This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] NWI-8: LIR's SSO Authentication Groups - Implementation Plan
- Previous message (by thread): [db-wg] NWI-8: LIR's SSO Authentication Groups - Implementation Plan
- Next message (by thread): [db-wg] NWI-8: LIR's SSO Authentication Groups - Implementation Plan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cynthia Revström
me at cynthia.re
Fri May 17 10:55:21 CEST 2019
I think this is a good idea as it accomplish the original goal and does not make the DB depend on the LIR portal. - Cynthia On Fri, May 17, 2019, 10:33 Edward Shryane via db-wg <db-wg at ripe.net> wrote: > Dear working group, > > here is the RIPE NCC's proposed implementation plan for NWI-8: LIR's SSO > Authentication Groups. > > Scope > > - To simplify the implementation, synchronisation will be done using the > existing SSO authentication method. > - Authentication groups (and any new authentication method) will be > deferred until later. > > Introduction > > - The synchronisation of non-billing users with the RIPE database will be > done with a default maintainer. > - Setting a default maintainer for the organisation is a pre-requisite for > synchronisation. > - A default maintainer is already able to maintain the organisation object > and top-level resources. > - Extending this existing mechanism simplifies the synchronisation of > users. > > Implementation > > - A new checkbox will be added to the Account Details page in the LIR > Portal, in the Maintainer section. > - "Synchronise non-billing users with the default maintainer". > - If no default maintainer is set, the checkbox is disabled. > - The synchronise checkbox is not checked by default (the user must > confirm this action first). > - When the user enables the synchronise checkbox, they must first > authenticate with the default maintainer. > - The user must prove they control the maintainer before user > accounts are added to it. > - If the user's account is already present on the maintainer, this > authentication is automatic. > - Otherwise if the maintainer contains any password credentials, > the user will be asked for a password. > - Otherwise the user is asked to first add their credentials to > the maintainer separately. > - Once the checkbox is enabled, synchronisation is performed. > - Any existing user accounts are removed from the maintainer. > - Any non-billing user accounts are added to the maintainer. > - Any other credentials (passwords or PGP keys) are not affected. > - After synchronisation is enabled > - Whenever a non-billing user is added or removed from the > organisation, the default maintainer is updated accordingly. > - A default maintainer can only be synchronised with a single organisation. > - If a user is removed from one organisation, but remains in a > different organisation, this would create a conflict when synchronising. > - If synchronisation is disabled > - Users are no longer synchronised with the default maintainer, > but existing user accounts are not removed. > - Notifications > - To receive email notifications when the default maintainer is > updated, use the notify: and/or mnt-nfy: attribute(s) on the maintainer > itself. > > > Regards > Ed Shryane > RIPE NCC > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20190517/f9c58019/attachment.html>
- Previous message (by thread): [db-wg] NWI-8: LIR's SSO Authentication Groups - Implementation Plan
- Next message (by thread): [db-wg] NWI-8: LIR's SSO Authentication Groups - Implementation Plan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]