[ncc-services-wg] [address-policy-wg] policy compliance dashboard

Hi,

If this was the db-wg, this could potentially be just a new NWI. :-)

If the problem statement is clear enough (and the fact many or most 
resource holders don't really follow-up on policy changes is a good 
kickstarter for me) this could be useful to have inside the LIR 
Portal -- provided only the RIR and the LIR itself has access to it.

I don't see this as something that would improve the status of LIRs that 
don't care, but something that may help the Registration Services.
And the "don't care" bit doesn't need to be linear. At some point, some 
of the LIRs will want to check if their compliance is 100%.

I'm also not sure if a new policy proposal is needed for this, if this is 
simply a tool, or a concept, we (ncc-services-wg) might request the NCC to 
consider building. We might also want to build on the experience of other 
RIRs, and even try to get a hold of "how much would it cost" to add this 
tool here too.

Regards,
Carlos




On Thu, 14 May 2020, JORDI PALET MARTINEZ via ncc-services-wg wrote:

> Hi Jim, Michele, Carlos,
>
> (responding all in a single email)
>
> What I'm saying is that not neccesarily *all* the bits in the other RIR proposal make sense here, but others may do. Many details may be already done by the RIPE NCC, others may be not.
>
> So the key idea is that when you enter your LIR portal, you can see a dhasboard your "policy compliance" status. Also, that when the tool detects something failing (in your case), automatically send you a notification.
>
> If you don't follow policy proposal development (many resource holders don't do), when a policy proposal changes an existing policy or there is a new policy and you many not be fulfilling that, at some point (when the NCC has the time to implement the policy and the automated verification), and in some cases, an automated verification will be automatically done and if there is any failure, you will get an alert.
>
> A bit longer explanation, but may be now is clearer?
>
> If a resource holder doesn't care, this is not "this" problem ... RSA issue, right?
>
> And yes, regarding the ARC question, this could be also implemented in such way that if something can't be automated, for example, requires filling in some data, the LIR can do and the dashboard, will "re-calculate" if it is correct or whatever. Of course we don't want to enter (as much as we can avoid) in procedural details. If some cases, it can create a ticket to the ARC team or whatever, if can't be done also in that semi-automated way.
>
> Regards,
> Jordi
> @jordipalet
>
>
>
> El 14/5/20 11:54, "Jim Reid" <jim at rfc1035.com> escribió:
>
>
>
>    > On 13 May 2020, at 21:42, JORDI PALET MARTINEZ via ncc-services-wg <ncc-services-wg at ripe.net> wrote:
>    >
>    > I've clearly explained in my email that it was basically a copy and paste from another RIR proposal, where they are missing things that in RIPE we have solved already. Thinks need to be read in context to make sense, and I think it makes sense to openly discuss ideas before coming into proposal, right?
>
>    This clarification helps a lot Jordi. Thanks.
>
>    However it doesn?t help in a good way from your PoV. If I understand you correctly, you?re promoting a policy proposal from another RIR which solves a problem we don?t have in RIPE because it?s already been fixed. Is that correct? If so, this doesn?t seem to be a sensible way to proceed or make policy.
>
>    If we are to openly discuss this idea any further, I think you need to start with a clear problem statement. What is it that you think needs fixing and how does this proposal from another RIR do that? It may well fix their problem(s). I don?t know or care about that. I?d like to know what RIPE problem(s) it fixes.
>
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
>
>
>
>
>