Edward Shryane wrote on 18/09/2024 17:39:
In addition to the existing alternatives, we also propose to introduce API keys linked to an SSO account to replace passwords, that is convenient and secure.
An API key is an auto-generated string associated with a user account that can be used to authenticate updates on behalf of that user. They are already widely used across the Internet, although by different names (e.g. GitHub Tokens, Google Application Passwords, AWS does use API keys, etc.). Other RIPE NCC services already make use of API keys, for example the LIR Portal and RIPE Atlas.
API keys would be good and it would be great to see them supported. That said, API keys are plain-text passwords, stored in plain-text on each side. They just happen to be a bit longer than login passwords, and can be implemented to have a more limited authorisation scope, that's all. So when you're implementing them, can you implement mandatory expiry periods, ala github? Nick