What is wanted here is the actual DN string which is not an official part of the SecEntity structure
But the GSI plugin can be instructed to either put the DN into the user structure or the monitoring info (personally, I'd do that latter!). So, if XRootD logged the SecEntity, Andrew could do either.
look at SciTokens where there really is no DN equivalent
The token subject is quite similar to the DN (and also located in the SecEntity). The difference is the contents of the string is often privacy-preserving (having no part you can type into Google and have a good guess as to the human's name); another difference is that a single human being can have a different subject for each unique user (I might be "user1234" in ATLAS and "user5678" in CMS).
(I think Andrew Melo could even get away without the DN and just use the hash if all he wants to correlate heavy levels of usage and be able to ban users.)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1