Yes, filling in `SecEntity` sounds like a very good idea. I'm doing this to avoid: - Using bearer tokens when working over HTTP (inherently insecure due to trivial MITM issues, particularly if we want to do this with write-based workflows). - Avoid inadvertent "downgrades" from HTTPS to HTTP. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/619#issuecomment-343880478 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1