Re: action RPC I-D

[Martin Bjorklund <mbj@tail-f.com>]

Andy Bierman <ietf@andybierman.com> wrote:
> IMO, a clean access control model for NETCONF need to recognize
> the RPC model and the configuration datastore architecture.
> 
> First, there is the RPC method, defined by a QName.
> The user must have access to invoke the RPC method.
> 
> Completely independent of that is the data access control model
> applied to all configuration datastores.  The NETCONF operations
> are create, delete, merge, and replace.  For access control purposes,
> merge and replace operations are treated as a 'create' if the target
> data instance does not exist.
> 
> The granularity could be a coarse as read/write, but that would
> totally defeat the purpose of create and delete operations in
> the edit-config method.

Why?  The operation 'delete' is needed in order to be able to delete
stuff.  The access control can still be read/write - if you have write
access you're allowed to create/delete.

NOTE: I'm not saying that it *should* be just read / write, I'm just
questioning the logic in the argument.


/martin

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>