mntner object updates by mail
Dear DB WG members, there currently exists a somewhat tricky deadlock situation in updating mntner objects. Envision the following object: mntner: XOO-MNT admin-c: XOO-RIPE upd-to: kieber@xoo.net auth: PGPKEY-B490673F # Ulf Kieber auth: PGPKEY-XXXXXXXX # Somebody Else mnt-by: XOO-MNT source: RIPE Now, XOO is a large, distributed organisation and Someone Else eventually starts adding a bunch of auth: SSO # Filtered None of those SSO accounts is certainly mine. How am I going to update this mntner object without removing those SSO accounts? The issue here is: There is no way of retrieving the SSO account information from the mntner object without an SSO auth on it. Proposal: Add a way to retrieve mntner objects from the DB by encrypted mail (public key PGPKEY-B490673F is already in the database). PS: Mail updates may seem arcane to some, but I've done registry mergers of some 20000 object registries pretty fast that way. Regards, -- Ulf Kieber
On Dec 21, Ulf Kieber <kieber@xoo.net> wrote:
The issue here is: There is no way of retrieving the SSO account information from the mntner object without an SSO auth on it.
Proposal: Add a way to retrieve mntner objects from the DB by encrypted mail (public key PGPKEY-B490673F is already in the database). Seconded.
-- ciao, Marco
So, in effect, we would have a way to do authenticated queries via email. Not something one would wish for. Mail updates have 2 reasons to exist: - massive, bulk updates that would otherwise take too long to execute; - fire & forget, just send in the update and it would get processed eventually no matter what. In the age of REST APIs, neither of the above stands anymore. Currently mailupdates is kept as a fallback and/or legacy interface. I think what you really want is being able to authenticate via REST API, so that you would be able to query and update your own objects without any kind of dummification or accounting process. Maybe even be able to use an APIKEY over https for a simple way of authentication? I'd definitely second this proposal. Cheers, Agoston On Fri, Dec 30, 2016 at 11:34 PM, Marco d'Itri <md@linux.it> wrote:
On Dec 21, Ulf Kieber <kieber@xoo.net> wrote:
The issue here is: There is no way of retrieving the SSO account information from the mntner object without an SSO auth on it.
Proposal: Add a way to retrieve mntner objects from the DB by encrypted mail (public key PGPKEY-B490673F is already in the database). Seconded.
-- ciao, Marco
Dear working group, Regarding this:
On 01 Jan 2017, at 18:02, Horváth Ágoston János <horvath.agoston@gmail.com> wrote:
I think what you really want is being able to authenticate via REST API, so that you would be able to query and update your own objects without any kind of dummification or accounting process. Maybe even be able to use an APIKEY over https for a simple way of authentication?
There is work being done in the IETF on using OpenID Connect (which is based on OAuth v2) for authenticated queries in RDAP: https://tools.ietf.org/html/draft-hollenbeck-regext-rdap-openid-02 The primary use case for this draft is to allow users of a Web UI to do authenticated queries against RDAP back-ends, e.g. allowing them to see more details (which in our case could include the MNTNER auth attributes). However, it can also be leveraged by scripts (section 5). I believe that it would be useful to look at this as an option for authenticated queries, as well as updates, on the REST API. Kind regards Tim Bruijnzeels
participants (4)
-
Horváth Ágoston János
-
md@Linux.IT
-
Tim Bruijnzeels
-
Ulf Kieber