInterface.html) and the |
| 33 | +[Arrow IPC format](https://arrow.apache.org/docs/dev/format/Columnar.html#serialization-and-interprocess-communication-ipc). |
| 34 | +It sets expectations and gives guidelines for handling data coming from |
| 35 | +untrusted sources. |
| 36 | + |
| 37 | +The specifications covered by the Arrow security model are building blocks for |
| 38 | +all the other Arrow specifications, such as Flight and ADBC. |
| 39 | + |
| 40 | +The ideas underlying the Arrow security model were informally shared between |
| 41 | +Arrow maintainers and have informed decisions for years, but they were left |
| 42 | +undocumented until now. |
| 43 | + |
| 44 | +Implementation-specific security considerations, such as proper API usage and |
| 45 | +runtime safety guarantees, will later be covered in these implementations' |
| 46 | +respective documentations. |
0 commit comments