This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] API keys for database maintenance
- Previous message (by thread): [db-wg] API keys for database maintenance
- Next message (by thread): [db-wg] API keys for database maintenance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kirilo Vasiļiskovs
k.vasiliskovs at ua-hosting.company
Mon Mar 16 11:51:36 CET 2020
Hello, I also vote for a proper way of doing things. Normally APIs have their own ways of access management. Some of API key features are essential for access control: - API keys can be easily regenerated without changing normal account access (ok, this one is arguable benefit as we can just change the MD5 password if needed) - API keys and APIs have some mechanism to restrict access to just certain IPs (I don't remember this feature for MD5 passwords at all) - NOC people that have access to mntner objects and software developers are often different people, and so their access should be specifically limited to their job (e.g. giving API keys to the developers instead of the full access to mntner object). That's just a few advantages from the surface of my mind. I guess other people can add more. Respectfully / Ar cieņu, *Kirilo Vasiļiskovs.* ср, 11 мар. 2020 г. в 13:22, Sebastian Wiesinger via db-wg <db-wg at ripe.net>: > * Tore Anderson via db-wg <db-wg at ripe.net> [2020-02-21 11:54]: > > Hi WG. > > > > In the LIR Portal, at https://lirportal.ripe.net/api/, it is > > possible to issue API keys for use with several different RIPE NCC > > services. > > > > However, it is unfortunately not possible to issue API keys for the > > two APIs that are used for database maintenance; Syncupdates and the > > RESTful API. The documentation implies that the only authorisation > > [sic] method for those APIs is MD5-PW. > > Hello, > > I would support a modern approach to authorisation with the WEB API. > I don't think it should be bound the LIR portal (as there might be > users who are not an LIR). But some sort of API-friendly > authentication for maintainers would be appreciated, maybe coupled to > SSO user accounts. Just sending the password as an URL parameter is > not really a modern approach, also you would need to change the > maintainer password every time someone leaves the company. > > Best Regards > > Sebastian > > -- > GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 > B9CE) > 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE > SCYTHE. > -- Terry Pratchett, The Fifth Elephant > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20200316/09c9dd5f/attachment.html>
- Previous message (by thread): [db-wg] API keys for database maintenance
- Next message (by thread): [db-wg] API keys for database maintenance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]