This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] call for application authorisation ideas
- Previous message (by thread): [db-wg] call for application authorisation ideas
- Next message (by thread): [db-wg] call for application authorisation ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at instituut.net
Fri Aug 21 02:21:23 CEST 2015
On Fri, Aug 21, 2015 at 01:58:46AM +0200, denis wrote: > >CALL FOR IDEAS > >============== > > > >Now that personalised authorisation is covered and in progress, what > >about our poor applications? How should they authenticate with the RIPE > >DB? > > > >I see value in stuff like signalling to RIPE "this token can only be > >used for the API from this source IP address", I've also heard that > >OAUTH2 is magic and populair for app2app auth. Or maybe all of this is > >is overkill and we just need to GPG sign the payload of the requests to > >rest.db.ripe.net and call it a day? > > Whatever method is adopted let me suggest we avoid introducing a new > 'anonymous' element to authentication. One or more people should take > responsibility for running automated processes. So whatever token is chosen > it should be in PERSON objects. I beg to differ, applications are not persons, and applications are not tied to persons (at least not in the organisations where I have done work). If someone leaves the company, the application must continue to able operate. I agree it would be highly preferable if (if any) new token is not 'anonymous', it should be easy for the owner of the process to identify which application the token belongs to. Kind regards, Job
- Previous message (by thread): [db-wg] call for application authorisation ideas
- Next message (by thread): [db-wg] call for application authorisation ideas
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]