[db-wg] Personalised authorisation
- Previous message (by thread): [db-wg] Personalised authorisation
- Next message (by thread): [db-wg] Personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tim Bruijnzeels
tim at ripe.net
Thu Jun 18 15:38:17 CEST 2015
Hi Sacha, > On 17 Jun 2015, at 18:06, Sascha Luck [ml] <dbwg at c4inet.net> wrote: > > Hi Alex, > >> Our current proposal allows authorisation on person objects for >> those who want it, through maintainer objects > > Does this mean that calling a maintained object will spit out a > reference to a mntner: object Yes, that's unchanged. The mnt-* attributes are in the object output. > which will spit out a ton of references to person: objects which are authorised to make > changes on the original object? No, our idea was that the "auth:" attributes referencing persons would be filtered for unauthorised users. Just like we filter SSO emails and MD5 hashes today. Only *authorised* users would be able to see this, i.e. a user who is logged into web updates and who is authorised for this maintainer (i.e. has their SSO on this maintainer, or on a person object authorised for this maintainer). Similarly we would filter "auth:" attributes for person objects, unless the user looking at this is authorised. Typically that would be a user looking at their own credentials. Cheers Tim
- Previous message (by thread): [db-wg] Personalised authorisation
- Next message (by thread): [db-wg] Personalised authorisation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]