<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="+1"><tt>Hi Shane<br>
<br>
</tt></font><br>
<div class="moz-cite-prefix">On 18/05/2015 14:43, Shane Kerr wrote:<br>
</div>
<blockquote cite="mid:20150518124337.2af6e2b6@casual" type="cite">
<pre wrap="">Tim, Denis, other database folks,
On Sat, 16 May 2015 16:46:44 +0200
Tim Bruijnzeels <a class="moz-txt-link-rfc2396E" href="mailto:tim@ripe.net"><tim@ripe.net></a> wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">The basic idea was to allow authorisation tokens in PERSON objects,
</pre>
</blockquote>
<pre wrap="">
Yes, the important point here is that the credentials are on PERSONs,
rather than in one anonymous blob that is today's MNTNER.
</pre>
</blockquote>
<pre wrap="">
Basically, I think of PERSON objects as reflecting contact information
about someone in the real world. This has nothing to do with database
administration.
ROLE objects are a handy layer of indirection so that you can
substitute a job function any place you need contact information.
Again, nothing to do with database administration.</pre>
</blockquote>
<br>
<br>
I think it is a question of mindset here. You are thinking of the
ROLE object in the context it has been implemented within the RIPE
Database. Right now it is only used for contacts. As a long
established and experienced user of the DB that makes sense to you.
It is how you have always seen it and used it.<br>
<br>
But think about the definition of the word 'role'. "
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<span class="st">A prescribed or expected behavior associated with a
particular position or status in a group or organization." "</span>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Jobs or positions that have a specific set of expectations attached
to them." So in an organisation, if a group of people carry out a
shared or common task, they collectively fulfil a role.<br>
<br>
When you talk to newbies to the database this is how they tend to
think. When they say "we maintain the data" they are actually
thinking about a group of people tasked to perform this action
collectively....that is a role. This is why it takes so long on the
DB training course to teach newbies how to set up a person and
maintainer. You have to first sweep away their natural thoughts and
then re-educate them into the ways of the MNTNER object.<br>
<br>
cheers<br>
denis<br>
<br>
<br>
<blockquote cite="mid:20150518124337.2af6e2b6@casual" type="cite">
<pre wrap="">
MNTNER objects are the equivalent of a website login. They are a way to
authenticate yourself to the database as a database user. They have
nothing to do with contact information.
----
This seems pretty straightforward, but it does seem to confuse
everyone. Possibly the confusion comes from the name? "Maintainer"
doesn't really scream "this is how I authenticate myself, and what
authorizations are attached to".
I guess I'm fine with adding new authorization mechanisms to the
database... compared to our existing mechanisms it doesn't make
anything less secure. I do worry about it increasing the confusion
rather than making things more straightforward though. :(
Cheers,
--
Shane
</pre>
</blockquote>
<br>
</body>
</html>