Dear Anders, Thank you for your comments about SSO. I will answer each in turn. a) You are correct about the appendix. We updated section '2.8.1 Authorisation Model' which has the same table as in the Appendix. We will update the Appendix in the next release. In future documentation we will avoid having identical information duplicated in multiple parts of the same document. b) For security reasons we consider the SSO username in the same way as an MD5 password hash. So this is only available in an authenticated way. As we don't yet have authenticated queries it can only be handled by Webupdates. c) Currently there is no “neat” way of authenticating against the RIPE Database RESTful API using your Access SSO account. This kind of authentication actually spans all of the RIPE NCC services that use SSO and provide a REST API. These include the LIR Portal services like the IP Analyser, but also RIPEstat and RIPE Atlas. We could solve this in several ways, for example by providing each RIPE NCC Access account with a unique API access token (thereby tying the authentication to an individual), or by allowing you to set up a "service account", such as OAuth2, that authorises your application to access a certain RIPE NCC API. We’d be quite interested to hear about your use cases, in order to make sure we choose the right implementation. Regards Denis Walker Business Analyst RIPE NCC Database Team On 04/04/2014 15:48, Anders Mundt Due wrote:
On 26 Mar, Johan Åhlén wrote:
Dear Piotr,
Thanks for pointing out the version mismatches, we’ll update the manuals ASAP.
As mentioned earlier we’re currently in the process of improving the documentation. We’re doing this in two phases, first we'll improve our Three quick question regarding SSO..
a) I don't see 'SSO' mentioned in the appendix on page 46/47 of the pdf version, shouldn't it be there ?
b) if I've added 'sso' auth to a mntner object, can I then only get the unfiltered version by going through the webupdater ?
c) is there some "neat" way of sending authentication information to the API and will it use it and in that way let me reach protected elements ? (such as, the auth sso..) (will simple http auth do this?)
/Anders