[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: access control issues

To: "netconf" <netconf@ops.ietf.org>
Subject: Re: access control issues
From: "Randy Presuhn" <randy_presuhn@mindspring.com>
Date: Thu, 19 May 2005 13:16:56 -0700
References: <428CCEBA.4070400@andybierman.com>

Hi -

> From: "Andy Bierman" <ietf@andybierman.com>
> To: "netconf" <netconf@ops.ietf.org>
> Sent: Thursday, May 19, 2005 10:36 AM
> Subject: access control issues
...
> The document should say somewhere that access control (i.e., user's
> ability to access specific portions of particular configurations in
> particular ways) MUST be enforced, and error(s) returned (if needed),
> instead of other protocol, rpc, or application errors, that would
> otherwise be returned.
...

It sounds like this would be different from the SNMP approach, which
doesn't leak information about the existence of objects to which access
is denied when responding to a get/next/bulk request.  Are you proposing
that the error would identify the specific element(s) in the configuration to
which access was denied, or would it be more of a blanket response that
*something* *somewhere* in the request ran afoul of the rules?

Randy




--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: access control issues
  - From: Andy Bierman <ietf@andybierman.com>

References:
- access control issues
  - From: Andy Bierman <ietf@andybierman.com>

Prev by Date: access control issues
Next by Date: Re: access control issues
Previous by thread: access control issues
Next by thread: Re: access control issues
Index(es):
- Date
- Thread