* denis walker via db-wg
> Just to clarify a point here. Are you suggesting that for all LIRs, all
> listed LIR (non-billing) administrators should be able to manage all the
> LIR's database objects that will all be maintained by this one 'magic' MNTNER
> object as "mnt-by:", "mnt-lower:", "mnt-routes"?
No, only that there should exist a method/functionality by which what
you are describing above could be accomplised.
Its use should not be made mandatory.
That is, assuming this functionality is implemented as Cynthia envisioned,
i.e., «auth: SSO-LIR cc.regid», then would be entirely optional to add
that attribute to the maintainer object(s) used by the LIR.
IFF it is added, however, then all the (non-billing) accounts associated
with the «cc.regid» LIR should be authorised to maintain any objects
where the maintainer object in question is included in the appropriate
«mnt{,-by,-lower,-routes}:» attribute.
This would be analogous to adding «auth: SSO b...@regid.cc» and
«auth: SSO al...@regid.cc» to the maintainer object(s), assuming those
RIPE NCC Access accounts are the only two on «cc.regid»'s user list.
Another way it could be implemented is that all LIRs will automatically
get such a «magic» NCC-managed maintainer object/handle which authorises
all the the LIR's user accounts. The LIR could then use this magic
maintainer handle in addition to, or in lieu of, regular self-managed
maintainer objects/handles in the «mnt{,-by,-lower,-routes}:» attributes
of its database objects. Or the LIR could opt to not use this magic
maintainer object/handle for anything at all, of course.
Does that clarify?
Tore
