[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: access control on the <eventStreams> data model

To: Randy Presuhn <randy_presuhn@mindspring.com>
Subject: Re: access control on the <eventStreams> data model
From: Andy Bierman <ietf@andybierman.com>
Date: Thu, 12 Jul 2007 21:52:22 -0700
Cc: "Netconf (E-mail)" <netconf@ops.ietf.org>
In-reply-to: <001401c7c4e8$00fbb0a0$6601a8c0@oemcomputer>
References: <46968A5F.2000601@andybierman.com> <001a01c7c4c6$44e3d8a0$6601a8c0@oemcomputer> <46969CF4.3050300@andybierman.com> <001401c7c4e8$00fbb0a0$6601a8c0@oemcomputer>
User-agent: Thunderbird 1.5.0.12 (Windows/20070509)

Randy Presuhn wrote:

Hi -

From: "Andy Bierman" <ietf@andybierman.com>
To: "Randy Presuhn" <randy_presuhn@mindspring.com>
Cc: "Netconf (E-mail)" <netconf@ops.ietf.org>
Sent: Thursday, July 12, 2007 2:28 PM
Subject: Re: access control on the <eventStreams> data model

...

But, FWIW, that's not how access control for notifications works in SNMP.
RFC 3413 3.3 (2)

...

I think you mean para 4, point 2:

yes

...

The difference seems to be that (on a PER-NOTIFICATION basis)
the entire PDU is dropped if any data within it is restricted.
This is fine -- easier on the agent than pruning the restricted data
and sending the rest.


yes, particularly in the case of SNMP where the NOTIFICATION-TYPE
may specify mandatory variable bindings, but other stuff may be
included by an implementation.

But this is much different than refusing to let the manager see
the name of the stream or rejecting the <create-subscription>
because individual notifications may not be delivered.


Since it's reasonable for permissions to change over time,
I think it makes no sense to block creation of a subscription
based on whether the notifications that could be generated
in the future might be blocked at the moment.  Particularly in
the case of creating a subscription with respect to things
that might not exist at the moment.  But that having that kind
of flexibility might be an SNMP-centric view of the world.



not SNMP-centric. NM-centric.
Common sense network management.
Perhaps if there was an actual security model for NETCONF,
it might be more clear that per-notification access control
(send or drop decision per PDU) is all that is needed here.

Randy


Andy



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- access control on the <eventStreams> data model
  - From: Andy Bierman <ietf@andybierman.com>
- Re: access control on the <eventStreams> data model
  - From: "Randy Presuhn" <randy_presuhn@mindspring.com>
- Re: access control on the <eventStreams> data model
  - From: Andy Bierman <ietf@andybierman.com>
- Re: access control on the <eventStreams> data model
  - From: "Randy Presuhn" <randy_presuhn@mindspring.com>

Prev by Date: Re: access control on the <eventStreams> data model
Next by Date: Re: access control on the <eventStreams> data model
Previous by thread: Re: access control on the <eventStreams> data model
Next by thread: Re: access control on the <eventStreams> data model
Index(es):
- Date
- Thread