draft-ietf-netconf-soap-08

[Ted Goddard <ted.goddard@icesoft.com>]

I intend to prepare the update draft-ietf-netconf-soap-08.txt as
follows;  are there any additional comments?

4.1  Integrity, Privacy, and Authentication

   The NETCONF SOAP binding relies on an underlying secure transport  
for
   integrity and privacy.  Such transports are expected to include TLS
   [9] (which, when combined with HTTP, is referred to as HTTPS) and
   IPsec.  There are a number of options for authentication (some of
   which are deployment-specific):

   o  within the transport (such as with TLS client certificates)

   o  within HTTP (such as Digest Access Authentication [7])

   o  within SOAP (such as a digital signature in the header [17])

   HTTP, BEEP, and SOAP level authentication can be integrated with
   RADIUS [10] (Remote Authentication Dial In User Service) to support
   remote authentication databases.

   At a miniumum, all conforming NETCONF over SOAP implementations MUST
   support TLS.  Specifically, NETCONF over SOAP over HTTP MUST support
   NETCONF over SOAP over HTTPS, and NETCONF over SOAP over BEEP MUST
   support NETCONF over SOAP over BEEP over TLS.

...

   [7]   Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P.,
         Luotonen, A., Sink, E., and L. Stewart, "HTTP Authentication:
         Basic and Digest Access Authentication", RFC 2617, June 1999,
         <http://www.ietf.org/rfc/rfc2617.txt>.


Thanks,
Ted.



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>