Just want to put my 2 cents in, I do think that something like SSO <reg id> would be good but probably another DB auth scheme, like this: auth: SSO-LIR no.foobar I prefer this so that it is just clear that it is a different thing. Kind regards, Cynthia Revström On 2019-01-07 09:31, Tore Anderson via db-wg wrote:
* Aleksi Suhonen
On 03/12/2018 10:35, Tore Anderson via db-wg wrote:
So I was thinking: is this mandatory and error-prone duplication of work really necessary? Wouldn't it be possible to instead have some kind of magic mntner object that is is kept automatically up to date with «auth: SSO»-attributes for all the LIR user accounts? I second this idea. Perhaps this should be a different object type tho, to make it clear that editing the magic maintainer by hand will have undesired results. It should be interchangeable with normal maintainers of course, a bit like person objects and role objects are. Or maybe just expand the existing SSO attribute to accept a RegID. For example:
mntner: FOOBAR-MNT auth: SSO no.foobar
Which would allow maintenance by all registered user accounts in LIR no.foobar (except for accounts with the «billing» privilege level).
Do you want someone to co-author a PDP on this? I was hoping that a PDP wouldn't be necessary, to be honest. That is, if the NCC thought it was a good idea they could just go ahead and implement it. (If I recall correctly, the «auth: SSO» functionality was added without there being a community policy demanding it.)
That said, if you want to write a proposal to this effect I'd be happy to put my name on it.
Tore