Print

Print

Then the original ZTN needs things like the subject attribute which was not required to be there originally.

I'm not quite following. There's a subject in the token (among many other things, some of which may or may not be useful for authorization). I assume the semantics should be, if the token was not presented with a request, then the token from the session can be used as if it was presented with the request.

We are compelled to force TLS on the pools to protect the token sent with the opaque data

I think TLS should be forced on the pools regardless, token or no token, unless you differentiate between trusted LAN and WAN transfers.

Redirection is another case where using the session token is probably useful - the client doesn't have to keep track as to whether the authz CGI header should be sent or dropped.


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.Message ID: <xrootd/xrootd/issues/1584/1035134325@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1035134325", "url": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1035134325", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1