Goal: Provisioning System for free networks, based on the current FunkFeuer Graz provisioning system

Main reason for changes: assignment of public IP addresses mandates support for IPsec key management and authentication of users

• MySQL database with Ruby on Rails, Perl and PHP frontends
• autogenerate DNS config from db
• autogenerate Cisco IPsec config from db
• autogenerate Google Map
• autogenerate Topo Map from OLSR data and db
• xml export - topo data
• user selfcare provisioning
• rudimentary admin provisioning

• do not introduce new technology - Ruby on Rails will do
• do not reinvent the wheel
• document everything
• use role-function paradigm for authorisation (neighbourhood managers, node owners, core team, …)
• db support for generic authentication system / trust model
  • authenticate e-mail address (automatic) - first level of authentication
  • manual f2f authentication (photo id check) - second level of authentication

  authorisation system (anonymous users, l1 id, l2 id, admin, user groups...) 
  auditing (log photo id check, optional: IP assignments, config changes, ...) 
  * timestamp 
  * who 
  * what 

  IP network management 
  * create/modify/delete IP ranges 
  * assign/revoke IP network to/from location 
  * management of both public and private IPs 
  * support for IPSEC key management for public IPs 
  * support tinc tunnel management 
  * optional: request larger network: support for renumbering 

  status report for IP network requests 
  safety net: deleted objects are flagged, not permanently deleted 

• support for IPv6 addresses
• server side interface for HardwareAutoProvisioning (device management)
• versioning of data (→ rollback functionality)
• opt-in for autoconfiguration and automatic firmware upgrade
• possibility for nodes to participate in software tests, new routing protocols etc. (stable, testing, unstable nodes)
• enter user website URL to be linked from the home page
• enter mobile phone number, opt-in to be contacted via SMS (FunkFeuer-Treffen Terminänderungen etc.)
• management of hotspot requests, interface for sponsoring ISPs

• introduce foreign keys
• PKs must not be hardcoded: use shortnames to get PKs
• node type: fixed, mobile, experimental, …
• node may have owner
• node may have location (mandatory for fixed nodes)
• node may have interfaces (wired, wireless, …)
• interfaces have properties depending on interface type (speed, output power, channel)
• wireless interface may have cabling and antennas attached (cable type and length, antenna)
• antenna has type (from template), polarization, azimuth, elevation, aperture, gain, …
• location must have owner
• person must have verified e-mail address
• person should have telephone number
• person may be either real or virtual (person groups)

• show workflow to users/admins
• user: register as person, verify e-mail address, add location, add node, request IP net, request photo identification appointment, lookup/modify/delete entries, generate IPsec key
• admin: pending requests (photo id, approve network assignment request, enter audit data, revoke IPsec key), override all user functions, change node owner