[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access control [was: action RPC I-D]

To: <netconf@ops.ietf.org>
Subject: Re: Access control [was: action RPC I-D]
From: "Randy Presuhn" <randy_presuhn@mindspring.com>
Date: Thu, 2 Nov 2006 10:13:05 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=HMFo1lJJTB5GuhgSjTphoNe6ziFmkPNiq34SlDA3NPelLycV97s57d5rjNNed73Y; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
References: <C1555612.21B37%sberl@cisco.com> <45300CC0.60203@andybierman.com> <4533466E.9080103@ericsson.com> <20061016.125830.90119364.mbj@tail-f.com> <45338A0B.8020306@andybierman.com> <45421D60.2080909@ericsson.com> <454227B7.8060801@andybierman.com> <4549CF2E.6000308@ericsson.com> <454A1199.5090008@andybierman.com> <20061102162543.GA27451@boskop.local> <454A223B.4080604@andybierman.com>

Hi -

> From: "Andy Bierman" <ietf@andybierman.com>
> To: "Andy Bierman" <ietf@andybierman.com>; "Balazs Lengyel" <balazs.lengyel@ericsson.com>; "Martin Bjorklund" <mbj@tail-f.com>;
<netconf@ops.ietf.org>
> Sent: Thursday, November 02, 2006 8:52 AM
> Subject: Re: Access control [was: action RPC I-D]
...
> > The maximum access that makes protocol sense is IMHO not an input to
> > isAccessAllowed - there is no runtime decision to make. The maximum
> > access that makes protocol sense is input for the tools that drive
> > your implementation; there simply is no write method to call for
> > read-only objects. In the SNMP processing, you return an error before
> > you ever get to the isAccessAllowed() function if I remember things
> > well.
>
> The maxAccess check could also be part of validation phase at runtime.
> The implementation aspects are not really important here.
...

If the order in which the checks are performed could affect what
error code is returned on the wire, then this *does* matter.

Randy



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- Re: action RPC I-D
  - From: "Steven Berl \(sberl\)" <sberl@cisco.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Martin Bjorklund <mbj@tail-f.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Re: action RPC I-D
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: action RPC I-D
  - From: Andy Bierman <ietf@andybierman.com>
- Access control [was: action RPC I-D]
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>
- Re: Access control [was: action RPC I-D]
  - From: Andy Bierman <ietf@andybierman.com>
- Re: Access control [was: action RPC I-D]
  - From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
- Re: Access control [was: action RPC I-D]
  - From: Andy Bierman <ietf@andybierman.com>

Prev by Date: NETCONF Notifications Issues List
Next by Date: Re: Access control [was: action RPC I-D]
Previous by thread: Re: Access control [was: action RPC I-D]
Next by thread: Re: action RPC I-D
Index(es):
- Date
- Thread