[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: review of NAS-Management-authorization

To: <radiusext@ops.ietf.org>
Subject: RE: review of NAS-Management-authorization
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
Date: Tue, 23 Oct 2007 16:17:45 -0400
Cc: "'Greg Weber'" <gdweber@gmail.com>, "'David Harrington'" <ietfdbh@comcast.net>
In-reply-to: <02d201c815ae$5569f7c0$b927303d@china.huawei.com>
Organization: Elbrys Networks, Inc.
References: <039101c8107e$aff9da50$b927303d@china.huawei.com> <005701c811d0$5dc41360$5d1216ac@xpsuperdvd2> <00ba01c811eb$8ff60170$b927303d@china.huawei.com> <00a001c8128b$bbb34020$5d1216ac@xpsuperdvd2> <d11ef1350710221026k7b0b95c9tc857eb87024a850b@mail.gmail.com> <015f01c814dc$028461d0$5d1216ac@xpsuperdvd2> <027401c81579$77503370$b927303d@china.huawei.com> <000201c81581$85cf9f00$5d1216ac@xpsuperdvd2> <02d201c815ae$5569f7c0$b927303d@china.huawei.com>

David Harrington writes...

> Why do we want to not conflate it with the named policy approach?

I have answers on several levels.

Generally speaking, conflating similar but distinct objects leads to the
potential for confusion.

The integer-valued CLI privilege level has a well established and widely
deployed set of semantics, which cannot be modified in order to make it fit
within a generalized network management access policy framework.

One data object is an Integer type and the other object is a Text string
type.  Their native formats are incompatible.

I firmly believe that structured attributes, if we are to do them, need to
be represented as grouped attributes pursuant to the RADIIUS Extended
Attribute proposal.  Structured attributes represented as sub-strings to be
parsed out from other strings is bad design (IMO).

Quite frankly, I see no need for structured attributes in this case.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: review of NAS-Management-authorization
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: review of NAS-Management-authorization
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: review of NAS-Management-authorization
  - From: "Greg Weber" <gdweber@gmail.com>
- RE: review of NAS-Management-authorization
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: review of NAS-Management-authorization
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>

Prev by Date: RE: review of NAS-Management-authorization
Next by Date: Straw-man draft of the guidelines document
Previous by thread: RE: review of NAS-Management-authorization
Next by thread: New Issue: MGMT-00 -command privilege levels
Index(es):
- Date
- Thread