Follow-up Comment #1, sr #138462 (project xrootd):
Hi Tommaso,
No, it is not possible. When we considered the issues surrounding forwarding
a cert in queued environment it became clear the hurdles were substantial. We
would need to have forward-able certs (not everyone has one), and be able to
renew proxies (another set of security concerns). So, it became easier to
just do third party copies. So, the initial request is validated using the
user's cert but is executed using a well-behaved server cert (if need be).
Yes, the system could potentially forward that cert and we are considering
doing that for real-time third party copies but queued requests are
problematic.
Andy
_______________________________________________________
Reply to this item at:
<http://savannah.cern.ch/support/?138462>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|