Fwd: RE: Database security

> [ lengthy discussion from db-wg at ripe.net on the issue of exposing
>   contact information and descriptions deleted. ]

As an RPS WG geek I feel that the issue of how much personal contact
information to expose should not be decided in the WG.  (I don't
expect any argument from the ripe community on that point. :)

In order to facilitate local decision on how to protect the people and
role objects, I'd like to make a proposal that would allow for
standardization of the exchange between repositories but also make the
decision as to how much data to expose an entirely local decision.

The people and role objects would *NOT* be redisributed in the the
distributed registry model.  They are not needed to configure routers.
The need to get people or role information is an exception that can be
handled by contacting the authoritative registry (query instructions
would be found using the repository objects in the registry itself).
Each registry would be free to impose any restrictions that they felt
their clients favor and change them since the restrictions would be
implemented solely in the query interface.

Part of the db-wg discussion suggested that the descr attribute should
be restricted.  This would be ineffective if the descr had to be
included in the flooded information in order to keep the signature on
the submission accurate.  If it is desirable to have similar local
control over access to the description information, then a new
"identity" object should be created.  The descr can still be placed
inline for backward compatibility.  Alternately a reference to an
identity object can be placed in any object that now allows a descr.
The reference can be called "detail" just to be different from descr.
[Please separate arguments about the proposal from arguments about the
choice of the names "identity" and "detail".]

If we decide to do an identity object, the identity object should
*NOT* be flooded just as the person and role objects are not flooded.
Decisions on whether and how to restrict access to person, role, and
identity would be registry local decisions and could be changed by any
one registry as they felt it neccesary to do so.

Do we have agreement on:

  1.  don't flood person and role objects (needs to be in rps-dist).

  2.  add a "identity" object and "detail" attribute (if so, should be
      added to rpsl-v2 before last call ends).  Not flooding identity
      should be mentioned in rps-dist.

  3.  the names "identity" and "detail" are resonable choices.

Please feel free to continue your argument (on db-wg not rps :) about
how RIPE will protect the and person and role objects, and the descr
(as an identity object if you decide to protect it).  As long as we
can make this a registry local decision RPS need not be involved.

Thanks.

Curtis