[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Access control [was: action RPC I-D]
Balazs Lengyel wrote:
Hello,
I feel that we should be careful not to make access control to
complicated. While technically it is possible to design a good, fine
grained access control model, I fear the user (operator) will have
difficulties understanding it.
I see that read/write (and possibly disturb traffic) are three easy to
understand concepts that might be executed by different people in the
network operator's organization. On the other hand I don't see who would
be the operator who is allowed to modify a route(or a customer), but not
to create a new one.
I agree that operationally separating delete, replace, etc. is a useful
notion, but I don't see the need for the same with access control.
I suggest that people implement NETCONF, and also implement
some kind of ACM, and prove to operators and the WG that the
design and feature set is necessary and sufficient.
Balazs
Andy
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>