Dear Colleagues, To be consistent with the new organisation object's schema, we'd propose to change the schema of irt object in the following way: - Replace "irt-nfy:" with "ref-nfy:" attribute. The syntax and semantics do not change, only the name of the attribute changes. - Replace "auth:" with "mnt-ref:" attribute. Currently "auth:" attribute in irt object is used to authorise adding references to the irt object from other objects. Its syntax is the same as "auth:" attribute of mntner objects. The proposed "mnt-ref:" contains references to mntner objects, instead of directly specifying the auth methods. Thus, the proposed change adds one more redirection to mntner objects. Although the syntax of "mnt-ref:" is different than that of "auth:", its functionality is the same. With the proposed changes, the new schema of irt object would be: irt: [mandatory] [single] [primary/lookup key] remarks: [optional] [multiple] [ ] address: [mandatory] [multiple] [ ] phone: [optional] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [lookup key] signature: [mandatory] [multiple] [ ] encryption: [mandatory] [multiple] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] mnt-ref: [mandatory] [multiple] [ ] ref-nfy: [optional] [multiple] [inverse key] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] You can find the current irt object document at http://www.ripe.net/ripe/docs/irt-object.html Please let us know about your comments. Best regards, Engin Gunduz RIPE NCC Database Group On 2003-09-04 09:54:33 +0200, Ulrich Kiermayr wrote:
Shane Kerr wrote:
On 2003-09-04 09:22:56 +0200, Ulrich Kiermayr wrote:
Hi,
One thing (too early to think about all at once)
If we agree on this more generic solution, we could extend this behavior to other Objects that can be referenced as well. e.g. for mntner: itself. this would be a way tho prevent anyone
from putting my mntner ont oan object. (This would solve the issue
discussed in the context of the IRT Object - where the mntner of the object should be a proof of authenticity as well)
This idea is good by means of consistency, BUT it would be weaker than the auth: in the IRT, because there are only PGP keys allowed, whereas in a mntner anything is possible.
Actually, you can use any "auth:" type in the IRT (even NONE!!!). But don't do that. :-/
`,:-] hmm interesting, well then, it mnt-ref and auth are of the same quality in irt as well.
lG uk, who slowly starts to wake up :-) -- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network/Security Universitaetsstrasse 7, 1010 Wien, Austria
eMail: ulrich.kiermayr@univie.ac.at Tel: (+43 1) 4277 / 14104