[routing-wg] Route object creation authorization
- Previous message (by thread): [routing-wg] Route object creation authorization
- Next message (by thread): [routing-wg] Route object creation authorization
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Havard Eidnes
he at uninett.no
Tue Apr 16 09:48:55 CEST 2019
Hi, Denis, thanks for your follow-up. > Firstly the 'forced delete' has nothing to do with the LIR > portal. It is also indifferent to the authentication option you > use (signed email, password, SSO). If you are the holder of an > allocation or PI assignment then you can delete a ROUTE object > for your resource or any more specific range using the MNTNER > authentication on the resource object. OK, so a "forced delete" is just a normal "delete" operation? Not sure then why it deserves the "forced" tag... > Why is authorisation still needed from a ROUTE object? I don't > know much about how you guys structure your routing, but purely > from the Database rules I can suggest this possible scenario > (although it may not apply in practise). Suppose an LIR makes a > sub-allocation to another organisation, but the LIR routes the > whole of their allocation including the sub-allocation. The > organisation holding the sub-allocation cannot choose to route > their sub-allocation without the consent of the LIR as to > create such a ROUTE object would need to be authorised by the > LIR's ROUTE object covering the whole allocation. That's normally what happens with PA address blocks. However, I still don't understand why authorization via an existing route object would be needed in that case -- all that would be needed to express the stated restriction is either mnt-lower or mnt-routes attributes in the enclosing address space object (inet{,6}num), which is typically held and maintained by the LIR. Best regards, - Håvard
- Previous message (by thread): [routing-wg] Route object creation authorization
- Next message (by thread): [routing-wg] Route object creation authorization
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]