 |
 |
On Mon, 29 Sep 2014, Lukasz Janyst wrote: > I was trying to convince Andy to write a security plug-in that would > accept the randez-vous token as credential for exactly this reason. Andy, can > you please remind my what was your argument against it? a) Not all credentials are forwrdable. b) For those that are you have to explicit ask for forwardavle credentials. Given the problems users already have handling certs adding that one on top would just make things more complicated. c) You can't bypass the authentication step in the server without opening a big security hole. d) It's not that complicated giving a server a host cert that can be used for authentication. e) We wanted the protocol to be easy to use via HTTP. All of the above sinply say that doing the token the way that it is done was the best approach. Andy ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1