[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Isms] charter proposal

To: <j.schoenwaelder at iu-bremen.de>, <isms at ietf.org>
Subject: RE: [Isms] charter proposal
From: "David B Harrington" <ietfdbh at comcast.net>
Date: Tue, 2 Aug 2005 12:10:21 -0400
Cc:
In-reply-to: <20050802153325.GA6968@open-31-253.ietf63.ietf.org>
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
Reply-to: ietfdbh at comcast.net
Sender: isms-bounces at lists.ietf.org
Thread-index: AcWXd7tYtm1qLSXzQ8iOaD2Ts0kapwAAYM1A

Hi,

I think the ADs need to be updated. 

Suggested modifications:

"SSH is a widely deployed access protocol preferred by many operators
to manage network devices. In order to leverage the authentication
information already accessible on such devices, the ISMS working group
will define a new SNMP security model which utilizes the SSH protocol
to provide message security services for SNMP.

Work on new access control models or centralized administration of
View-based Access Control Model (VACM) rules and mappings is outside
the scope of the working group. Devices utilizing SSH often support
the integration of user authentication with AAA systems via protocols
such as RADIUS, which provide authorization information in the same
message exchange session. The TMSM document will describe how
authorization information accessible through a TMSM authentication
mechanism might be cached or otherwise captured so that it can later
be made available to the AC subsystem, but it is out of scope to
define how the AC system gets such information. If the SSH security
model provides a tie-in to a AAA system, it will be acceptable to
identify how the information can be cached within the constraints of
the TMSM model.

The solution must not modify any other aspects of SNMPv3 protocol as
defined in STD 62 (e.g., it must not create new PDU types). It should
also be compliant with the security model architectural block of
SNMPv3, as outlined in RFC 3411. Any architectural extensions required
to achieve the goals stated above should be defined in the TMSM
document in such a way
that additional transport mapping security models may be defined in
the future."


[I am concerned about having the RADIUS tie-in in this charter, but
the TMSM is basically extending the architecture of SNMPv3, and if the
security model will "trigger the AAA infrastrcuture for authorization
information", it really needs to be discussed within the context of
the TMSM document.]

David Harrington
dbharrington at comcast.net


> -----Original Message-----
> From: isms-bounces at lists.ietf.org 
> [mailto:isms-bounces at lists.ietf.org] On Behalf Of Juergen 
> Schoenwaelder
> Sent: Tuesday, August 02, 2005 11:33 AM
> To: isms at ietf.org
> Subject: [Isms] charter proposal
> 
> Hi.
> 
> Attached is a charter proposal for rechartering the ISMS WG based on
> the discussions during today's WG meeting. Lets bash it here on the
> list to converge it into a usable charter that helps us in getting
the
> work we agreed on today done.
> 
> /js
> 
> -- 
> Juergen Schoenwaelder		    International University Bremen
> <http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 
> 28725 Bremen, Germany
> 



_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

Prev by Date: Re: [Ecrit] Suggestion for "performance and reliability" section
Next by Date: RE: [Ecrit] Performance Requirement
Previous by thread: [Ecrit] Performance Requirement
Next by thread: [Ecrit] Recognition of emergency calls
Index(es):
- Date
- Thread