[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access control [was: action RPC I-D]

To: Andy Bierman <ietf@andybierman.com>, Balazs Lengyel <balazs.lengyel@ericsson.com>, Martin Bjorklund <mbj@tail-f.com>, netconf@ops.ietf.org
Subject: Re: Access control [was: action RPC I-D]
From: Andy Bierman <ietf@andybierman.com>
Date: Thu, 02 Nov 2006 08:52:11 -0800
In-reply-to: <20061102162543.GA27451@boskop.local>
References: <C1555612.21B37%sberl@cisco.com> <45300CC0.60203@andybierman.com> <4533466E.9080103@ericsson.com> <20061016.125830.90119364.mbj@tail-f.com> <45338A0B.8020306@andybierman.com> <45421D60.2080909@ericsson.com> <454227B7.8060801@andybierman.com> <4549CF2E.6000308@ericsson.com> <454A1199.5090008@andybierman.com> <20061102162543.GA27451@boskop.local>
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

Juergen Schoenwaelder wrote:

On Thu, Nov 02, 2006 at 07:41:13AM -0800, Andy Bierman wrote:

There are 4 components to implementing an isAccessAllowed internal API:

  - maximum access that makes protocol sense
    - SNMP uses read-create to identify table rows that the NMS
      and agent can create, and read-write to identify scalars and
      table rows that only the agent can create.

  - access requested in the PDU

  - identity or the requester (e.g., user name, group name)

  - maximum access allowed for the requester (configured on the agent)


The maximum access that makes protocol sense is IMHO not an input to
isAccessAllowed - there is no runtime decision to make. The maximum
access that makes protocol sense is input for the tools that drive
your implementation; there simply is no write method to call for
read-only objects. In the SNMP processing, you return an error before
you ever get to the isAccessAllowed() function if I remember things
well.


The maxAccess check could also be part of validation phase at runtime.
The implementation aspects are not really important here.

In a real data model, there are going to be
 - nodes that should be there every time (e.g., <interfaces> container)
 - nodes that the agent is only allowed to create, but may not be present
 - nodes that both the agent and NMS are allowed to create
 - nodes that only the NMS will create (based on desired feature config)

Perhaps new <appInfo> mechanisms will be needed, totally unrelated
to the way SMIv2 handles this issue.

IMO, distinguishing between editing existing instances and creating
new instances is useful, but probably not important.

/js


Andy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Access control [was: action RPC I-D]
  - From: "Randy Presuhn" <randy_presuhn@mindspring.com>

References:
- Re: action RPC I-D
  - From: "Steven Berl \(sberl\)" <sberl@cisco.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Martin Bjorklund <mbj@tail-f.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Access control [was: action RPC I-D]
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: Access control [was: action RPC I-D]
  - From: Andy Bierman <ietf@andybierman.com>
- Re: Access control [was: action RPC I-D]
  - From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>

Prev by Date: Re: Access control [was: action RPC I-D]
Next by Date: NETCONF Notifications Issues List
Previous by thread: Re: Access control [was: action RPC I-D]
Next by thread: Re: Access control [was: action RPC I-D]
Index(es):
- Date
- Thread