[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: architecture and security

To: "Andy Bierman" <ietf@andybierman.com>
Subject: RE: architecture and security
From: "Kent Watsen" <kwatsen@juniper.net>
Date: Thu, 6 Apr 2006 20:45:24 -0700
Cc: "Netconf \(E-mail\)" <netconf@ops.ietf.org>

Andy wrote:
> So the agent has to check the filters to see if they can ever
> match a data model that the subscriber is not allowed to see,
> and reject the subscription request with an access-denied error.
>
> Or does the agent silently omit notifications which don't resolve
> to access-granted for that receiver?

Actually, both statements are true: 

1. When the subscription-request comes in, the system must authenticate
that the request only subscribes to events the client is authorized to
receive

2. However, when each notification is generated by the system, the
system only forwards it to the client if it already has a subscription
in place for that kind of event

In case you think that I'm contradicting my earlier statement
"eliminates the system from having to apply filters to the responses",
what I meant to say is that it eliminates *access control* from having
to apply filters to the responses.  This is true since any notification
matching the subscription request, which was authorized, is also
implicitly authorized to be sent to the client

Kent

--
Kent Watsen
NSM Architect
Juniper Networks

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: architecture and security
  - From: "Randy Presuhn" <randy_presuhn@mindspring.com>
- Re: architecture and security
  - From: Andy Bierman <ietf@andybierman.com>

Prev by Date: example notification seems redundant
Next by Date: Re: architecture and security
Previous by thread: Re: architecture and security
Next by thread: Re: architecture and security
Index(es):
- Date
- Thread