automatic DB cleanup proposal (v2)
Dear Colleagues, This is a slightly modified version of Ulf Kieber's proposal based now on metadata concept (please see "Object Metadata" proposal on the list next to this one). Your comments and suggestions are welcome. Thanks, Andrei Robachevsky RIPE NCC ----------------------------------------------------- Automatic DB Cleanup proposal ============================= Motivation ---------- In the light of data privacy issues raised by governmental organizations and in RIPE Database Working Group sessions during RIPE-39 and RIPE-40, as well as following the Great Dangling Person Objects Deletion after de.* ccTLD move-out it is necessary to implement an automized garbage collection procedure to remove personal data that is unreferenced for a certain amount of time. Proposed Change --------------- Four meta-attibutes "update-time:", "ref-time:", "ref-count:" and "expire-time:" should be maintained and used for this purpose (*). The values of these meta-attributes would be a modification timestamp, reference counter modification timestamp, reference counter and object expiration time (if applicable) respectively. The reference counter would contain the number of objects still refering to this object, and thus be similar to the link counter of an inode in a UNIX file system. The modification timestamp would be updated whenever the object is updated. The reference counter modification timestamp would be updated whenever link counter changes. The analogy in the UNIX file system would be sort of mtime and ctime. The expiration time will be updated for person and role object only. For other object types it will be emplty meaning "not set". The expiration time will be updated whenever link counter reaches zero or changes from zero to a positive value. In the first case the expiration time will be calculated by adding the expiration period to the time when this event occured. In the second case the expiration time will be unset (empty value). A garbage collection process running on a periodic basis should then generate a deletion update (transaction) overriding authorization checks (**) for all person and role objects that reached their expiration time. The expiration period is to be discussed and agreed upon in the community. The initial proposal is 90 days. Explicit generation of an update (transaction) is needed for tracking/debugging purposes. (*) Please see the "Object Metadata" proposal. (**) Overriding authorization allows deletion of a maintained object to be performed. Respective maintainers will be notified. Overriding authorization still doesn't allow deletion of a referenced object.
participants (1)
-
Andrei Robachevsky