This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] NWIs update
- Previous message (by thread): [db-wg] NWIs update
- Next message (by thread): [db-wg] NWIs update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tore Anderson
tore at fud.no
Tue Apr 9 12:58:30 CEST 2019
Hi Denis, * ripedenis--- via db-wg > NWI-8 LIR´s SSO Authentication Groups > > We agreed on this problem definition: > > Problem Definition > LIRs would like a mechanism to easily add/remove users to centralised SSO authentication groups for maintaining objects in the RIPE Database. > > Do we agree on this (staged) solution definition? > (Draft) Solution Definition > > Stage 1 > > -Non billing Users listed in an LIR´s portal account, who have an SSO authentication account, will be contained in a default authentication group There seems to be a underlying presumption here that it is possible to have users in the LIR Portal which do not have SSO accounts. To the best of my knowledge, this is not the case - users associated with an LIR in the LIR Portal *are* SSO (i.e., RIPE NCC Access) accounts. Therefore, the «who have an SSO authentication account» part is redundant. > -Non billing users added or removed through the portal UI, who have an SSO authentication account, will be automatically adjusted in this group See above - «who have an SSO authentication account» is redundant. > -This authentication group can be referenced in MNTNER objects by a new authentication method Given https://www.ripe.net/ripe/mail/archives/db-wg/2019-February/006167.html, perhaps rewrite this one as: «This authentication group can be referenced directly in mnt-*: attributes in database objects, or if that is not feasible, as a new authentication method in MNTNER objects.» > -These authentication groups for LIRs will be stored in a way that updates to the RIPE Database is not dependent on the availability of the portal service OK > -(Non billing users who did not have an SSO authentication account who then create one, will be automatically adjusted in this group - NCC, is this feasable?) See above - this bullet can be removed completely. > -(Non billing users who are listed in the LIR's authentication group who then delete their SSO authentication account, will be automatically adjusted in this group - NCC, is this feasable?) See above - this bullet can be removed completely. > Stage 2 > > -Non billing Users listed in an LIR´s portal account, who have an SSO authentication account, can be added to and removed from user defined SSO authentication groups See above - «who have an SSO authentication account» is redundant. > -Each User can be a member of any number of named groups OK > -The authentication groups can be configured using the portal UI OK > -These groups can be referenced in MNTNER objects by the new authentication method See above - rewrite to something like «these groups can be referenced directly in mnt-*: attributes in database objects, or by the new authentication method in MNTNER objects crated during stage 1». Tore
- Previous message (by thread): [db-wg] NWIs update
- Next message (by thread): [db-wg] NWIs update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]