This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] anyone using the RIPE Databse MUST now have an SSO account?
- Previous message (by thread): [db-wg] anyone using the RIPE Databse MUST now have an SSO account?
- Next message (by thread): [db-wg] anyone using the RIPE Databse MUST now have an SSO account?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis
ripedenis at yahoo.co.uk
Tue Dec 1 13:23:21 CET 2015
Hi Alex Thanks for the explanation. I am not against increased accountability and removal of the anonymity of MNTNER objects. I have been pushing for that for many years. But I think it is better to discuss this upfront and have agreement rather than slip it in with an update to a user interface. Anyone who wants to update their MNTNER now and needs to query it will find they have to create an SSO account and link it to the MNTNER before they can even query it. That should have been made clear in advance. I am also not convinced by this religious campaign that passwords are evil. Perhaps the way they are implemented in the RIPE Database is not good, but that is down to the data model. That thing that is long over due for a serious review but no one dares to talk about. You now have a situation where updates using the API must be done with a password, updates done with Webupdates must be done with SSO and updates done by email should be done with PGP. So you have actually increased the complexity of the already over complex authorisation model. cheers denis On 01/12/2015 12:44, Alex Band wrote: > Hi Denis, > > It's only mandatory to be logged in with a RIPE NCC Access account to > *use* webupdates. It is still possible to create and update objects > with MD5 passwords, although we strongly encourage users to adopt our > Single Sign-On system. The new interface will actively help users > with that process. > > The reasons for this strategy are the numerous downsides to MD5 > passwords, with the most important one being the fact that forgotten > passwords are frustrating for users and in most cases require > intervention from the RIPE NCC. This actually accounts for a vast > amount of support tickets, each one requiring meticulous identity > verification to prevent attempted resource hijackings. > > The implementation is quite ambitious, but the result is that almost > a thousand maintainers have been migrated to using SSO in less than a > week. A softer approach would have likely sustained the current > issues for years to come. Ultimately, RIPE NCC Access offers users > better security, seamless authentication across all RIPE NCC > services, optional two-step verification and the ability to reset a > lost password without RIPE NCC intervention. > > Kind regards, > > Alex > >> On 30 Nov 2015, at 18:07, ripedenis at yahoo.co.uk wrote: >> >> Hi guys >> >> When was it discussed, agreed or announced that Webupdates will no >> longer allow objects to be created or updated with a password? >> >> As Webupdates is the only way to access an unfiltered version of >> your own MNTNER object, it is no longer possible to even retrieve a >> version of your own MNTNER without signing up for an SSO account. I >> did not realise this has become mandatory. >> >> So has it been agreed that SSO is the only authorisation method >> allowed to access the RIPE Database? Did I miss the announcement >> that passwords and PGP are being deprecated? >> >> cheers denis >
- Previous message (by thread): [db-wg] anyone using the RIPE Databse MUST now have an SSO account?
- Next message (by thread): [db-wg] anyone using the RIPE Databse MUST now have an SSO account?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]