[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Review of Management Authorization -00 document
More follow up ...
> Framed-Management-Protocol
>
> 1 SNMP
> 2 HTTP
> 3 FTP
> 4 CP
OK. What I'm proposing in the -01 version is:
1 SNMP
2 Web-based
3 NETCONF
4 FTP
5 TFTP
6 CP
> Transport-Protocol
>
> 1 UDP
> 2 TCP
> 3 SSH over TCP
> 4 TLS over TCP
> 5 TLS over UDP
I don't think we want to be specifying the "real" transport layer, e.g. TCP,
UDP, SCTP, etc. What we need to specify there is the "secure transport"
(which doesn't exactly fit into the classical ISO 7-layer model), e.g. SSH,
TLS, etc.
What I'm proposing for the -01 version is:
1 Default
2 SSH
3 TLS
4 DTLS
5 BEEP
6 SOAP
> What does it mean if multiple Management-Policy-Id attributes are
> included?
> How are the policies merged? If this is implementation-specific, isn't
> the result undefined?
Proposed text for the -01 version:
</t>
No precedence relationship is defined for multiple occurrences of the
Management-Policy-Id attribute. NAS behavior in such cases is not
predictable. Therefore, two or more occurrences of this attribute SHOULD
NOT be included in a single service provisioning message, such as
Access-Accept or CoA.
<t>
</t>
The content of the Management-Policy-Id attribute is expected to be the name
of a management access policy of local significance to the NAS, within a
flat namespace of significance to the NAS. Overloading or subdividing this
flat name with multi-part specifiers (e.g. Access=remote, Level=7) is likely
to lead to poor multi-vendor interoperability and SHOULD NOT be utilized.
If a simple flat policy name is not sufficient to the anticipated use case,
it is RECOMMEDNED that a Vendor Specific Attribute be used instead, rather
than overloading the semantics of Management-Policy-Id.
</t>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>