[Noisebridge-discuss] Access control & Safety, both personal and general space.

Jonathan Lassoff jof at thejof.com
Wed Feb 8 14:54:49 PST 2012


On Wed, Feb 8, 2012 at 2:16 PM, Shannon Lee <shannon at scatter.com> wrote:
> So what we need is a database which can
>
> * associate a handle with a phone number (or hash), an RFID match-key (or
> hash thereof), et cetera

I think it's the other way, the system would see a Caller ID or RFID
string and do a lookup based on that to see if it's present and
"valid".

I recommend bcrypt for doing either, as it's an intentionally slow
(but relatively fast in the scheme of things) hash, so it makes brute
force generation of a known keyspace (like phone numbers, for example)
much more difficult.

> * associate a handle with one or more upstream handles (or the designation
> "consensed member" or something).

Is this to build the "chains of trust" idea out? Like tracking which
handle says this handle is "cool".

> Once we've got that, we can start tying access systems to that.
> LDAP anyone?

Oh god... please no. This should be a simple as possible so that it's
easy for relative strangers to the system to figure it out and run
with it. LDAP would actually be perfect (structure-wise, only) for
this, but OpenLDAP is a real mess. I've had to try and recover BDB
from slapd crashes or power outages more times than I'd like to.
< two cent rant> Seriously, fuck OpenLDAP. It just makes simple things
difficult. </ two cent rant >

Cheers,
jof


More information about the Noisebridge-discuss mailing list