Francesco Giacomini

After some internal discussion, I reopen the issue because the proposed solution risks to open a security weakness, since the link between a user and a certificate specified only via...

The changes are already merged in the develop branch, so the status quo is that they would appear in the release 1.11. But we will very likely "unmerge" them.

The hypothetical `register_certificate` command is something Vincenzo and I have discussed as a possible option to simplify life to a user; but to me it doesn't look much simpler than...

Since there is such strong demand, we will re-evaluate the inclusion of the modification that was prepared by Davide, with some changes, in particular that the feature needs to be...

> I added the `IAM_CLIENT_LAST_USED` table with a bidirectional one to one relationship with `CLIENT_DETAILS`. The column `LAST_USED` on `CLIENT_DETAILS` references the `ID` of `IAM_CLIENT_LAST_USED` and initially is set to...

> 4. to give an operator who has to debug oidc-agent related issues (for istance) the device code generated during the OAuth device code flow would help in debugging, without...

> Is there an use-case where dynamic anonymous registration is useful on the production IAM instances? All oidc-agent clients are dynamically and anonymously registered (for ATLAS it's 118 out of...

> I guess this is just a side effect that `oidc-agent` doesn't support something better... should not we just ask developers of this tool to improve supported registration methods? Sure....

In fact the check in `voms-proxy-init` (C/C++ version) is probably wrong, since the target represents where the proxy will be used, not where it is generated; it corresponds to the...

I agree with the general attitude not to break anything and we try to have a testsuite with good coverage. The ts uses our products, but you allude to other...