This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] API keys for database maintenance

Previous message (by thread): [db-wg] API keys for database maintenance
Next message (by thread): [db-wg] API keys for database maintenance

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tore Anderson tore at fud.no
Fri Mar 20 11:38:13 CET 2020

* Gunnar Guðvarðarson via db-wg

> My main issue with API Keys is them being attached to SSO accounts. What about when the employee leaves the company?
> He gets removed from auth on the mntner, all the apps he set-up break? Making admins hesitant about removing user access.
> 
> API access needs to be bound to the mntner in some form imho.

Agreed. Well, one does not need to rule out the other - it ought to be possible to support both personal API keys (bound to an SSO account) and impersonal API keys (bound to an LIR and/or mntner).

For what it is worth, the current API keys implementation *appears* to be impersonal, i.e., my colleague can see the API keys I created and vice versa.

However, we can also see who created the keys in the first place. I did not test to see if all keys created by a specific user account would be removed if that user account is deleted or removed from the LIR account.

Tore

Previous message (by thread): [db-wg] API keys for database maintenance
Next message (by thread): [db-wg] API keys for database maintenance

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]