[Noisebridge-discuss] Access control & Safety, both personal and general space.

rachel lyra hospodar rachelyra at gmail.com
Thu Feb 9 18:06:40 UTC 2012

<3 this discussion.

I want to point out that decentralization and mistrust of power in the
hands of individuals reccomends against putting control in the hands of
treasurer, an individual. I <3 Kelly but she may want to do something else
with her time eventually, and be replaced with someone who turns out to be
an evil despot.


On Feb 8, 2012 4:10 PM, "Jonathan Lassoff" <jof at thejof.com> wrote:

> On Wed, Feb 8, 2012 at 3:08 PM, Shannon Lee <shannon at scatter.com> wrote:
> > Well, that's just an index, right?  I want to be able to have a
> > handle/name/whatever, and put a phone number, RFID key, keypad code, et
> > cetera next to it; then when an auth event happens, I want to be able to
> > take the auth code (a phone number, RFID match, keypad code) and look up
> the
> > associated handle...
> I suppose. We're seeing eye-to-eye here, and using different words.
> That was the use case I was envisioning as well.
> > Yes, exactly.  In theory, the chains of trust all lead back to Kelly...
> she
> > says who the members are, and the members are allowed to give access to
> > others down the tree; in practice, this just means that everyone should
> have
> > a list of handles who have vouched for them; the system should follow
> those
> > handles up the tree until one of them reaches Kelly or we run out of
> > handles.
> Interesting way of describing it. I like it. How would we handle a
> reset, though? We'd need some way to prune the pointer to the vouching
> node(s).
> It would be nice if we could continue to cache access token info along
> with the handle, and not have to re-enter it every time.
> If we allow multiple vouching nodes, searching the tree to verify a
> chain of awesome-ness back to Kelly can quickly turn into a hard
> problem though. If one vouching is as good as three, I say we just
> store one and keep the additional stuff as metadata.
> > Yeah, I agree, this is an LDAP problem but OpenLDAP is terrible.  I
> thought
> > I remembered hearing about an alternative free LDAP last year that was
> OK?
> >  I don't remember what it was though.
> Beats me. I've been futzing some with FreeIPA lately, and have found
> it to be generally useful for getting LDAP up without much work.
> > The thing about OpenLDAP is, though, that there are lots of
> > readily-available management tools (like Gosa) that we can just plug into
> > the problem, and not have to write any of this ourselves.
> I think that OpenLDAP would just be a storage mechanism for us. We'd
> still have to write code to do our awesome-ness / vouching
> verification though. At that point, I don't think it would be *that*
> much more work to write a little data storage mechanism.
> I'm thinking like JSON blobs in a Redis or flat text file.
> Cheers,
> jof
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120209/23e13339/attachment.html>

More information about the Noisebridge-discuss mailing list