RE: New Ideas for OpenSRS (or wish list) - Reseller Access

From: Bhavin Turakhia (bhavindom@directi.com)
Date: Thu Mar 02 2000 - 20:57:51 EST

Next message: Bhavin Turakhia: "VERY IMPORTANT: no of yrs of reg"
Previous message: Bhavin Turakhia: "Perfect solution to Reseller/Customer mgmt control issue"
In reply to: Ben Gerber: "RE: New Ideas for OpenSRS (or wish list) - Reseller Access"
Next in thread: Ben Gerber: "RE: New Ideas for OpenSRS (or wish list) - Reseller Access"
Reply: Ben Gerber: "RE: New Ideas for OpenSRS (or wish list) - Reseller Access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

GREAT - feedback improves thwe system.....lemme try and tackle these ....

>2) however every change should generate an acknowledgement which should be
>emailed to the client and the client. here is the catch. the client does
not
>need to approve the change, but he has the power to disapprove by simply
>replying to the email

This goes against common law (accepting by doing nothing). If implemented
it would need to be spelled out very carefully in a service agreement with
a customer. It certainly does not seem like a solution for customers who
do not actively check their e-mail or who may encounter other e-mail
problems.

Bhavin: i agree, neat observation, however that is why the tech contact is
your ISP, the tech cotact is rightfully supposed to observe these changes
and approve/disapprove them. also to improve this system further the
customer in the mgmt interface may have an option that changes this system
by making it into a - dont accept until reply - system, thus strengthening
security. as again it may probably start of with this system, and only the
client would be allowed to change to the lower security system, by logging
in through the passwd they have.

>3) the reseller can only access the clients passwd but can never changeit.
>the passwd can only be changed by the client

This could become a security problem. If the reseller NEEDS to change the
password because it has become exposed when they used it, they will need to
get in touch with the customer first. Hopefully before any problem arises.
(Then the customer will promptly abandon the [embarrassed] RSP.)

Bhavin: I think i didnt make myself clear here. the reseller does not need
to know the clients passwd at all....from his reseller interface he can
directly modify what he wants to.

Bhavin: add to this the client should have another option to shut out access
to the reseller if he chooses to do so. in that case if he loses th domain
passwd and the email address then it was his fault tht he shut out the
reseller access

Next message: Bhavin Turakhia: "VERY IMPORTANT: no of yrs of reg"
Previous message: Bhavin Turakhia: "Perfect solution to Reseller/Customer mgmt control issue"
In reply to: Ben Gerber: "RE: New Ideas for OpenSRS (or wish list) - Reseller Access"
Next in thread: Ben Gerber: "RE: New Ideas for OpenSRS (or wish list) - Reseller Access"
Reply: Ben Gerber: "RE: New Ideas for OpenSRS (or wish list) - Reseller Access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:23 EDT