Dear colleagues,
yes, it is me again ;-) asking for comments on another element of
hierarchical authorisation for route objects:
The idea is to use a prefix based hierarchical scheme just as it is used
for inetnum objects. However, it turned out that there are several
difficulties in it. So, to get started the consensus at the wg session
was: *not* to enforce a prefix based hierarchical scheme until these
difficulties are solved, but instead generate notifications only.
There are several proposals out there for notifications
- to notify only if it is requested (by adding "notify" attributes
to objects)
- to leave inetnum objects out for the time being until their relation
to route objects is clearly defined
- notifications should only be done for creation of route objects
not for changes or deletions (to prevent mail floods)
- probably, the creator of route objects should also be notified of
notifications for coordination purposes
What are your feelings about this? Yes, no, maybe, missing items?
Your comments are welcome!
For further reference read/attack/tear apart/abuse the compilation at
http://www.ripe.net/wg/routing/haro-d.html
Regards
Joachim
_____________________________________________________________________________
Dr. Joachim Schmitz schmitz(a)noc.dfn.de
DFN Network Operation Center
Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice
Allmandring 30 ++ 711 678 8363 FAX
D-70550 Stuttgart FRG (Germany)
_____________________________________________________________________________
Dear colleagues,
let's start with a very easy thing near to solution with hierarchical
authorisation for route objects: the relation to aut-num objects.
A route object references several other objects. Important to us are
the references to the maintainer and the aut-num object (both are
mandatory attributes of the route object):
route: [mandatory] [single]
descr: [mandatory] [multiple]
origin: [mandatory] [single] ----> points to aut-num object
...
mnt-by: [mandatory] [multiple] ----> points to mntner object
changed: [mandatory] [multiple]
source: [mandatory] [single]
The aut-num object also contains a mandatory reference to a maintainer
object. Up to now, the maintainers referenced in route object and aut-num
object of same origin need not be the same.
For hierarchical authorisation it would be nice to introduce a "mnt-lower"
attribute in the aut-num object defining which maintainers may create
route objects for the AS of the corresponding aut-num object. This allows
control of one AS which parties may generate route objects with its origin.
We already had consensus in the wg session that this is needed but did
not yet decide precisely how to do it. The idea of using a "mnt-lower"
attribute came up and I think it is easiest to implement.
If there are no objections I will hand on the above proposal for imple-
mentation in the database software in two weeks.
For further reference read/attack/tear apart/abuse the compilation at
http://www.ripe.net/wg/routing/haro-d.html
Regards
Joachim
_____________________________________________________________________________
Dr. Joachim Schmitz schmitz(a)noc.dfn.de
DFN Network Operation Center
Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice
Allmandring 30 ++ 711 678 8363 FAX
D-70550 Stuttgart FRG (Germany)
_____________________________________________________________________________
1
0
haro...
by Schmitz@RUS.Uni-Stuttgart.DE
14 Feb '97
14 Feb '97
Dear colleagues,
at the routing wg we continue to discuss hierarchical authorisation
for route objects. Since there are several issues involved related
to the database and its implementation you are welcome to partici-
pate in the discussion (we try to keep the database wg mailing list
in the Cc).
To make it easier to keep track of the discussion I compiled the
current state in http://www.ripe.net/wg/routing/haro-d.html and
will keep it updated in (more or less) regular intervals. Your
comments are welcome.
Regards
Joachim
_____________________________________________________________________________
Dr. Joachim Schmitz schmitz(a)noc.dfn.de
DFN Network Operation Center
Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice
Allmandring 30 ++ 711 678 8363 FAX
D-70550 Stuttgart FRG (Germany)
_____________________________________________________________________________