Open Data Infrastructure

Catalog-Neutral Governance Controls in Open Data Infrastructure

The governance controls that should remain portable across catalogs: identity, policy, lineage, audit, and exit evidence.

A catalog can be open and still become a governance trap if every control lives in its private vocabulary.

The practical problem

Open Data Infrastructure needs catalogs. It also needs governance controls that can survive catalog changes. Identity, policy, lineage, audit, credential boundaries, and exit evidence should not collapse the moment a team introduces another catalog or engine.

Apache Iceberg REST catalogs, Apache Polaris, Lakekeeper, OpenLineage, DataHub, OpenMetadata, and Open Policy Agent all occupy parts of this control landscape. The architectural question is which controls remain portable.

The controls that should travel

Start with shared identity mapping. Then policy decisions, lineage events, data product ownership, audit logs, credential-vending evidence, and table-state references. Those controls should use common identifiers where possible and translation layers where necessary.

Catalog-neutral does not mean catalog-agnostic in the lazy sense. It means the platform can explain governance behavior even when the catalog boundary changes.

Core idea: Governance is portable when the evidence survives the tool boundary.

Exit evidence is a governance control

Exit evidence is often treated as procurement language. It should be a technical control. Can the team move data, metadata, policy definitions, lineage references, audit history, and table contracts without losing the ability to explain decisions?

That question matters before a migration. It matters during incidents too. If governance evidence only exists inside one tool, the organization does not control the control plane.

What breaks first

  • Policy rules use catalog-specific identifiers that cannot map to another engine.
  • Lineage events exist but cannot connect to catalog roles or access decisions.
  • Audit history stays behind when the catalog changes.
  • Credential vending evidence is separate from policy and table ownership evidence.

Questions to ask

Ask which governance controls can be exported, replayed, or mapped across catalogs. Ask whether policy, lineage, audit, and credential evidence share identifiers. Ask what proof a vendor or open-source stack can provide during an exit test.

For adjacent context, read catalogs as the ODI control plane, Polaris credential vending and governance, and Lakekeeper audit logs.

Sources to start with

These primary sources anchor the technical claims in this guide.

The catalog can change. The governance evidence should not disappear with it.

ODI hub Article library Use the scorecard Catalog control plane Credential vending