Module Specification: Custodians
Working with Custodian Records
The first step for working with a NUM Contacts record is to create it.
Creating the Object
NUM records are written in MODL and are unpacked into objects by a MODL interpreter with the help of a NUM record configuration file. To successfully unpack the MODL object we must write a MODL string including the record configuration file and the NUM record itself.
Combining the RCF and NUM Record
Your MODL string should start with a
*L (load) command for the Record Configuration File (RCF). Retrieve the NUM record from the DNS using a NUM lookup and add the record returned to the MODL string. In this example we've retreived a NUM record for the domain
Interpreting the MODL
Now we can interpret our MODL string and have a developer friendly unpacked object to work with:
The response will always be an array with the key
custodians, each object in the array will include a
To check if an identifier, like an email address, has permissions to act on behalf of a domain you must first hash the identifier. All hashes in custodian records use the SHA-1 algorithm.
Valid identifiers are email addresses and domain names. A domain name idenfitier indicates that all email users at that domain have permissions.
Work through the object checking the hashed identifier again each hash. An exact match indicates that the user represented by the identifier has permissions to act on behalf of the domain name.
Permissions for any hash are provided in an array. There are three types of permissions: administrator, category and domain permissions.
Admin permissions grant the user access to all services. Admin is represented by the asterisk
Category permissions grant the user access to services in particular categories. The categories are listed below:
|m||Marketing||Services that categorise themselves as marketing / advertising related.|
|e||Services that categorise themselves as providing email related services.|
|s||Storage||Services that categorise themselves as providing online file storage.|
|c||Certificates||Services that categorise themselves as providing certificates.|
Domain permissions grant the user access to all services offered at a particular domain or a subdomain of that domain.