This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] Personalised authorisation

Previous message (by thread): [db-wg] Personalised authorisation
Next message (by thread): [db-wg] Personalised authorisation

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tim Bruijnzeels tim at ripe.net
Thu Jun 18 15:38:17 CEST 2015

Hi Sacha,

> On 17 Jun 2015, at 18:06, Sascha Luck [ml] <dbwg at c4inet.net> wrote:
> 
> Hi Alex,
> 
>> Our current proposal allows authorisation on person objects for
>> those who want it, through maintainer objects
> 
> Does this mean that calling a maintained object will spit out a
> reference to a mntner: object

Yes, that's unchanged. The mnt-* attributes are in the object output.

> which will spit out a ton of references to person: objects which are authorised to make
> changes on the original object?

No, our idea was that the "auth:" attributes referencing persons would be filtered for unauthorised users. Just like we filter SSO emails and MD5 hashes today.

Only *authorised* users would be able to see this, i.e. a user who is logged into web updates and who is authorised for this maintainer (i.e. has their SSO on this maintainer, or on a person object authorised for this maintainer).

Similarly we would filter "auth:" attributes for person objects, unless the user looking at this is authorised. Typically that would be a user looking at their own credentials.

Cheers
Tim

Previous message (by thread): [db-wg] Personalised authorisation
Next message (by thread): [db-wg] Personalised authorisation

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]