I just outlined how out can do that. The addition of tokens adds a whole different aspect that no one has really thought in any great detail. Yeah, it's cool but it generally runs counter to all the security schemes we have. In the traditional security model, you would verify that if there is no identity information you at least have an "authz" token (whatever that means). I suppose you can forgo that and let the client slide through. But that is really bad security. That said, it looks like the lemmings are headed toward that point. So, essentially you have an anon presentation an you are hoping that the authorization layer will catch bad actors. Hah! That has never worked and it never will.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1236#issuecomment-652930903", "url": "https://github.com/xrootd/xrootd/issues/1236#issuecomment-652930903", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1