[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access control [was: action RPC I-D]

To: Balazs Lengyel <balazs.lengyel@ericsson.com>
Subject: Re: Access control [was: action RPC I-D]
From: Andy Bierman <ietf@andybierman.com>
Date: Thu, 02 Nov 2006 07:41:13 -0800
Cc: Martin Bjorklund <mbj@tail-f.com>, netconf@ops.ietf.org
In-reply-to: <4549CF2E.6000308@ericsson.com>
References: <C1555612.21B37%sberl@cisco.com> <45300CC0.60203@andybierman.com> <4533466E.9080103@ericsson.com> <20061016.125830.90119364.mbj@tail-f.com> <45338A0B.8020306@andybierman.com> <45421D60.2080909@ericsson.com> <454227B7.8060801@andybierman.com> <4549CF2E.6000308@ericsson.com>
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

Balazs Lengyel wrote:

Hello,
I feel that we should be careful not to make access control tocomplicated. While technically it is possible to design a good, finegrained access control model, I fear the user (operator) will havedifficulties understanding it.
I see that read/write (and possibly disturb traffic) are three easy tounderstand concepts that might be executed by different people in thenetwork operator's organization. On the other hand I don't see who wouldbe the operator who is allowed to modify a route(or a customer), but notto create a new one.
I agree that operationally separating delete, replace, etc. is a usefulnotion, but I don't see the need for the same with access control.


There are 4 components to implementing an isAccessAllowed internal API:

  - maximum access that makes protocol sense
    - SNMP uses read-create to identify table rows that the NMS
      and agent can create, and read-write to identify scalars and
      table rows that only the agent can create.

  - access requested in the PDU

  - identity or the requester (e.g., user name, group name)

  - maximum access allowed for the requester (configured on the agent)


If the granularity of the entire ACM is read or write, then how do
you identify (in the data model schema) which subtrees can be created
by any NMS?   Also, how do you tell the agent that the user is allowed
to create specific child nodes of <interface>, but not an <interface>
node itself?

Balazs


Andy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Access control [was: action RPC I-D]
  - From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>

References:
- Re: action RPC I-D
  - From: "Steven Berl \(sberl\)" <sberl@cisco.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Martin Bjorklund <mbj@tail-f.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Access control [was: action RPC I-D]
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>

Prev by Date: Re: Access control [was: action RPC I-D]
Next by Date: Re: Access control [was: action RPC I-D]
Previous by thread: Re: Access control
Next by thread: Re: Access control [was: action RPC I-D]
Index(es):
- Date
- Thread