Update Origin Authfile and Scitokens file to only accept Authorized Caches #1719
Comments
|
Note, this will require multiple token support to be in xrd scitokens and tokens to be issued for a cache before it can be implemented. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a cache tries to get information from an origin after being redirected there from a Director. It needs to include and pass a 'cacheToken' to the origin.
The origin then needs to use this tokens in to authorize access to the origin.
Basically, for all capabilities (with one notable exception described below), the origin should require a cache token as well as any other issued token to access data.
For example: public reads access will need to be in the scitokens file behind the cache token, whereas writes access will require both the cache token AND the the normal access tokens.
The one major exception is if the origin allows direct reads. In which case reads will be allowed by anyone with access.
The text was updated successfully, but these errors were encountered: