[db-wg] Proposal about personalised authorisation
- Previous message (by thread): [db-wg] Proposal about personalised authorisation
- Next message (by thread): [db-wg] Proposal about personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Aleksi Suhonen
ripe-ml-2015 at ssd.axu.tm
Thu Apr 9 12:44:37 CEST 2015
Hello, I support this proposal in general. I have a few questions below. On 04/08/2015 11:07 AM, Tim Bruijnzeels wrote: > The RIPE NCC has discussed the concept of personalised authorisation > on various occasions, most recently at the DB WG session at RIPE 69. > Following discussions and input from the working group we would now > like to propose the following additions to the RIPE Database: > > = Extend the person object template with "auth:" as an optional, > multiple attribute, with all current authentication methods. > = Extend the mntner object "auth:" attribute with a new method that > allows a reference to a person object that has at least one "auth:" > attribute. What happens if the all auth: attributes are later removed from a referenced person object? I foresee a potential security default. > Allowing "auth:" attributes on person objects also allows us to make > it easier for users to manage their person object in the RIPE > Database in combination with their Single Sign-On (SSO) account on > RIPE NCC Access as a single identity. I find this idea very convenient. However, I've noticed that some people or some companies prefer to maintain several separate person objects for a single person in different roles. I can't say I approve of this practise entirely, but I suppose we should still have a stated policy of how these cases should be handled. Examples: * one SSO account can be coupled with multiple person objects * a person with multiple person objects should create multiple SSO accounts, if they all need to be coupled Yours, -- Aleksi Suhonen () ascii ribbon campaign /\ support plain text e-mail -- Aleksi Suhonen () ascii ribbon campaign /\ support plain text e-mail
- Previous message (by thread): [db-wg] Proposal about personalised authorisation
- Next message (by thread): [db-wg] Proposal about personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]