[Noisebridge-discuss] Access control & Safety, both personal and general space.

Shannon Lee shannon at scatter.com
Wed Feb 8 23:08:29 UTC 2012 

On Wed, Feb 8, 2012 at 2:54 PM, Jonathan Lassoff <jof at thejof.com> wrote:

> On Wed, Feb 8, 2012 at 2:16 PM, Shannon Lee <shannon at scatter.com> wrote:
> > So what we need is a database which can
> >
> > * associate a handle with a phone number (or hash), an RFID match-key (or
> > hash thereof), et cetera
>
> I think it's the other way, the system would see a Caller ID or RFID
> string and do a lookup based on that to see if it's present and
> "valid".
>

Well, that's just an index, right?  I want to be able to have a
handle/name/whatever, and put a phone number, RFID key, keypad code, et
cetera next to it; then when an auth event happens, I want to be able to
take the auth code (a phone number, RFID match, keypad code) and look up
the associated handle...


> > * associate a handle with one or more upstream handles (or the
> designation
> > "consensed member" or something).
>
> Is this to build the "chains of trust" idea out? Like tracking which
> handle says this handle is "cool".
>

Yes, exactly.  In theory, the chains of trust all lead back to Kelly... she
says who the members are, and the members are allowed to give access to
others down the tree; in practice, this just means that everyone should
have a list of handles who have vouched for them; the system should follow
those handles up the tree until one of them reaches Kelly or we run out of
handles.

> Once we've got that, we can start tying access systems to that.
> > LDAP anyone?
>
> Oh god... please no. This should be a simple as possible so that it's
> easy for relative strangers to the system to figure it out and run
> with it. LDAP would actually be perfect (structure-wise, only) for
> this, but OpenLDAP is a real mess. I've had to try and recover BDB
> from slapd crashes or power outages more times than I'd like to.
> < two cent rant> Seriously, fuck OpenLDAP. It just makes simple things
> difficult. </ two cent rant >
>


Yeah, I agree, this is an LDAP problem but OpenLDAP is terrible.  I thought
I remembered hearing about an alternative free LDAP last year that was OK?
 I don't remember what it was though.

The thing about OpenLDAP is, though, that there are lots of
readily-available management tools (like Gosa) that we can just plug into
the problem, and not have to write any of this ourselves.

--S

-- 
Shannon Lee
(503) 539-3700

"Any sufficiently analyzed magic is indistinguishable from science."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120208/6da877fe/attachment.html>

More information about the Noisebridge-discuss mailing list