[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ????: a question about Management Authorization -01 document
On Wed, Dec 19, 2007 at 10:46:36AM +0800, li chunxiu wrote:
> Here is a situation:
> 1.NETCONF access, defined by a policy:
> * Service-Type (6) = Framed-Management (xx)
> * Framed-Management-Protocol (xx) = NETCONF(3)
> * Management-Policy-Id (xx) = " Read-only group1"
> 2. NETCONF access, defined by a policy:
> * Service-Type (6) = Framed-Management (xx)
> * Framed-Management-Protocol (xx) = NETCONF(3)
> * Management-Policy-Id (xx) = "group1 Read-only"
> 3. NETCONF access, defined by a policy, with the Management-Privilege-Level
> attribute:
> * Service-Type (6) = Framed-Management (xx)
> * Framed-Management-Protocol (xx) = NETCONF(3)
> * Management-Policy-Id (xx) = "group1 "
> * Management-Privilege-Level (xx) = 15
> Comment:15 denotes Read-only
> 16 denotes create ... ...
> I think the 3rd example using the Management-Privilege-Level attribute
> clarifies the use methods of Management-Privilege-Level attribute.
> What is your opinion?
Since NETCONF right now does not have a defined access control system,
the discussion is kind of pointless since implementations can do
whatever they like. That said, let me say that I personally find a
combination of Management-Policy-Id and Management-Privilege-Level
somewhat strange.
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>