Edward Shryane wrote on 18/09/2024 17:39:
In addition to the existing alternatives, we also propose to
introduce API keys linked to an SSO account to replace passwords,
that is convenient and secure.
An API key is an auto-generated string associated with a user account
that can be used to authenticate updates on behalf of that user. They
are already widely used across the Internet, although by different
names (e.g. GitHub Tokens, Google Application Passwords, AWS does use
API keys, etc.). Other RIPE NCC services already make use of API
keys, for example the LIR Portal and RIPE Atlas.
API keys would be good and it would be great to see them supported.
That said, API keys are plain-text passwords, stored in plain-text on
each side. They just happen to be a bit longer than login passwords, and
can be implemented to have a more limited authorisation scope, that's all.
So when you're implementing them, can you implement mandatory expiry
periods, ala github?
Nick
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
