[db-wg] The New "organisation object" Proposal
- Previous message (by thread): [ncc-services-wg] Re: [db-wg] The New "organisation object" Proposal
- Next message (by thread): [db-wg] The New "organisation object" Proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ulrich Kiermayr
ulrich.kiermayr at univie.ac.at
Wed Sep 3 16:12:49 CEST 2003
Hello, > "org:" > > [ .... ] UNSPECIFIED" values. It is optional in all other objects, > and it is single valued in all objects. This Restriction may be reasonable for 'ressources' but for persons/roles beeing single does not make sense to me, because a person can belong to more than one organisations. if it was single I'd have to duplicate the object just to reflect that. > 4. Authorisation checks ---------------------------------- > > When modifying an organisation object the update must pass > authorisation checks specified by one of the mntners listed in the > "mnt-by:" attributes of the organisation object. > > When adding an "org:" attribute to an object, the update of the > object should pass the following authorisation checks: > > - from one of the maintainers of the organisation object Ihis might be problematic as well, because. There are situations where an organisation is not maintaining it's own org-object (e.g. LIR-Organisations). So if I want to reference the object in the new staff-member's person object, i'd have to go to whoever maintains the org-object. In that case the Ripe-NCC (could not chech wether this person really belongs to my organisation)[1], therefore they would just say yes (or no?) so the idea would be to seperate the reference authorisation from the object-maintainer. Like in the irt-object one could introduce an 'auth:' attribute to check the tagging. Apart from that it sounds confusing to me to introduce different behavouurs for simmilar things (reference irt: compared to reference org:) > - from one of the maintainers of the object being updated btw. speaking of irt-objects: might we want to think about adding the mnt-irt: to the organisation as well (reflecting a different constituency model: being responsible for an organisation as compared to being responsible for a ressource). i hope this makes sense lG uk [1] Or do we want the NCC to perform these checks?! -- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network/Security Universitaetsstrasse 7, 1010 Wien, Austria eMail: ulrich.kiermayr at univie.ac.at Tel: (+43 1) 4277 / 14104 Fax: (+43 1) 4277 / 9140
- Previous message (by thread): [ncc-services-wg] Re: [db-wg] The New "organisation object" Proposal
- Next message (by thread): [db-wg] The New "organisation object" Proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]