Denis Walker

RIPE Database Joins Single Sign-On Club

Denis Walker
0 You have liked this article 0 times.

With RIPE NCC Access, our single sign-on service - you log in once and can access many RIPE NCC services. Now, with the new RIPE Database release, you can update your data in the RIPE Database using this single sign-on service. This is part of the RIPE NCC's work to make the RIPE Database easier to use.


The RIPE Database has always been a stand-alone service provided by the RIPE NCC. This means that no matter what other service you are using, when it comes to updating database objects you have to provide another authorisation. Not any more. The RIPE Database has been integrated into RIPE NCC Access - the Single Sign-On (SSO) service. Once you configure your  mntner objects for SSO, most of your data can be updated with SSO. There are some exceptions where multiple authorisations are required. But we can address these either with the use of the right maintainer attributes or by adding more functionality, such as the Simple Route Creation (but with some improvements to the way that works as well).

Configuring your MNTNER objects

We have introduced a new authorisation credential type - SSO. It looks like this:

auth:   SSO

where the email address is the username for your RIPE NCC Access account. SSO can be used in a mntner object with any mix of other credentials, passwords and PGP. It can also be used as the only credential. Multiple SSO credentials can be added to a mntner so a group of people can still use their own SSO login to update any object with that mntner .

Simply follow these steps:

  • Create a RIPE NCC Access account if you do not already have one
  • Add "auth: SSO email@address" to your  mntner object(s)
    • use any standard update method
    • provide existing authorisation
    • add to as many  mntner objects as you like

Congratulations. You are now configured to use SSO to update the RIPE Database.

How to update the RIPE Database using SSO

After you have configured your  mntner object(s), log in to RIPE NCC Access. Currently, only Webupdates and Syncupdates are set up for use with SSO. Your RIPE NCC Access login details are now shown on these pages. So you can easily see when you are logged in and with what account, and you can also log in from here.

Enter your (updated) object(s) and submit. You do not need to enter any passwords - you are already authenticated to make these updates, assuming the object(s) are maintained by one of your SSO  mntner objects.

Multiple Authorisation

Where multiple authorisations are required, the data can be set up to use the same mntner . This can be achieved by use of various maintainer attributes, mnt-lower, mnt-routes, mnt-domains, mnt-ref. If that is not an option, for route object creation the Simple Route Creation can be used. Your part of the authorisation can be provided with your SSO. When the other party needs to provide their authorisation, they can also use SSO. This process can be extended to cover other object creations.

Other RIPE Database uses of SSO

Part of the requirements for the certification of PI resources will be to add SSO authorisation to the mntner of the resource object.

0 You have liked this article 0 times.

You may also like

View more

About the author

From 2001 to 2015 I was a developer and then the business analyst for the RIPE Database with the RIPE NCC. During this time I have been involved in every aspect of it's design and development of the software, web services and infrastructure, it's philosophy, legal, political and policy aspects, documentation, testing and future planning and specifying of new features

Comments 1