Hi Ekr, On 2020-07-28 13:54, Eric Rescorla wrote: > On Tue, Jul 28, 2020 at 4:43 AM Henrik Levkowetz <henrik@xxxxxxxxxxxxx> > wrote: > >> > The point being that these bespoke tools have a cost, not just in units >> of >> > dollars, but also in choice, reliability, etc. We should think hard >> about >> > what is so essential in our DNA that it merits all the costs. >> >> And base decisions and engineering on real data, instead of guesswork. >> > > I have no special insight in what is happening, but I would make two points: > > 1. A number of people are experiencing authorization failures (as Richard > reports) Yes, and all of them boil down to one issue: These are people who have multiple registrations (hackathon, remote) where they have used different email addresses for the different registrations, and there has been a difficulty connecting up the registration with the required 'remote' reg_type for WG/RG session participation with the datatracker login. > 2. For some reason, Meetecho seems to be re-contacting the datatracker > every time the user joins a new session rather than remembering that the > user is authenticated. This seems like it potentially exacerbates (1), This is as designed. Meetecho knows nothing about a new connection than what it gets from the datatracker, and arguably should not. If you want to change this, I think you'll need to re-design OpenID Connect. Anyway, the load of the OpenID Connect queries is maybe one tenth of the remaining load at peak login, so why exactly is this an issue? (FWIW, I thought about caching myself, but realized that there would be security issues with that, and let it go, since the load simply wasn't an issue). Henrik
Attachment:
signature.asc
Description: OpenPGP digital signature
