Re: [Isms] securityName via securityLevel

To: Tom Petch <nwnetworks at dial.pipex.com>
Subject: Re: [Isms] securityName via securityLevel
From: Juergen Schoenwaelder <j.schoenwaelder at iu-bremen.de>
Date: Sun, 31 Jul 2005 18:04:52 +0200
Cc: isms at ietf.org
In-reply-to: <000d01c5940e$a46bac20$0601a8c0@pc6>
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
Mail-followup-to: Tom Petch <nwnetworks at dial.pipex.com>, isms at ietf.org
References: <20050728075007.GA731@boskop.local> <04af01c59393$c22afd40$0601a8c0@pc6> <20050728181956.GA648@boskop.local> <000d01c5940e$a46bac20$0601a8c0@pc6>
Reply-to: j.schoenwaelder at iu-bremen.de
Sender: isms-bounces at lists.ietf.org
User-agent: Mutt/1.5.9i

On Fri, Jul 29, 2005 at 09:23:10AM +0200, Tom Petch wrote:
> Juergen
> 
> I am confused.
> 
> Rereading my previous e-mail, I do mean what I said.  I believe I
> understand the difference between security level on the wire and
> authorisation/access control and use them in the same sense as 
> you.. I have read and still read your option d) as proposing that 
> securityLevel on the wire should be used to determine the group
> name and hence the access control in vacm.
> 
> So consider that option e) and please give me an alternative explanation for
> what you described as
> 
> "d) provide a wildcard mapping extension to VACM which can be exploited
>    to map                       all security name with the same
>    security level              and security  model together
>    into a vacm group      (works only on simple setups where
> 
>    you basically do not distinguish between different MIB views for
>    authenticated users - but perhaps this is a low hanging fruit that
>    covers most existing VACM configurations anyway)"
> 
> which I read as a proposal to map (one of three) security level into a
> (one of three) vacm group but which you say does not:-(

Sorry, I did not see the context of your statement. So yes, d == e
(and I am not sure this really is an option).

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

References:
- Re: [Isms] securityName
  - From: Juergen Schoenwaelder
- Re: [Isms] securityName via securityLevel
  - From: Tom Petch
- Re: [Isms] securityName via securityLevel
  - From: Juergen Schoenwaelder
- Re: [Isms] securityName via securityLevel
  - From: Tom Petch

Prev by Date: Re: [Isms] Agenda for ISMS at IETF-63 in Paris
Next by Date: Re: [Isms] Agenda for ISMS at IETF-63 in Paris
Previous by thread: Re: [Isms] securityName via securityLevel
Next by thread: Re: [Isms] securityName
Index(es):
- Date
- Thread

Re: [Isms] securityName via securityLevel

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.