[db-wg] The New "organisation object" Proposal

 Ulrich Kiermayr <ulrich.kiermayr at univie.ac.at> writes:
 * Hi Engin,
 * 
 * >>so the idea would be to seperate the reference authorisation from the 
 * >>object-maintainer. Like in the irt-object one could introduce an 'auth:' 
 * >>attribute to check the tagging.
 * > 
 * > 
 * > OK, that makes sense too.
 * > 
 * > How about introducing "mnt-ref:" attribute for this purpose? That is,
 * > "mnt-by:" will protect/control the organisation object itself.
 * > And, "mnt-ref:" will control the references to this organisation
 * > object. Thus, an LIR org object might be:
 * > 
 * > organisation: ORG-AA11-RIPE
 * > [...]
 * > org-type:     LIR
 * > mnt-by:       RIPE-NCC-HM-MNT
 * > mnt-ref:      LIR-MNT
 * > mnt-ref:      RIPE-NCC-HM-MNT
 * 
 * This makes a lot of sense as well.
 * 
 * > To maintain consistency, perhaps we could do the same in irt 
 * > objects: Change the "auth:" attr into "mnt-ref:" and have mntner
 * > names in it (rather than auth methods directly). Also, "irt-nfy:"
 * > might be changed into "ref-nfy:", again for consistency. But perhaps
 * > this is out of scope...
 * 
 * Hmm, if we waht to change the behaviour for consistency, we should do it 
 *   now, when the irt is not to widely used.
 * 
 * If we agree on this more generic solution, we could extend this behavior 
 * to other Objects that can be referenced as well.
 * e.g. for mntner: itself. this would be a way tho prevent anyone from 
 * putting my mntner ont oan object. (This would solve the issue discussed 
 * in the context of the IRT Object - where the mntner of the object should 
 * be a proof of authenticity as well)
 * 
[snip]

It may be a bit of an overkill to add mnt-ref: to the mntner: as in most cases people would probably make it refer to itself, although it would be consistent. Another option to prevent un-authorised use (malicious or accidental) of a mntner is to require the mntner's own authorisation to be provided whenever it is added to an object.

cheers
denis