This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Personalised authorisation
- Previous message (by thread): [db-wg] Personalised authorisation
- Next message (by thread): [db-wg] Personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis
ripedenis at yahoo.co.uk
Mon May 18 17:57:08 CEST 2015
Hi Shane On 18/05/2015 14:43, Shane Kerr wrote: > Tim, Denis, other database folks, > > On Sat, 16 May 2015 16:46:44 +0200 > Tim Bruijnzeels <tim at ripe.net> wrote: > >>> The basic idea was to allow authorisation tokens in PERSON objects, >> Yes, the important point here is that the credentials are on PERSONs, >> rather than in one anonymous blob that is today's MNTNER. > Basically, I think of PERSON objects as reflecting contact information > about someone in the real world. This has nothing to do with database > administration. > > ROLE objects are a handy layer of indirection so that you can > substitute a job function any place you need contact information. > Again, nothing to do with database administration. I think it is a question of mindset here. You are thinking of the ROLE object in the context it has been implemented within the RIPE Database. Right now it is only used for contacts. As a long established and experienced user of the DB that makes sense to you. It is how you have always seen it and used it. But think about the definition of the word 'role'. " A prescribed or expected behavior associated with a particular position or status in a group or organization." " Jobs or positions that have a specific set of expectations attached to them." So in an organisation, if a group of people carry out a shared or common task, they collectively fulfil a role. When you talk to newbies to the database this is how they tend to think. When they say "we maintain the data" they are actually thinking about a group of people tasked to perform this action collectively....that is a role. This is why it takes so long on the DB training course to teach newbies how to set up a person and maintainer. You have to first sweep away their natural thoughts and then re-educate them into the ways of the MNTNER object. cheers denis > > MNTNER objects are the equivalent of a website login. They are a way to > authenticate yourself to the database as a database user. They have > nothing to do with contact information. > > ---- > > This seems pretty straightforward, but it does seem to confuse > everyone. Possibly the confusion comes from the name? "Maintainer" > doesn't really scream "this is how I authenticate myself, and what > authorizations are attached to". > > I guess I'm fine with adding new authorization mechanisms to the > database... compared to our existing mechanisms it doesn't make > anything less secure. I do worry about it increasing the confusion > rather than making things more straightforward though. :( > > Cheers, > > -- > Shane -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20150518/b421e6b3/attachment.html>
- Previous message (by thread): [db-wg] Personalised authorisation
- Next message (by thread): [db-wg] Personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]