[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Proposed Update to Netconf Charter

To: <netconf@ops.ietf.org>, <ietf@andybierman.com>
Subject: RE: Proposed Update to Netconf Charter
From: "Mazumdar, Subrata \(Subrata\)" <mazum@avaya.com>
Date: Wed, 6 Jul 2005 08:33:32 -0400

Hi!,
I think that Andy's proposal for two tier security is very much similar 
to Deployment Descriptor based (read XML) J2EE (declarative) security model 
for Web and EJB container. 
J2EE security model is role-based and defined in XML.  
(For more info, see Chapter 32 in J2EE http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html)

The Web-container security model allows patterns in URLs as target resources 
and permission can be customized for individual operation (GET/POST etc). 
The EJB security model allows method (getter/setter for attribute) based 
target definition for access control and it is completely meta-data driven.
I believe that the J2EE declarative 
security model really fits your need for simple model to start with. 

I believe that it is not going to be very difficult to map the SNMP VACM to RBAC 
so that netconf AC is compatible with SNMP v3 VACM. 

--
Subrata 

-----Original Message-----
From: owner-netconf@ops.ietf.org [mailto:owner-netconf@ops.ietf.org]On
Behalf Of Juergen Schoenwaelder
Sent: Wednesday, July 06, 2005 5:55 AM
To: Vincent Cridlig
Cc: netconf@ops.ietf.org; ietf@andybierman.com; Radu State
Subject: Re: Proposed Update to Netconf Charter

On Wed, Jul 06, 2005 at 11:36:13AM +0200, Vincent Cridlig wrote:
> Let me give more details about what I proposed.
> 
> The prefix concept is well defined in the XPath recommendation. I didn't 
> invent this concept and I don't want to change XPath.
> 
> Using XPath prefix needs a namespace declaration. This is why I 
> suggested to add some namespace declaration along with the Netconf request.
> In fact, I might be wrong but I think it is not possible to fully 
> support XPath without making it possible to send these declarations. 
> These declarations are needed to build the expression context as 
> described in the XPath recommendation.
> If a manager sends an XPath request which contains prefixes, I don't 
> know how an agent could guess the related (real) namespace URI.

Thanks for this clarification. This now sounds much more reasonable.
I guess I have to go back to the XPath specs.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Prev by Date: Re: Proposed Update to Netconf Charter
Next by Date: Re: Proposed Update to Netconf Charter
Previous by thread: Re: Proposed Update to Netconf Charter
Next by thread: RE: Proposed Update to Netconf Charter
Index(es):
- Date
- Thread