[dp-tf] Quadlogy of person proposals
Denis Walker denis at ripe.net
Thu Jun 14 13:41:19 CEST 2007
Manfredo Miserocchi wrote: > Denis, > > >> That is not going to work with the current database and business >> models. >> Also maintaining all data will not restrict data to members only. At >> the >> moment anyone can put data into the database. A student with nothing to >> do one afternoon can create person/mntner objects and enter all their >> friends details without permission. >> > > This is absolutely not safe and not compliant with our rules, before UE > rules. We cannot have a system like that in the future. Is the GM informed > about this hole ? > I agree that this is not safe from a data protection point of view. But this is not a 'hole'. This is fundamental to the way the RIPE Database was designed. It was built as an open, public database. Anyone can read it, anyone can write to it. To change that would require a major re-design. A work around will be in a later proposal on the regular cleanup process. We can't stop anyone from entering data into the database, but we can remove inappropriate data. My idea is to look for clusters of objects (person, role, mntner, key-cert, organisation) which form a self referencing group and have no connection to any operational data (like inetnum, route, etc). When such a cluster is recognised, delete the whole cluster of objects. This is possible, but also technically very difficult. It is outside the scope of the current set of proposals, but we do need to consider this as a follow on. cheers denis > > We have no contract with such a > >> student. In that case a clause in the database T&C requiring consent >> would cover it. >> >> We also have lots of PI space holders who have no contract with the >> RIPE >> > > Yes, correct. This is another issue. We should obtain the authorization > from the owner of the space. Or what else ? > > cheers > Manfredo > > > > > Si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il presente messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo ed a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie. > > You are hereby informed that this message contains confidential informations intended for the addressee's use only. If yu're not the addressee and have received this message by mistake, please delete it and immediately notify us. You may not copy or disseminate this message to anyone. Thank you. > > >
[ dp-tf Archives ]