RIPE Database Joins Single Sign-On Club
The RIPE Database has always been a stand-alone service provided by the RIPE NCC. This means that no matter what other service you are using, when it comes to updating database objects you have to provide another authorisation. Not any more. The RIPE Database has been integrated into RIPE NCC Access - the Single Sign-On (SSO) service. Once you configure your mntner objects for SSO, most of your data can be updated with SSO. There are some exceptions where multiple authorisations are required. But we can address these either with the use of the right maintainer attributes or by adding more functionality, such as the Simple Route Creation (but with some improvements to the way that works as well).
Configuring your MNTNER objects
We have introduced a new authorisation credential type - SSO. It looks like this:
auth: SSO user _at_ here _dot_ com
where the email address is the username for your RIPE NCC Access account. SSO can be used in a mntner object with any mix of other credentials, passwords and PGP. It can also be used as the only credential. Multiple SSO credentials can be added to a mntner so a group of people can still use their own SSO login to update any object with that mntner.
Simply follow these steps:
- Create a RIPE NCC Access account if you do not already have one
- Add "auth: SSO email@address" to your mntner object(s)
- use any standard update method
- provide existing authorisation
- add to as many mntner objects as you like
Congratulations. You are now configured to use SSO to update the RIPE Database.
How to update the RIPE Database using SSO
After you have configured your mntner object(s), log in to RIPE NCC Access. Currently, only Webupdates and Syncupdates are set up for use with SSO. Your RIPE NCC Access login details are now shown on these pages. So you can easily see when you are logged in and with what account, and you can also log in from here.
Enter your (updated) object(s) and submit. You do not need to enter any passwords - you are already authenticated to make these updates, assuming the object(s) are maintained by one of your SSO mntner objects.
Where multiple authorisations are required, the data can be set up to use the same mntner. This can be achieved by use of various maintainer attributes, mnt-lower, mnt-routes, mnt-domains, mnt-ref. If that is not an option, for route object creation the Simple Route Creation can be used. Your part of the authorisation can be provided with your SSO. When the other party needs to provide their authorisation, they can also use SSO. This process can be extended to cover other object creations.
Other RIPE Database uses of SSO
Part of the requirements for the certification of PI resources will be to add SSO authorisation to the mntner of the resource object.