From: "Kent Watsen" <kwatsen@juniper.net> To: "Andy Bierman" <ietf@andybierman.com> Cc: "Netconf (E-mail)" <netconf@ops.ietf.org> Sent: Thursday, April 06, 2006 8:45 PM Subject: RE: architecture and security...1. When the subscription-request comes in, the system must authenticate that the request only subscribes to events the client is authorized to receive 2. However, when each notification is generated by the system, the system only forwards it to the client if it already has a subscription in place for that kind of event In case you think that I'm contradicting my earlier statement "eliminates the system from having to apply filters to the responses", what I meant to say is that it eliminates *access control* from having to apply filters to the responses. This is true since any notification matching the subscription request, which was authorized, is also implicitly authorized to be sent to the client...
Does this mean that access rights are only checked at subscription ? What happens if the user successfully subscribes to all notifications then later his access rights are restricted. Shall we check at the change of access rights whether his subscription is still OK and remove it if no ? Otherwise his rights might be removed and he still receives notifications as long as he himself does not change his subscription. This latter case is I feel not satisfactory. Balazs -- to unsubscribe send a message to netconf-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/netconf/>