If we connect the notification subscription strictly to a user identity we force the user
to specify security data multiple times to be able to use multiple subscriptions. Is this
User identity is obviously not the only interesting attribute of a subscription.
Think how SNMP notification subscriptions work. The user identity is necessary
for access control (both of the subscription itself as well as in constraining what
is permitted to be sent). One also needs information describing *where* the
information should be sent on behalf of that user, among other things.
our aim or am I missing something ? (In our management system different functional parts
are interested in different notifications, but I see no need for a security point of view
to require multiple user identities for them.)
...
No disagreement. Indeed, this is yet another argument against binding the
subscription to a connection. Consider the scenario where there are multiple
"interested" systems or applications, and the devices to be managed are
intermittently reachable. Is it better for the managed device to establish a
connection if/when needed, or have the applications futilely attempting to make
connections to all the devices that happen to be unreachable at the moment?
Think netconf for cellphones and PDAs.
Randy
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>