 |
 |
Hi all, Took a quick look at the setup this morning. I think it's behaving correctly but, unfortunately, the correct behavior isn't all that useful. @abh3 - when we discussed ZTN with the dCache folks, one item discussed is what the ZTN token should do beyond authorizing a session creation (which is all it does today). Particularly, my recollection was that if the user didn't present a token in a subsequent operation, we wanted to utilize the token from the session to determine whether the operation was authorized. Implementing the "session token" behavior is fairly straightforward (preserve the session token in a XrdSecEntity attribute, utilize the token later in the authorization later) -- any objections to doing that? Otherwise, we probably need an XrdCl update to always send a token with operations in addition to the session token. Thoughts? Brian -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1584#issuecomment-1032638992 You are receiving this because you commented. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1