[db-wg] Idea: magic mntner for all LIR contacts
- Previous message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
- Next message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cynthia Revström
me at cynthia.re
Mon Jan 7 11:53:58 CET 2019
I think the point of this maintainer issue was that if you removed someone from the LIR auth list, they would also get removed from the DB maintainer. I don't think that SSO-LIR should be the standard, but it should be an option in my opinion. Because while what you are describing could be an issue, I think it could be a bigger issue to forget to remove someone from the SSO in the maintainer. Kind regards, Cynthia Revström On 2019-01-07 11:48, Nick Hilliard wrote: > Cynthia Revström via db-wg wrote on 07/01/2019 10:27: >> I think the current main suggestion is to add a new DB auth scheme, >> such as "auth: SSO-LIR no.foobar" that includes all the SSO accounts >> linked to the LIR except for Billing accounts. > > Denis is just pointing out that it may not be advisable to statically > tie this into a potentially inflexible mechanism like the main LIR > authentication list. You can be guaranteed that if this were done, > someone would come along with a credible reason to have a LIR account > with admin control over portal stuff, but not direct DB control of a > specific object or set of objects. > > One possible option to work around this limitation would be to create > a new db object type, "sso-set", which could contain a list of SSO > account names, e.g.: > > sso-set: FOOBAR1-RIPE > descr: List of SSO tokens for no.foobar > members: foo at example.com > members: bar at example.org > mnt-by: TBD1-RIPE > source: RIPE > > Each LIR would be able to define sso-sets with arbitrary contents and > tie them to objects, e.g. like this: > > auth: SSO-SET FOOBAR1-RIPE > > There would need to be some thought put into how to handle mnt-by: for > the sso-set object (quis custodiet ipsos custodes)? > > Nick >
- Previous message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
- Next message (by thread): [db-wg] Idea: magic mntner for all LIR contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]