Hi, On 2019-04-10 13:14, Tim Bruijnzeels via db-wg wrote:
Hi,
auth-sso contains an identifier of an RIPE NCC Access SSO account. Actual details such as the email address and password are not stored in the RIPE DB.
To me it would make sense to have a similar approach for API Tokens. Have some identifier that is kept on the MNTNER object, but store the actual sensitive data in a separate system. This would also allow future flexibility regarding which hashing and/or encryption to use. Essentially this would be an implementation detail that the RIPE NCC can look at, but which would not affect the whois as such.
Tim
Well there are 2 issues that I can see with this immediately, 1. as Denis has already mentioned a few months ago, the DB can not depend on the LIR portal being up due to it having less uptime. 2. What about people using the RIPE DB but are not LIRs, such as people/companies with PI resources? I don't really see a way to get around issue 1. Unless we are considering doing something like signed API messages, via PGP or something. - Cynthia