[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access control [was: action RPC I-D]

To: Balazs Lengyel <balazs.lengyel@ericsson.com>
Subject: Re: Access control [was: action RPC I-D]
From: Andy Bierman <ietf@andybierman.com>
Date: Thu, 02 Nov 2006 06:43:33 -0800
Cc: Martin Bjorklund <mbj@tail-f.com>, netconf@ops.ietf.org
In-reply-to: <4549CF2E.6000308@ericsson.com>
References: <C1555612.21B37%sberl@cisco.com> <45300CC0.60203@andybierman.com> <4533466E.9080103@ericsson.com> <20061016.125830.90119364.mbj@tail-f.com> <45338A0B.8020306@andybierman.com> <45421D60.2080909@ericsson.com> <454227B7.8060801@andybierman.com> <4549CF2E.6000308@ericsson.com>
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

Balazs Lengyel wrote:

Hello,
I feel that we should be careful not to make access control tocomplicated. While technically it is possible to design a good, finegrained access control model, I fear the user (operator) will havedifficulties understanding it.
I see that read/write (and possibly disturb traffic) are three easy tounderstand concepts that might be executed by different people in thenetwork operator's organization. On the other hand I don't see who wouldbe the operator who is allowed to modify a route(or a customer), but notto create a new one.
I agree that operationally separating delete, replace, etc. is a usefulnotion, but I don't see the need for the same with access control.


I suggest that people implement NETCONF, and also implement
some kind of ACM, and prove to operators and the WG that the
design and feature set is necessary and sufficient.

Balazs


Andy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Access control [was: action RPC I-D]
  - From: Vincent Cridlig <vincent.cridlig@loria.fr>

References:
- Re: action RPC I-D
  - From: "Steven Berl \(sberl\)" <sberl@cisco.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Martin Bjorklund <mbj@tail-f.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Access control [was: action RPC I-D]
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>

Prev by Date: Access control [was: action RPC I-D]
Next by Date: Re: Access control [was: action RPC I-D]
Previous by thread: Access control [was: action RPC I-D]
Next by thread: Re: Access control [was: action RPC I-D]
Index(es):
- Date
- Thread