Hello @bbockelm @olifre
Well, this is actually more involved than one might think. Technically, if you have a bearer token you don't need to authenticate. On the other hand, requiring authentication gives you a chance, perhaps small but in our case not very small, to detect stolen bearer tokens (e.g. a CMS user stealing an ATLAS file :-)

I suspect many experiments will want authenticated third party transfers. That said, there is technically no reason why http or xrootd can't support unauthenticated transfers as long as the bearer token is valid.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/xrootd/xrootd/issues/694#issuecomment-390799712","url":"https://github.com/xrootd/xrootd/issues/694#issuecomment-390799712","name":"View Issue"},"description":"View this Issue on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}} {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@abh3 in #694: Hello @bbockelm @olifre \r\nWell, this is actually more involved than one might think. Technically, if you have a bearer token you don't need to authenticate. On the other hand, requiring authentication gives you a chance, perhaps small but in our case not very small, to detect stolen bearer tokens (e.g. a CMS user stealing an ATLAS file :-)\r\n\r\nI suspect many experiments will want authenticated third party transfers. That said, there is technically no reason why http or xrootd can't support unauthenticated transfers as long as the bearer token is valid. "}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/694#issuecomment-390799712"}}} { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "37567f93-e2a7-4e2a-ad37-a9160fc62647", "title": "Re: [xrootd/xrootd] TPC requires server-to-server XRootDTransport authentication (#694)", "sections": [ { "text": "", "activityTitle": "**Andrew Hanushevsky**", "activityImage": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png", "activitySubtitle": "@abh3", "facts": [ ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 694,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close issue", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 694\n}" }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/694#issuecomment-390799712" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 328188433\n}" } ], "themeColor": "26292E" }

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1