I. Recent DOMA-BDT discuss a lot "XRootd + Tokens". Clarification needed:

• Is this about XRootd WebDav interface?
• Is this via HTTPS or root:// protocol?
• If via root:// protocol, who is the community behind? (WLCG transfers are 95% over HTTPs)

II. Transition to tokens and Xrootd:

• Will need to access data from Storage Endpoints via Gfal2 + tokens?
• Gfal2 currently does not pass tokens to XRootd

III. Previous DOMA-BDT mentioned incorporating Gfal2 in the token compliance tests:

• Which protocols are targeted?

Answers

I. Community is any PC running analysis that needs direct data access. Usually done via XRootd

II. For HTTP, Gfal2 + tokens works. For root:// access, the underlying client can do the token discovery
III. This is about SAM/ETF tests. Point II applies here as well.

Gfal2 will not improve root:// + token support for the moment.

• Petr: we will have to restart this discussion once we are closer to provide CLI support for end users