Print

Print

What is wanted here is the actual DN string which is not an official part of the SecEntity structure

But the GSI plugin can be instructed to either put the DN into the user structure or the monitoring info (personally, I'd do that latter!). So, if XRootD logged the SecEntity, Andrew could do either.

look at SciTokens where there really is no DN equivalent

The token subject is quite similar to the DN (and also located in the SecEntity). The difference is the contents of the string is often privacy-preserving (having no part you can type into Google and have a good guess as to the human's name); another difference is that a single human being can have a different subject for each unique user (I might be "user1234" in ATLAS and "user5678" in CMS).

(I think Andrew Melo could even get away without the DN and just use the hash if all he wants to correlate heavy levels of usage and be able to ban users.)


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/1738/1188498394@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1738#issuecomment-1188498394", "url": "https://github.com/xrootd/xrootd/issues/1738#issuecomment-1188498394", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1