-
I think that global access to squids is generally a bad idea. If global caching is needed, using the Cloudflare CDN through something like [openhtc.io](https://openhtc.io) is much more effective and …
-
For supporting IOTA CAs (see http://wiki.eugridpma.org/Main/IOTASecuredInfraAP) Argus must be able to authorize users based on the combination VO + CA or more specifically, on VO + AP. In short, the I…
-
The location of the `.well-known` directory is a bit of a mess.
* The location of the directory is defined by RFC 5785.
* OIDC's definition of `.well-known` violates RFC 5785 but is codified in th…
-
I haven't tested it, but according to the code it appears that if reading of the public keys fail, this library will re-try reading those keys with every validation attempt. Instead, there should be …
-
**Impact of the new feature**
MSUnmerged (but we might decide to extend it across WM services)
**Is your feature request related to a problem? Please describe.**
Yes, the `gfal2-util` package is …
-
SELinux prevents containers from attaching to overlay networks.
Could use the puppet module below in pre_deploy stage:
https://forge.puppet.com/puppet/selinux
And then issue a reboot before deploy…
maany updated
4 years ago
-
From email discussions, I recall that the document was written with the assumption that an issuer (an OP) supports exactly one VO.
Indeed, from my perspective, this assumption has quite wide-reachi…
-
Assuming the duration/lifetime of an access-token is:
* `exp - nbf`
In order to reduce confusion, one should be able to configure IAM to give exchanged and refreshed access-tokens the same durat…
-
Hi,
I was wondering if you had any plans to add support for using the `@OP` style suffix for oidcgrp fields in the multimap auth plugin, in a similar style to the one added to the oidc field?
I'…
-
Currently we only seem to support using LDAP for fetching benchmarks (HEPSPEC numbers) from the BDII or, for local jobs only, config setting.
Alternative methods should be added, such as:
- More…