Skip to content

Use bearer tokens for third-party-transfer

Brian Paul Bockelman requested to merge bbockelm/fts3:fts_token_issuer into develop

With this work, the client can include a source and destination token issuer in the file-metadata.

When this is included, FTS3 will try to use libX509SciTokensIssuer (as from https://github.com/bbockelm/x509-scitokens-issuer) to generate a bearer token from a X509 certificate.

If successful, FTS3 will then configure GFAL2 to utilize the bearer token instead of the GSI proxy (see dmc/gfal2!8 (merged)).

Overall, this allows one to do HTTP-based third-party-copy without having to contact either endpoint using GSI.

Merge request reports