This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] The New "organisation object" Proposal
- Previous message (by thread): [ncc-services-wg] Re: [db-wg] The New "organisation object" Proposal
- Next message (by thread): [db-wg] The New "organisation object" Proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ulrich Kiermayr
ulrich.kiermayr at univie.ac.at
Wed Sep 3 16:12:49 CEST 2003
Hello, > "org:" > > [ .... ] UNSPECIFIED" values. It is optional in all other objects, > and it is single valued in all objects. This Restriction may be reasonable for 'ressources' but for persons/roles beeing single does not make sense to me, because a person can belong to more than one organisations. if it was single I'd have to duplicate the object just to reflect that. > 4. Authorisation checks ---------------------------------- > > When modifying an organisation object the update must pass > authorisation checks specified by one of the mntners listed in the > "mnt-by:" attributes of the organisation object. > > When adding an "org:" attribute to an object, the update of the > object should pass the following authorisation checks: > > - from one of the maintainers of the organisation object Ihis might be problematic as well, because. There are situations where an organisation is not maintaining it's own org-object (e.g. LIR-Organisations). So if I want to reference the object in the new staff-member's person object, i'd have to go to whoever maintains the org-object. In that case the Ripe-NCC (could not chech wether this person really belongs to my organisation)[1], therefore they would just say yes (or no?) so the idea would be to seperate the reference authorisation from the object-maintainer. Like in the irt-object one could introduce an 'auth:' attribute to check the tagging. Apart from that it sounds confusing to me to introduce different behavouurs for simmilar things (reference irt: compared to reference org:) > - from one of the maintainers of the object being updated btw. speaking of irt-objects: might we want to think about adding the mnt-irt: to the organisation as well (reflecting a different constituency model: being responsible for an organisation as compared to being responsible for a ressource). i hope this makes sense lG uk [1] Or do we want the NCC to perform these checks?! -- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network/Security Universitaetsstrasse 7, 1010 Wien, Austria eMail: ulrich.kiermayr at univie.ac.at Tel: (+43 1) 4277 / 14104 Fax: (+43 1) 4277 / 9140
- Previous message (by thread): [ncc-services-wg] Re: [db-wg] The New "organisation object" Proposal
- Next message (by thread): [db-wg] The New "organisation object" Proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]