Hi,
On 2019-04-10 13:14, Tim Bruijnzeels via db-wg wrote:
Hi,
auth-sso contains an identifier of an RIPE NCC Access SSO account. Actual
details such as the email address and password are not stored in the RIPE DB.
To me it would make sense to have a similar approach for API Tokens. Have some
identifier that is kept on the MNTNER object, but store the actual sensitive
data in a separate system. This would also allow future flexibility regarding
which hashing and/or encryption to use. Essentially this would be an
implementation detail that the RIPE NCC can look at, but which would not affect
the whois as such.
Tim
Well there are 2 issues that I can see with this immediately,
1. as Denis has already mentioned a few months ago, the DB can not
depend on the LIR portal being up due to it having less uptime.
2. What about people using the RIPE DB but are not LIRs, such as
people/companies with PI resources?
I don't really see a way to get around issue 1. Unless we are
considering doing something like signed API messages, via PGP or something.
- Cynthia
