Have appropriate permissions and privileges implemented to authorize each operation *and* assign priority.
#1 Updated by Marc Mengel about 4 years ago
In particular, we need to make remote client connections be authenticated,
probably via certificate/proxy, along the lines of jobsub.
Note that where possible, if we can provide the proxied headers we currently do for shibboleth, (in particular X-Shib-Userid, X-Shib-Email, X-Shib-Name-First, X-Shib-Name-Last , or some reasonable subset) we can use the existing code unmodified, and just have another vhost proxying in the webserver.