Hello, I would like to open discussion related to "Action Required: Contractual Relationship for Independent Resource Assignments" emails, that almost all LIRs received from RIPE NCC in the past. I have some notes from perspective of small LIR (or from perspective of person helping running multiple small LIRs). My first note points to system in general. Although RIPE NCC has many required informations in own existing databases already, it requires additional action from LIR in general. Typical small LIR has one or more PA allocations and exactly _one_ autonomous system registered. In RIPE database, there are records matching allocated PA prefix and ASN (route objects with proper origin AS and related inetnum objects, many ASNs has paired LIRs org: in aut-num object). In addition, RIS service (with history!) can be used for verification of these informations obtained automatically from database. For incomprehensible reason, RIPE NCC doesn't use these informations at all and instead of this abuses ALL LIRs with submiting simple form with exactly one record within it. I thing RIPE RCC has enough resources (financial and human) to do that automatically. My second note points to implementation of this new tool. I discovered, that I'm not able to "new" tool used for confirmation. I'm using PKI login feature and I have one identity paired with more LIRs. Although I'm able login to the LIR portal and modify everything I need with my certificate, I'm _NOT_ able to update informations on "Independent Resources" page. The main reason is, that RIPE NCC created new and separated (!) tool instead of simple integration of new feature/functionality to existing LIR portal. So, instead of reusing existing code used for LIR portal authentication, new outside code was developed for this new tool. And this new code doesn't implement all authentication features from LIR portal. In my point of view, this is quite unprofessional approach of modern application development. Aplications should be multi-layer, allowing easy new feature implementation. I reported this issue to RIPE NCC on friday last week, but first "answer" I received yesterday from RIPE NCC was initiation of audit in one LIR. Just fortuitous event? I don't believe. I have no problems with audit itself, I have all records, but this takes some additional time (and of course, money). Just because I claimed some problems to RIPE NCC staff due to problematic internal _implementation_ of new policy. Ok, I would like to open public discussions about this problem. There are some questions to answer and discuss: * why RIPE NCC just doesn't use informations from RIPE database in case of their availability and verifiability, why abuses small LIRs instead * why aren't RIS data used for automatic obtaining of requested informations, where this can be applicable * why RIPE NCC didn't integrate "confirmation" tool to existing LIR portal and why new outside application with _limited_ functionality was developed instead of reusing of existing code and functionality * what architecture is used for LIR portal in general, can be there easily implemented new features Of course, I understand, that there are large LIRs and some historic mess, where this action may be required due to lack of records in existing databases. But, I think this is NOT a case of LIRs started in past couple of years, where all required data should be available. With regards, Daniel