[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Issue 255]: NAS mgmt author

I have a comment on this subissue from #255 on RADIUS author.
This is from the issue list:

"section 8.4
I don't understand why we need a special Management-Privilege-Level
attribute. This should be able to specified as a named policy in the
Management-Policy-ID, such as "Level 1" and "Level 2", or even "1" and
"2" and "3". Implementations simply need to map between the policy
name and their privilege-level policy implementation.

Different implementations might handle priivilege levels differently -
some might use integers internally, others might use a different range
of values (0-15 vs 1-16). Using Management-Policy-ID makes this simply
a mapping exercise. This is a great opportunity to suggest standard
names for privilege levels, and then vendors can map those standard
names to the internal routines. If vendors provide an API, operators
could name the policies as they wanted and map them to the vendors'
APIs for invoking different privilege levels."

--

Actually, I think this is likely to lead to problems.  Conceptually, i agree,
but this privilege level concept is quite entrenched.  And having a language-
specific 'textization' of this is likely to lead to more
incompatibility going fwd.
I also don't think RADEXT is the correct place to "suggest standard
names for privilege levels".

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>