In theory the roles can be added to the token, however I would consider not using this option at the redirector. You may want to do the full https/voms authorization at the redirector, and use this option only at the data servers, of course you shall do this only if you don't need data encryption. About the performance, I can't comment on the use cases cited by Brian, basically involving big streams. I can comment on mine, involving 10-20KHz of transactions of a few bytes, and there used to be a big difference, so for the DPM cluster control protocol this option is giving benefits. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/745#issuecomment-401371366 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1