 |
 |
I also suspected that using the rendezvous token/key as authentication token in place of ZTN would present some problems for validation. I meant to say, "for ZTN in place of a bearer token." ________________________________________________ Albert L. Rossi Senior Software Developer Scientific Computing Division, Scientific Data Services, Distributed Data Development FCC 229A Mail Station 369 (FCC 2W) Fermi National Accelerator Laboratory Batavia, IL 60510 (630) 840-3023 ________________________________ From: Albert Rossi <[log in to unmask]> Sent: Saturday, April 2, 2022 8:46 AM To: Andrew Hanushevsky <[log in to unmask]>; Brian Paul Bockelman <[log in to unmask]> Cc: xrootd-dev <[log in to unmask]> Subject: Re: ZTN and TPC In the way rendezvous TPC work the ztn token will never be used for anything other than validation (which is all that ztn cares about anyway). Good point, Andy. Even if the ZTN token carries very specific audience and scope claims, the fact that the rendezvous key serves as an authorization "pass" means that this is a non-issue. I also suspected that using the rendezvous token/key as authentication token in place of ZTN would present some problems for validation. On the other hand, could you not have the situation where what is a valid ZTN token at the destination is not valid at the source? If both are in the same organization, I suppose not, but inter-organizational? That is, the issuer and audience recognized by one is not recognized by the other (ZTN validates those two things, at least on a JWT bearer token, correct?) Al ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1