Dear colleagues, let's start with a very easy thing near to solution with hierarchical authorisation for route objects: the relation to aut-num objects. A route object references several other objects. Important to us are the references to the maintainer and the aut-num object (both are mandatory attributes of the route object): route: [mandatory] [single] descr: [mandatory] [multiple] origin: [mandatory] [single] ----> points to aut-num object ... mnt-by: [mandatory] [multiple] ----> points to mntner object changed: [mandatory] [multiple] source: [mandatory] [single] The aut-num object also contains a mandatory reference to a maintainer object. Up to now, the maintainers referenced in route object and aut-num object of same origin need not be the same. For hierarchical authorisation it would be nice to introduce a "mnt-lower" attribute in the aut-num object defining which maintainers may create route objects for the AS of the corresponding aut-num object. This allows control of one AS which parties may generate route objects with its origin. We already had consensus in the wg session that this is needed but did not yet decide precisely how to do it. The idea of using a "mnt-lower" attribute came up and I think it is easiest to implement. If there are no objections I will hand on the above proposal for imple- mentation in the database software in two weeks. For further reference read/attack/tear apart/abuse the compilation at http://www.ripe.net/wg/routing/haro-d.html Regards Joachim _____________________________________________________________________________ Dr. Joachim Schmitz schmitz@noc.dfn.de DFN Network Operation Center Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice Allmandring 30 ++ 711 678 8363 FAX D-70550 Stuttgart FRG (Germany) _____________________________________________________________________________