[Noisebridge-discuss] Access control & Safety, both personal and general space.
shannon at scatter.com
Wed Feb 8 23:08:29 UTC 2012
On Wed, Feb 8, 2012 at 2:54 PM, Jonathan Lassoff <jof at thejof.com> wrote:
> On Wed, Feb 8, 2012 at 2:16 PM, Shannon Lee <shannon at scatter.com> wrote:
> > So what we need is a database which can
> > * associate a handle with a phone number (or hash), an RFID match-key (or
> > hash thereof), et cetera
> I think it's the other way, the system would see a Caller ID or RFID
> string and do a lookup based on that to see if it's present and
Well, that's just an index, right? I want to be able to have a
handle/name/whatever, and put a phone number, RFID key, keypad code, et
cetera next to it; then when an auth event happens, I want to be able to
take the auth code (a phone number, RFID match, keypad code) and look up
the associated handle...
> > * associate a handle with one or more upstream handles (or the
> > "consensed member" or something).
> Is this to build the "chains of trust" idea out? Like tracking which
> handle says this handle is "cool".
Yes, exactly. In theory, the chains of trust all lead back to Kelly... she
says who the members are, and the members are allowed to give access to
others down the tree; in practice, this just means that everyone should
have a list of handles who have vouched for them; the system should follow
those handles up the tree until one of them reaches Kelly or we run out of
> Once we've got that, we can start tying access systems to that.
> > LDAP anyone?
> Oh god... please no. This should be a simple as possible so that it's
> easy for relative strangers to the system to figure it out and run
> with it. LDAP would actually be perfect (structure-wise, only) for
> this, but OpenLDAP is a real mess. I've had to try and recover BDB
> from slapd crashes or power outages more times than I'd like to.
> < two cent rant> Seriously, fuck OpenLDAP. It just makes simple things
> difficult. </ two cent rant >
Yeah, I agree, this is an LDAP problem but OpenLDAP is terrible. I thought
I remembered hearing about an alternative free LDAP last year that was OK?
I don't remember what it was though.
The thing about OpenLDAP is, though, that there are lots of
readily-available management tools (like Gosa) that we can just plug into
the problem, and not have to write any of this ourselves.
"Any sufficiently analyzed magic is indistinguishable from science."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Noisebridge-discuss