[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: architecture and security

To: ietf@andybierman.com
Subject: Re: architecture and security
From: Martin Bjorklund <mbj@tail-f.com>
Date: Fri, 07 Apr 2006 21:05:38 +0200 (CEST)
Cc: netconf@ops.ietf.org
In-reply-to: <443531F3.7000903@andybierman.com>
References: <443531F3.7000903@andybierman.com>

Andy Bierman <ietf@andybierman.com> wrote:
> 2) Access control is backwards;
>    It doesn't make sense to apply access control to the '1 way RPC'
>    in the same sense as a regular RPC.  It is the manager who is
>    supposed to have access granted to view specific agent data -- not
>    the agent that is supposed to have access granted to
>    send the manager specific agent data.

Could you elaborate on what the problem is?  Is this different/more
problematic than the SNMP VACM model?  I.e. can't you use a "notify"
view, and apply it to each notification generated by the agent?  Also,
I think the filter-based approach that Kent described can be seen as
one way to implement this model (if I understand him correctly).

/martin

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: architecture and security
  - From: Andy Bierman <ietf@andybierman.com>

References:
- architecture and security
  - From: Andy Bierman <ietf@andybierman.com>

Prev by Date: Re: example notification seems redundant
Next by Date: Re: architecture and security
Previous by thread: architecture and security
Next by thread: Re: architecture and security
Index(es):
- Date
- Thread