Joachim, thank you for starting the discussion. Here are my 2 cents worth. I firmly believe that authorisation in the database should follow authority in the real world. In practise the administrator of an AS has the exclusive autority which routes to originate. Therefore the authorisation to create route objects should be linkt to the aut-num object referred to in the origin attribute of the route object to be created and nothing else. This can be implemented by defining the mnt-lower attribute of the aut-num object to control all such route creations. It has been noted that it would be useful to involve the user of the address space covered by the route somehow as well. I believe that a notification scheme would be sufficient here. Authorisation is not necessary. I have not thought out a hierarchical notification scheme. Here are a few things to consider: - Notification should only occur if requested by an attribute in the object which is hierarchically higher. - one might consider to make notification of overlapping *routes* without request, but the conditions should be well specified. - route creation notification should be possible for both other routes covering the same address space and inetnums covering that address space. - the creator of the route should be notified of the notifications as well, so that he can also take the initiative to coordinate So far my 0.02s worth. I would be interested to hear what people with complex ASes think about this. Daniel