> On Feb. 4, 2020, 7 a.m., Qian Zhang wrote: > > I see you mentioned `authorization server` in the commit message for the > > patches in this patch chain, I think it should be `authentication server`, > > right?
Well, I try to follow conventions they use in the "Docker Registry v2 authentication" spec: https://docs.docker.com/registry/spec/auth/token/ Throughout that spec, this entity is called `authorization` server/service. Your question is perfectly valid: in reality, that service is responsible both for authenticating and authorizing. A bearer of the returned Bearer token is both authenticated (it is what it claims it is) and authorized (it is allowed to access the realm-scopes-service used in the request to authorization server). However, I suggest that we stick to the name from the spec, despite the fact that it might cause confusion. - Andrei ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72077/#review219480 ----------------------------------------------------------- On Feb. 3, 2020, 5:54 p.m., Andrei Sekretenko wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72077/ > ----------------------------------------------------------- > > (Updated Feb. 3, 2020, 5:54 p.m.) > > > Review request for mesos, Andrei Budnik and Qian Zhang. > > > Bugs: MESOS-10092 > https://issues.apache.org/jira/browse/MESOS-10092 > > > Repository: mesos > > > Description > ------- > > This is a prerequisite for adding fallback authorization server URI > generation (see MESOS-10092) in the next patches, which will need one > more URI extractor similar to `getManifestUri()`/`getBlobUri()`. > > > Diffs > ----- > > src/uri/fetchers/docker.cpp 75df80bfd59323e06bf563d15a98af244b5b1874 > > > Diff: https://reviews.apache.org/r/72077/diff/1/ > > > Testing > ------- > > > Thanks, > > Andrei Sekretenko > >
