then we can get even more flexible if the LIR portal allows you to define set names for lists of SSO auths. So instead of just flagging a contact to be included in 'the' list of expanded SSO auths, you can add a csl of list names in the portal. Then you can have all your contacts defined in any combination of multiple lists that you choose.

eg,

Person 1 | List1,List3

Person 2 | List1

Person 3 | List2

Person 4 | List1, List2

Person 5 | List3

then define the new auth as

auth: SSO-LIR no.foobar.List3

which will be automatically expanded to those contacts defined as being in List3

cheers

denis

co-chair DB-WG

(Piotr we seem to be thinking along the same lines, each time I type something I see you have just posted the same idea just before me :) )

From: Cynthia Revström via db-wg <db-wg@ripe.net>
To: Nick Hilliard <nick@foobar.org>
Cc: db-wg@ripe.net
Sent: Monday, 7 January 2019, 12:37
Subject: Re: [db-wg] Idea: magic mntner for all LIR contacts

(sorry I am really failing at this today, re-sent due to sending it to
Nick by accident the first time)

Well yes, but I think this feature could be aimed at smaller LIRs with
this simple need and larger LIRs with other needs will have to do it the
current way with multiple auth SSO attributes.

Kind regards,
Cynthia Revström

On 2019-01-07 12:34, Nick Hilliard wrote:
> Cynthia Revström via db-wg wrote on 07/01/2019 11:31:
>> I do like this idea with a checkbox, it gives flexibility while still
>> achieving the goal.
>
> it will work until the point that your LIR is large enough that you
> need segmented / group access control for your DB objects. Then it
> will break.
>
> Nick
>