* Cynthia Revström via db-wg
Hello,
On 2019-04-09 12:58, Tore Anderson via db-wg wrote:
«This authentication group can be referenced directly in mnt-*: attributes in database objects, or if that is not feasible, as a new authentication method in MNTNER objects.»
AFAIK, mnt-* (mnt-by, lower, etc) defines what you are authorized to do, not how you are authorized. Authentication mechanisms defines how you are authorized. So to me a new auth method would make more sense.
Hi Cynthia, The point here is simply to get rid of the need to always create «proxy» MNTNER objects. That is, instead of needing this: ###### inet6num: 2001:db8::/32 mnt-lower: MNT-MYLIR mnt-routes: MNT-MYLIR-ROUTES --> mntner: MNT-MYLIR auth: LIRPORTAL eu.mylir + mntner: MNT-MYLIR-ROUTES auth: LIRPORTAL eu.mylir/routes --> http://lirportal.ripe.net user: alice@mylir.eu user: bob@mylir.eu (member of group «routes») ###### The LIR could make do with something like this: ###### inet6num: 2001:db8::/32 mnt-lower: LIRPORTAL-eu.mylir mnt-routes: LIRPORTAL-eu.mylir/routes --> http://lirportal.ripe.net user: alice@mylir.eu user: bob@mylir.eu (member of group «routes») ###### The two mntner objects in the first example serve no real purpose, except to cause extra work and require LIR hostmasters to learn a concept they have no need for. Tore