[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
access-denied error
- To: "Netconf (E-mail)" <netconf@ops.ietf.org>
- Subject: access-denied error
- From: Andy Bierman <ietf@andybierman.com>
- Date: Sat, 10 Jun 2006 12:56:05 -0700
- User-agent: Thunderbird 1.5.0.4 (Windows/20060516)
Hi,
I wanted to sneak in another comment on the non-existent
access control model for netconf.
There is no guidance whatsoever when to send the access-denied
error. Therefore, it must be okay for implementors to
make up their own rules.
For example, on <get> and <get-config> operations, one may
choose never to issue access-denied errors, and simply
treat an explicit or implicit request for data that the
session is not authorized to view as a 'false' filter.
In other words, the <get> and <get-config> operations
by definition are requesting only data that the session
has access to read. Anything else is just skipped,
similar to the way SNMP getNext works wrt/ VACM.
This will make it harder for hackers to learn anything
about the data model instances, especially since
access to <get> and <get-config> will tend to be
unrestricted, as opposed to <edit-config> access.
Andy
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>