This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] call for application authorisation ideas
- Previous message (by thread): [db-wg] call for application authorisation ideas
- Next message (by thread): [db-wg] call for application authorisation ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis
ripedenis at yahoo.co.uk
Fri Aug 21 01:58:46 CEST 2015
Hi Job On 20/08/2015 14:40, Job Snijders wrote: > Hi group, > > > I think all in the group agree that it would be very nice if you can > perform 100% of all operations without the need for any MD5-PW. I'll > even go as far as stating that we should not be looking at successors > such as SHA3-PW, let's leap forward and make the PW auth concept > entirely obsolete. :-) Why? I have never understood this almost religious obsession to get rid of passwords in the RIPE Database. Most of you life online involves passwords. Including lots of financial, legal and government interactions. What makes the RIPE Database so much more important that it should not use passwords? When it was suggested to hide the password hash I thought that was a mistake. We should have hidden the whole MNTNER object from public view. Why does anyone outside of my organisation need to see anything in my MNTNER object? Why should you know if I use a password or PGP or whatever? This is my business not yours. When personalised auth is introduced why should anyone outside of my organisation know 'who' in my organisation is responsible for maintaining my data? This is all my data management and has nothing to do with any internet operations. > > CALL FOR IDEAS > ============== > > Now that personalised authorisation is covered and in progress, what > about our poor applications? How should they authenticate with the RIPE > DB? > > I see value in stuff like signalling to RIPE "this token can only be > used for the API from this source IP address", I've also heard that > OAUTH2 is magic and populair for app2app auth. Or maybe all of this is > is overkill and we just need to GPG sign the payload of the requests to > rest.db.ripe.net and call it a day? Whatever method is adopted let me suggest we avoid introducing a new 'anonymous' element to authentication. One or more people should take responsibility for running automated processes. So whatever token is chosen it should be in PERSON objects. cheers denis > > DB-WG, please speak up and voice your ideas! > > Kind regards, > > Job >
- Previous message (by thread): [db-wg] call for application authorisation ideas
- Next message (by thread): [db-wg] call for application authorisation ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]