[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: architecture and security
Andy Bierman <ietf@andybierman.com> wrote:
> 2) Access control is backwards;
> It doesn't make sense to apply access control to the '1 way RPC'
> in the same sense as a regular RPC. It is the manager who is
> supposed to have access granted to view specific agent data -- not
> the agent that is supposed to have access granted to
> send the manager specific agent data.
Could you elaborate on what the problem is? Is this different/more
problematic than the SNMP VACM model? I.e. can't you use a "notify"
view, and apply it to each notification generated by the agent? Also,
I think the filter-based approach that Kent described can be seen as
one way to implement this model (if I understand him correctly).
/martin
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>