[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New Issue: MGMT-00 -command privilege levels
- To: radiusext@ops.ietf.org
- Subject: New Issue: MGMT-00 -command privilege levels
- From: "Greg Weber" <gdweber@gmail.com>
- Date: Fri, 19 Oct 2007 15:35:44 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=S+VckLagFsCxOpGuO9ImF06nuYm7bdJFB94BIHXEMj270pZxL7iyEf1ijS4uRMCnRuKC02xO0RPCBnthZH/LVmQvSdsXnd8RR70c3IAHVWHjeWNhjVDC/A0proDj4f83a4rH34MaOzL7v2TVRt2jPgXvfAM0g5dQkrX40qkMt3I=
Description: command privilege level mapping
Submitter name: Greg Weber
Submitter email address: gdweber@gmail.com
Date first submitted: 10/19/07
Reference: n/a
Document: MGMT-00
Comment type: Technical
Priority: Should fix
Section: 4
Rationale/Explanation of issue:
From section 4:
"The local application of the Management-Policy-Id within the managed
entity may take the form of (a) one of an enumeration of command
privilege levels, ..."
The draft does not currently describe valid values for the case when Management-
Policy-Id is supposed to represent a privilege level. The excerpt
above mentions an enumeration; the attribute value is later defined as
type Text.
Requested change:
I would suggest removing references to command privilege levels and
let the NASes map Management-Policy-Id based on what functionality is
locally supported. Privilege level (if supported on the client) may
be one of many types of local policy, e.g. time of day restrictions on
command execution. I don't think we want to address all these, do we?
In the excerpted sentence, I think (a) is just a subset of (c).
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>