Send ARIN-consult mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.arin.net/mailman/listinfo/arin-consult
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ARIN-consult digest..."
Today's Topics:
1. NOW CLOSED ? Consultation on API Key Handling (ARIN)
2. Re: Consultation on ARIN Online Change Notifications
(Dale W. Carder)
3. Re: Consultation on ARIN Online Change Notifications
(David Farmer)
----------------------------------------------------------------------
Message: 1
Date: Wed, 04 Sep 2024 13:36:19 -0400
From: ARIN <[email protected]>
To: <[email protected]>
Subject: [ARIN-consult] NOW CLOSED ? Consultation on API Key Handling
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
>From 8 August to 23 August, ARIN held a Consultation
>(https://www.arin.net/participate/community/acsp/consultations/2024/2024-3/)
>seeking feedback from the community on a potential improvement to increase the
>security for Application Programming Interface (API) key handling,
>specifically allowing the option to pass API keys in the header of a Restful
>Payload, and to use IP address range bounding to limit the validity of an API
>key. The benefit of this potential improvement is that it would give users
>options to make their API keys more secure and bring ARIN in line with best
>practices for API key handling.
After reviewing and discussing the comments received during the consultation,
ARIN plans to add the option to pass the API key in the header of a RESTful
payload. We will also investigate and scope the work needed to allow for IP
address range bounding, noting that this feature should be available under
Organization management tools to be managed by Admin or Tech Contacts. Both
improvements will be queued for inclusion in the development roadmap.
ARIN thanks those who provided valuable feedback on this consultation. We rely
on this input from our members and community to help steer the organization as
we continue our mission in support of the operation and growth of the Internet.
Regards,
John Curran
President and CEO
American Registry for Internet Numbers (ARIN)
------------------------------
Message: 2
Date: Wed, 4 Sep 2024 13:07:41 -0500
From: "Dale W. Carder" <[email protected]>
To: ARIN <[email protected]>
Cc: [email protected]
Subject: Re: [ARIN-consult] Consultation on ARIN Online Change
Notifications
Message-ID: <[email protected]>
Content-Type: text/plain; charset=iso-8859-1
Thus spake ARIN ([email protected]) on Mon, Aug 26, 2024 at 11:19:33AM -0400:
> ARIN is seeking feedback from the community on a potential improvement
> (https://www.arin.net/participate/community/acsp/consultations/2024/2024-4/),
> suggested by a community member, that ARIN create a modern mechanism that
> allows resource holders to be notified of any changes to resources or
> accounts they manage.
>
> The stated benefit of this potential improvement is that it would allow
> greater control over valuable resources and increase the accuracy of ARIN?s
> database.
There would be additional security and change-management benefits
as well, as I see was somewhat outlined as motivating factors in
ACSP 2024.11.
> We have identified two options to create these notifications:
>
> Email - The least "modern" option, but this would be consistent with other
> ARIN notifications, and mirrors what is available through the other Regional
> Internet Registries (RIRs). This would take approximately three months to
> develop once work is scheduled.
This also mirrors what is available from some non-authoritative IRR
offerings as well.
I agree email is hardly modern, but it may be the current state of affairs
that NOC operations / security / abuse / hostmaster type stuff is already
used to handling and for which processes already exist or could be
easily developed.
Like those roles above which are often separate at some Orgs, this new
email notification type should allow specification of an individual or
role that might be dedicated for this use. For example, we might set up
an email role where on our end that would go into a dedicated ticket queue
which would minimally log such actions from a change management
perspective or potentially be reviewed / trigger a security audit.
> REST endpoint - ARIN can define a REST endpoint, and customers would have to
> develop/deploy and then provide us the URL to send notifications to. This
> would take approximately six months to develop once work is scheduled.
This does sound modern! I would not want to discount those who have the
operations scale and capability to make use of it. For Orgs not of that
scale, unless this was a capability already baked into shrinkwrap
operations offerings I would doubt folks would realistically develop and
support this in-house.
> These options vary in complexity to develop, and the level of effort required
> for customer adoption. We are interested in community feedback on the value
> of a change notification feature and thoughts on the possible delivery
> methods described or others you may suggest.
>
> Please provide comments to [email protected]. You can subscribe to this
> mailing list at https://lists.arin.net/mailman/listinfo/arin-consult
>
> This consultation will remain open until 5:00 PM ET on 9 September. ARIN
> seeks clear direction through community input, so your feedback is important.
>
> Thank you for your continued support to improve ARIN's services.
Thanks for the consultation!
Dale
--
Dale W. Carder
Energy Sciences Network (ESnet)
Lawrence Berkeley National Laboratory
U.S. Department of Energy
------------------------------
Message: 3
Date: Wed, 4 Sep 2024 14:11:27 -0500
From: David Farmer <[email protected]>
To: ARIN <[email protected]>
Cc: [email protected]
Subject: Re: [ARIN-consult] Consultation on ARIN Online Change
Notifications
Message-ID:
<can-dau20yxntfa9go8cgn+v71xft+1w1hj0xf7lmksevyxb...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Developing these capabilities would be helpful and increase security and
awareness of changes. As others have suggested, please prioritize Email
over the API for development.
Email notifications of changes should be enabled or disabled on a per-POC
and Organization basis, and you should also be able to set an alternate
Email address for them. This latter point is critical, as email is a common
mechanism that integrates with many third-party systems, such as ticketing
or messaging systems like Slack.
Thanks
On Mon, Aug 26, 2024 at 10:19?AM ARIN <[email protected]> wrote:
> ARIN is seeking feedback from the community on a potential improvement (
> https://www.arin.net/participate/community/acsp/consultations/2024/2024-4/),
> suggested by a community member, that ARIN create a modern mechanism that
> allows resource holders to be notified of any changes to resources or
> accounts they manage.
>
> The stated benefit of this potential improvement is that it would allow
> greater control over valuable resources and increase the accuracy of ARIN?s
> database.
>
> We have identified two options to create these notifications:
>
> Email - The least ?modern? option, but this would be consistent with other
> ARIN notifications, and mirrors what is available through the other
> Regional Internet Registries (RIRs). This would take approximately three
> months to develop once work is scheduled.
>
> REST endpoint ? ARIN can define a REST endpoint, and customers would have
> to develop/deploy and then provide us the URL to send notifications to.
> This would take approximately six months to develop once work is
> scheduled.
>
> These options vary in complexity to develop, and the level of effort
> required for customer adoption. We are interested in community feedback on
> the value of a change notification feature and thoughts on the possible
> delivery methods described or others you may suggest.
>
> Please provide comments to [email protected]. You can subscribe to
> this mailing list at https://lists.arin.net/mailman/listinfo/arin-consult
>
> This consultation will remain open until 5:00 PM ET on 9 September. ARIN
> seeks clear direction through community input, so your feedback is
> important.
>
> Thank you for your continued support to improve ARIN's services.
>
>
> Regards,
>
> John Curran
> President and CEO
> American Registry for Internet Numbers (ARIN)
>
>
>
>
>
>
> _______________________________________________
> ARIN-Consult
> You are receiving this message because you are subscribed to the ARIN
> Consult Mailing
> List ([email protected]).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-consult Please contact the
> ARIN Member Services
> Help Desk at [email protected] if you experience any issues.
>
--
===============================================
David Farmer Email:[email protected]
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.arin.net/pipermail/arin-consult/attachments/20240904/112319a3/attachment-0001.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ARIN-consult mailing list
[email protected]
https://lists.arin.net/mailman/listinfo/arin-consult
------------------------------
End of ARIN-consult Digest, Vol 109, Issue 1
********************************************
