[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Access control

To: <netconf@ops.ietf.org>
Subject: RE: Access control
From: "David B Harrington" <dbharrington@comcast.net>
Date: Fri, 3 Nov 2006 12:03:28 -0500
In-reply-to: <454A451E.6080609@andybierman.com>

Hi,

In SNMP, the permissions are based on a tree of data; data tends to be
statically defined and low-level.

In netconf, the permissions will be based on RPC methods; RPC methods
are dynamic high-level sets of functionality. The functionality may
actually call other methods within the system, so "create vlan" may
actually also manipulate an interface. The VLAN methodas may be
defined as part of one capability, while the interface may be part of
another capability. 

Should the ACM assume that permission to "create vlan" implies
permission to "manipulate interface"?

Dbh



--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Access control
  - From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>

References:
- Re: Access control [was: action RPC I-D]
  - From: Andy Bierman <ietf@andybierman.com>

Prev by Date: Re: action RPC I-D
Next by Date: RE: NETCONF Notifications Issues List
Previous by thread: Re: Access control [was: action RPC I-D]
Next by thread: Re: Access control
Index(es):
- Date
- Thread