Print

Print

Hi all,

Took a quick look at the setup this morning. I think it's behaving correctly but, unfortunately, the correct behavior isn't all that useful.

@abh3 - when we discussed ZTN with the dCache folks, one item discussed is what the ZTN token should do beyond authorizing a session creation (which is all it does today).

Particularly, my recollection was that if the user didn't present a token in a subsequent operation, we wanted to utilize the token from the session to determine whether the operation was authorized.

Implementing the "session token" behavior is fairly straightforward (preserve the session token in a XrdSecEntity attribute, utilize the token later in the authorization later) -- any objections to doing that?

Otherwise, we probably need an XrdCl update to always send a token with operations in addition to the session token.

Thoughts?

Brian


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.Message ID: <xrootd/xrootd/issues/1584/1032638992@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1032638992", "url": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1032638992", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1