service improvements, by vivek nigam [apricot 2015]
TRANSCRIPT
Service Improvements
Vivek Nigam
4 March, 2015
Fukuoka, Japan
Agenda
• New two-factor authentication for MyAPNIC
• Maintainer object automation
• Improved transfer page
• Easier Invalid contact reporting feature
- Processing invalid contact reports
- Case study
2
New two-factor authentication
• Uses Time-based One-Time Passwords (TOTP)
- http://tools.ietf.org/html/rfc6238
• Requires authenticator app installed in your smart device
- Google Authenticator, FreeOTP, HDE OTP Generator …
• Requires six-digit security code along with password for login
• Enables access to voting and RPKI feature in MyAPNIC
3
New two-factor authentication
Benefits of TOTP • Will work in all browsers
• Does not need manual processing from APNIC Helpdesk
• Does not require annual renewal
4
New two-factor authentication
5
Setting up TOTP
New two-factor authentication
6
Generate QR and secret code
New two-factor authentication
7
Setup authenticator app
New two-factor authentication
8
Enter six-digit security code
New two-factor authentication
9
http://www.apnic.net/2fa
Setup complete!
Maintainer object automation
• All maintainers associated with resources will be automatically saved in MyAPNIC
• Maintainer password reset will automatically update password for other users
• Feature to control maintainer access for individual users
10
Maintainer automation
11
Simplified Whois database management
Maintainer automation
12
Managing maintainer access
Improved transfer page
13
http://www.apnic.net/transfer
Improved transfer page
14
Easier Invalid contact reporting
15
Simplified process to report invalid contact
Easier invalid contact reporting
16
Eliminates incorrect reporting
Processing invalid contact reports
17
• E-mail sent to technical contacts of account
• Email sent to all contacts of account
• Phone call made to Member organization • Log details of invalid contacts that did not get updated
APNIC may not be able to update the invalid whois database registration details if the Internet resources are historical and not managed under an APNIC account
Case study for invalid contact report
18
Notice of membership breach sent *
Final email sent *
Email sent to Member’s upstream *
Web search for alternate contacts *
Follow up email sent
Phone call made
Email sent
Invalid contact reported
19