This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Proposal about personalised authorisation
- Previous message (by thread): [db-wg] Proposal about personalised authorisation
- Next message (by thread): [db-wg] Proposal about personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Aleksi Suhonen
ripe-ml-2015 at ssd.axu.tm
Thu Apr 9 12:44:37 CEST 2015
Hello, I support this proposal in general. I have a few questions below. On 04/08/2015 11:07 AM, Tim Bruijnzeels wrote: > The RIPE NCC has discussed the concept of personalised authorisation > on various occasions, most recently at the DB WG session at RIPE 69. > Following discussions and input from the working group we would now > like to propose the following additions to the RIPE Database: > > = Extend the person object template with "auth:" as an optional, > multiple attribute, with all current authentication methods. > = Extend the mntner object "auth:" attribute with a new method that > allows a reference to a person object that has at least one "auth:" > attribute. What happens if the all auth: attributes are later removed from a referenced person object? I foresee a potential security default. > Allowing "auth:" attributes on person objects also allows us to make > it easier for users to manage their person object in the RIPE > Database in combination with their Single Sign-On (SSO) account on > RIPE NCC Access as a single identity. I find this idea very convenient. However, I've noticed that some people or some companies prefer to maintain several separate person objects for a single person in different roles. I can't say I approve of this practise entirely, but I suppose we should still have a stated policy of how these cases should be handled. Examples: * one SSO account can be coupled with multiple person objects * a person with multiple person objects should create multiple SSO accounts, if they all need to be coupled Yours, -- Aleksi Suhonen () ascii ribbon campaign /\ support plain text e-mail -- Aleksi Suhonen () ascii ribbon campaign /\ support plain text e-mail
- Previous message (by thread): [db-wg] Proposal about personalised authorisation
- Next message (by thread): [db-wg] Proposal about personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]