About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [db-wg] restoring person object

  • To: Shane Kerr shane@localhost
  • From: Piotr Strzyzewski <Piotr.Strzyzewski@localhost
  • Date: Tue, 22 Sep 2009 21:52:08 +0200
  • Cc: Database WG db-wg@localhost
  • Organization: Silesian University of Technology, Computer Center
On Tue, Sep 22, 2009 at 09:19:53PM +0200, Shane Kerr wrote:
> On Tue, 2009-09-22 at 20:01 +0200, Piotr Strzyzewski wrote:
> > On Tue, Sep 22, 2009 at 04:24:28PM +0200, Denis Walker wrote:
> > > The member
> > > would reference what he believes to be his PERSON object based on the
> > > information in his own database, but in fact a completely different
> > > person would be referenced. As no authorisation is required to reference
> > > a PERSON object and no notification is sent when such a reference is
> > > made, no one will know a mistake has been made.
> > 
> > I see potential problem here. In my opinion this lack of authorisation
> > could lead to situation in which some person/role objects are referenced
> > on purpose without asking its owners. There could be at least two
> > reasons for such behaviour:
> > - lazy customer reference upstream's contacts,
> > - nasty person reference some objects to mislead users who are looking
> >   for abuse contact.
> > Moreover, it is hard to convince such a person to change his/her objects
> > to not reference those person/role objects.
> > 
> > Maybe we should think about some additions to person, role and/or mntner
> > objects? My raw proposal is:
> > 1. Add "ref-nfy" field to person/role, which stores email address which
> > is notified about such reference.
> > 2. Add boolean "mnt-per" field to mntner object. This field could
> > indicate if person/role objects protected by this mntner should be
> > authorised when they are referenced. Both upd-to and mnt-nfy fields
> > should be used accordingly.
> 
> Perhaps instead of "mnt-per:" in mntner objects, we could add the
> "mnt-ref:" attribute to person/role objects. This exists in the
> organisation class in order to prevent exactly these kind of
> unauthorised references.
> 
> It's mandatory in the organisation class, but since person objects don't
> have to have "mnt-by:", we would leave "mnt-ref:" as optional for
> person/role objects.
> 
> The advantage of something like "mnt-per:" is that you could protect
> huge groups of person objects by adding a single attribute. I think it
> might be a bit confusing though, and I like the idea of re-using an
> existing mechanism (although it is possible that I helped with the
> "mnt-ref:" in organisation objects, so I am probably biased). ;)

I fully support this solution. I totally forgot about "mnt-ref". ;-)

Piotr

-- 
gucio -> Piotr Strzyżewski
E-mail: Piotr.Strzyzewski@localhost
Post To The List:

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community