 |
 |
I agree that the policy should be standard and expected. I don't think it will take much for the dCache door to hang on to the ZTN token and "override" it with anything sent as CGI ... as I said, my original approach when I was first implementing this was precisely to do that. I won't go ahead and make this change, however, until I get the green light from you all. Also, I am curious: aside from proprietary uses like ALICE, when GSI/x509 goes by the wayside, is native xroot third-party copy basically dead, or do we at some point plan to have a discussion about token support there? I know last year Andy and I had this discussion and the conclusion was basically wait and see what other people want. Any sense of this? Thanks, Al ________________________________________________ Albert L. Rossi Senior Software Developer Scientific Computing Division, Scientific Data Services, Distributed Data Development FCC 229A Mail Station 369 (FCC 2W) Fermi National Accelerator Laboratory Batavia, IL 60510 (630) 840-3023 ________________________________ From: Andrew Hanushevsky ***@***.***> Sent: Tuesday, March 8, 2022 10:36 PM To: xrootd/xrootd ***@***.***> Cc: Albert Rossi ***@***.***>; Mention ***@***.***> Subject: Re: [xrootd/xrootd] ZTN and Scitokens auth (Issue #1584) After a 2.5 hour discussion on this topic, I do see the benefit of extending what ztn does as it's very much the same what a user would do in many circumstances. There is one caveat, if we allow the ztn token to be used as the default token(which is now possible to do in he SciToken authorization plug-in) then it either we do it always or we never do it. There is nothing in between if we want to provide reliable and consistent SciToken authorization. That mean a bit of work for @alrossi<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_alrossi&d=DwMCaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=CmfiDLGETrl831IeWt_t3PG1gIwf-CzI2wKPedb03ESFABR_M_ME4tYXvs5fT4MD&s=uEGZLWlfkuGmOp-50E1GiPUiH2CA8-OAHMK1g0r89tE&e=> but I don't think he minds as long as the result leads to a better user experience. So, what is the verdict here? — Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_xrootd_xrootd_issues_1584-23issuecomment-2D1062546234&d=DwMCaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=CmfiDLGETrl831IeWt_t3PG1gIwf-CzI2wKPedb03ESFABR_M_ME4tYXvs5fT4MD&s=oju7Svkhs_tzTp_0H0azS6nyHiNLgbP8GSIC_aSeHyI&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AA6NBHGOBWIIPX52GXMCX63U7ATGFANCNFSM5LUMRMZQ&d=DwMCaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=CmfiDLGETrl831IeWt_t3PG1gIwf-CzI2wKPedb03ESFABR_M_ME4tYXvs5fT4MD&s=td_2XK-a0AK88OH8aHcxvZzvirJwm_Pn7Fjp9imvymE&e=>. Triage notifications on the go with GitHub Mobile for iOS<https://urldefense.proofpoint.com/v2/url?u=https-3A__apps.apple.com_app_apple-2Dstore_id1477376905-3Fct-3Dnotification-2Demail-26mt-3D8-26pt-3D524675&d=DwMCaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=CmfiDLGETrl831IeWt_t3PG1gIwf-CzI2wKPedb03ESFABR_M_ME4tYXvs5fT4MD&s=R03x_5wtq4HMQry0FSP1HUDx_Rbe5yhP60TrFMkXKoY&e=> or Android<https://urldefense.proofpoint.com/v2/url?u=https-3A__play.google.com_store_apps_details-3Fid-3Dcom.github.android-26referrer-3Dutm-5Fcampaign-253Dnotification-2Demail-2526utm-5Fmedium-253Demail-2526utm-5Fsource-253Dgithub&d=DwMCaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=CmfiDLGETrl831IeWt_t3PG1gIwf-CzI2wKPedb03ESFABR_M_ME4tYXvs5fT4MD&s=lAUN-9VFhh2umzNkGSki7AcVHWDgM1hNhU8_DnuoINU&e=>. You are receiving this because you were mentioned.Message ID: ***@***.***> -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1584#issuecomment-1062958108 You are receiving this because you commented. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1