[Noisebridge-discuss] Access control & Safety, both personal and general space.
Shannon Lee
shannon at scatter.com
Wed Feb 8 23:08:29 UTC 2012
On Wed, Feb 8, 2012 at 2:54 PM, Jonathan Lassoff <jof at thejof.com> wrote:
> On Wed, Feb 8, 2012 at 2:16 PM, Shannon Lee <shannon at scatter.com> wrote:
> > So what we need is a database which can
> >
> > * associate a handle with a phone number (or hash), an RFID match-key (or
> > hash thereof), et cetera
>
> I think it's the other way, the system would see a Caller ID or RFID
> string and do a lookup based on that to see if it's present and
> "valid".
>
Well, that's just an index, right? I want to be able to have a
handle/name/whatever, and put a phone number, RFID key, keypad code, et
cetera next to it; then when an auth event happens, I want to be able to
take the auth code (a phone number, RFID match, keypad code) and look up
the associated handle...
> > * associate a handle with one or more upstream handles (or the
> designation
> > "consensed member" or something).
>
> Is this to build the "chains of trust" idea out? Like tracking which
> handle says this handle is "cool".
>
Yes, exactly. In theory, the chains of trust all lead back to Kelly... she
says who the members are, and the members are allowed to give access to
others down the tree; in practice, this just means that everyone should
have a list of handles who have vouched for them; the system should follow
those handles up the tree until one of them reaches Kelly or we run out of
handles.
> Once we've got that, we can start tying access systems to that.
> > LDAP anyone?
>
> Oh god... please no. This should be a simple as possible so that it's
> easy for relative strangers to the system to figure it out and run
> with it. LDAP would actually be perfect (structure-wise, only) for
> this, but OpenLDAP is a real mess. I've had to try and recover BDB
> from slapd crashes or power outages more times than I'd like to.
> < two cent rant> Seriously, fuck OpenLDAP. It just makes simple things
> difficult. </ two cent rant >
>
Yeah, I agree, this is an LDAP problem but OpenLDAP is terrible. I thought
I remembered hearing about an alternative free LDAP last year that was OK?
I don't remember what it was though.
The thing about OpenLDAP is, though, that there are lots of
readily-available management tools (like Gosa) that we can just plug into
the problem, and not have to write any of this ourselves.
--S
--
Shannon Lee
(503) 539-3700
"Any sufficiently analyzed magic is indistinguishable from science."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120208/6da877fe/attachment.html>
More information about the Noisebridge-discuss
mailing list