Re: Thoughts on NetConf Requirements

[Andy Bierman <abierman@cisco.com>]

At 09:15 AM 6/17/2003, Wes Hardaker wrote:
>>>>>> On Mon, 16 Jun 2003 14:46:26 -0700, Andy Bierman <abierman@cisco.com> said:
>
>Andy> Fair enough, but in my experience, IETF debates about filtering
>Andy> end up with this kind of complexity.
>
>Then its your job to help the authors define a set of goals and a
>mechanism to meet those goals.  Declaring, without discussion, that
>element subtree matching is the only way forward is the only thing to
>be considered seems a bit heavy handed.
>
>I think we're wasting time arguing over the word "filter" when in fact
>we should be arguing over the technical aspects of what types of
>decisions can be made and then we can apply the appropriate
>terminology to it.


Here is the charter text that applies to the authorization model:

The Netconf Working Group is chartered to produce a protocol suitable 
for network configuration, with the following characteristics:

   ...
  - Supports integration with existing user authentication methods
   ...

   ... Although these issues must be fully addressed to 
develop standard data models, only a small part of this work will be 
initially addressed. This group will specify requirements for standard 
data models in order to fully support the Netconf protocol, such as:

  - identification of principals, such as user names or distinguished 
    names
  ...

Creation of clever new authorization features is not part
of the charter.  Figuring out how integrate netconf with
existing protocols (e.g., used for CLI authorization)
like Radius or TACACS+ is part of the charter.  

I don't think it's heavy-handed to try to keep the WG focused
on the charter.  There's plenty of tough contentious issues to 
solve within the scope of the charter.

Andy



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>