LISTSERV 16.5 - XROOTD-DEV Archives

Unfortunately, there's a few things you need besides X509:

Support for the proxy extensions outlined in RFC3820 (and, importantly, their validation). It's a surprisingly complex extension given the small portion we actually use...
- There were two prior versions of proxy extension formats; you can skip these in many cases.
Adding support for the signing policy / namespacing.
Support for the VOMS extensions and runtime environment. To the best of my knowledge, these are not clearly specified.

So, GSI support is really twofold - both understanding the extensions and the PKI runtime support.

Luckily, I suspect that all this can be built out of the elements exposed by the existing golang x509 module (same way all curent GSI implementations are built on top of the OpenSSL primitives). I'd guess someone with deep expertise would need about a week or two for all this?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@bbockelm in #757: Unfortunately, there's a few things you need besides X509:\r\n- Support for the proxy extensions outlined in RFC3820 (and, importantly, their validation). It's a surprisingly complex extension given the small portion we actually use...\r\n - There were two prior versions of proxy extension formats; you can skip these in many cases.\r\n- Adding support for the signing policy / namespacing.\r\n- Support for the VOMS extensions and runtime environment. To the best of my knowledge, these are not clearly specified.\r\n\r\nSo, GSI support is really twofold - both understanding the extensions and the PKI runtime support.\r\n\r\nLuckily, I suspect that all this can be built out of the elements exposed by the existing golang x509 module (same way all curent GSI implementations are built on top of the OpenSSL primitives). I'd guess someone with deep expertise would need about a week or two for all this?"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/757#issuecomment-401893441"}}} [ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/757#issuecomment-401893441", "url": "https://github.com/xrootd/xrootd/issues/757#issuecomment-401893441", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } }, { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB", "title": "Re: [xrootd/xrootd] specification of the GSI auth (#757)", "sections": [ { "text": "", "activityTitle": "**Brian Bockelman**", "activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png", "activitySubtitle": "@bbockelm", "facts": [ ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 757,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close issue", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 757\n}" }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/757#issuecomment-401893441" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 351089539\n}" } ], "themeColor": "26292E" } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1