This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Proposed change 2003.4: "mnt-lower:" on set objects
- Previous message (by thread): [db-wg] Proposed change 2003.3: "reclaim:"-like functionality
- Next message (by thread): [db-wg] Another Proposal: Sort of generated Authorized-by Attribute + some PGP stuff
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at ripe.net
Tue Mar 4 15:56:13 CET 2003
Colleagues, This is one of a number of proposed changes to the way the RIPE Database works. These are changes that are intended to make the database work more consistently, as well as provide an increased level of security and control to users. Please have a look, and discuss it here. [2003.4] Addition of "mnt-lower:" to set objects ------------------------------------------------ Change: The "mnt-lower:" attribute will be optional for all set object types, which are as-set, filter-set, peering-set, route-set, and rtr-set. The "mnt-lower:" must authorise creation when hierarchical names are used. If it is not present, "mnt-by:" must authorise the creation. Motivation: The set objects in RPSL allow hierarchical names. The rules for authorising creation of such an object is documented in RPSS, and specifies that when an AS is used in the name, "mnt-lower:" on the aut-num object may authorise the creation, otherwise "mnt-by:" of the aut-num is used. In this case: as-set: AS1:AS-foo If AS1 had a "mnt-lower:" attribute, the maintainer listed there would have to authenticate the creation, otherwise the "mnt-by:" of AS1 would be used. This allows the administrator of an aut-num to delegate authority to create sets to maintainers without having to allow them to modify the aut-num itself. This functionality is not present within the set classes themselves. For example: as-set: AS1:AS-Foo:AS-Bar If AS1:AS-Foo object is allowed to have the "mnt-lower:" attribute, a maintainer that can create AS1:AS-Foo:AS-Bar but not modify AS1:AS-Foo can be used. -- Shane Kerr RIPE NCC
- Previous message (by thread): [db-wg] Proposed change 2003.3: "reclaim:"-like functionality
- Next message (by thread): [db-wg] Another Proposal: Sort of generated Authorized-by Attribute + some PGP stuff
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]