Just want to put my 2 cents in,
I do think that something like SSO <reg id> would be good but probably
another DB auth scheme, like this:
auth: SSO-LIR no.foobar
I prefer this so that it is just clear that it is a different thing.
Kind regards,
Cynthia Revström
On 2019-01-07 09:31, Tore Anderson via db-wg wrote:
* Aleksi Suhonen
On 03/12/2018 10:35, Tore Anderson via db-wg wrote:
So I was thinking: is this mandatory and error-prone duplication of work
really necessary? Wouldn't it be possible to instead have some kind of
magic mntner object that is is kept automatically up to date with «auth:
SSO»-attributes for all the LIR user accounts?
I second this idea. Perhaps this should be a different object type tho, to make
it clear that editing the magic maintainer by hand will have undesired results.
It should be interchangeable with normal maintainers of course, a bit like
person objects and role objects are.
Or maybe just expand the existing SSO attribute to accept a RegID. For
example:
mntner: FOOBAR-MNT
auth: SSO no.foobar
Which would allow maintenance by all registered user accounts in LIR
no.foobar (except for accounts with the «billing» privilege level).
Do you want someone to co-author a PDP on this?
I was hoping that a PDP wouldn't be necessary, to be honest. That is, if
the NCC thought it was a good idea they could just go ahead and implement
it. (If I recall correctly, the «auth: SSO» functionality was added
without there being a community policy demanding it.)
That said, if you want to write a proposal to this effect I'd be happy to
put my name on it.
Tore
