Hi, this discussion is very positive and welcome indeed, and we all share the need of forwarding security credentials with a certain level of flexibility. I understand the direction of willing to keep the xrootd protocol in the back of a gateway, and it makes sense to me. Even if I like the idea of a macaroon for this use case I'd also vote for the XrdSSS approach, and hope that it becomes able to forward the additional info that an XrdSecEntity instance can hold. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1115#issuecomment-590855935 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1