- compliance testbed
wlcg.groups
in the token are now sufficient to authorize storage access (issue#21)
- no
storage.*
scope necessary
- compliance tests updated
- 2 related dCache compliance tests now fails
- no agreement yet on different 401 vs. 403 error codes
- xroot protocol with TLS and tokens
- should work fine for two party copy
- not completely clear if we have compatible third party implementation
- passing tokens from xrdcp command
- two different auth mechanisms - token & ZTN
- dCache has to implement ZTN fallback to be fully compatible with XRootD
- there may still be changes how xroot client deals with tokens