 |
 |
> On Jul 3, 2018, at 10:23 AM, Fabrizio Furano <[log in to unmask]> wrote: > > Hi, > > I would personally fix SecEntity with no mercy, as even now there are so many cases > of abuse of its fields, just to carry around information of some kind. A striking > example is that the user DN is kept in a "moninfo" field. There are others. > (and IMO the only way to clean it is to rename all of them, no mercy) Yes, this definitely should be cleaned up! That's separate from whether it has to be cleaned up to better support tokens though... > > The beautiful thing of SecEntity is that it's passed (almost) everywhere. That makes > it my best reference for accessing information about the connected client, including > the protocol that it's using to communicate (which is not there by now, or, ... > yes it's there in another abused field). (Yes - we actually need to fill in the protocol for HTTP / HTTPS!!!!) But again, this is a question about whether SecEntity is about the session or the request. > > I don't think I would like to see request information inside SecEntity. xrootd already has > a data structure modelling requests. It should be there. > Is there a way to put security information into the request structure (the XrdOucEnv -- does it have its own XrdSecEntity)? I worry about overloading the semantics of arbitrary key-value pairs with security data. Brian ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1