[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: architecture and security

Kent Watsen wrote:

Andy wrote:

So the agent has to check the filters to see if they can ever
match a data model that the subscriber is not allowed to see,
and reject the subscription request with an access-denied error.

Or does the agent silently omit notifications which don't resolve
to access-granted for that receiver?
Actually, both statements are true: 
1. When the subscription-request comes in, the system must authenticate
that the request only subscribes to events the client is authorized to
receive

2. However, when each notification is generated by the system, the
system only forwards it to the client if it already has a subscription
in place for that kind of event

In case you think that I'm contradicting my earlier statement
"eliminates the system from having to apply filters to the responses",
what I meant to say is that it eliminates *access control* from having
to apply filters to the responses.  This is true since any notification
matching the subscription request, which was authorized, is also
implicitly authorized to be sent to the client



I don't think it is so simple.
Not all data on the agent is static.
There could be data that is not instantiated at
the time of the subscription request that the manager
is not allowed to see.  Therefore, the agent has to
check access control for each notification sent.

This assumes there is finer grained access control
than "all config events" or "all faults".  That would
not really be good enough to protect sensitive data.




Kent


Andy




--
Kent Watsen
NSM Architect
Juniper Networks

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>





--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>