RE: [Isms] #1: is it important to support anonymous user accesstoSNMP?

["Fleischman, Eric" <eric.fleischman at boeing.com>]

This discussion appears to me to have been coupling authentication with
authorization. If we permit the authentication of an "anonymous" entity,
then the question of whether or not that entity is authorized to do
anything useful is a policy issue. I propose that we support a wide
variety of authentication alternatives and that those alternatives are
then mapped to various authorization results via locally defined
policies. Given this, one can bind SSH with the authentication identity
(which is what I interpret your email message as implying) but the
authorization that entity experiences is a function of the
locally-defined policies.

-----Original Message-----
From: Salowey, Joe [mailto:jsalowey at cisco.com] 
Sent: Friday, October 21, 2005 9:37 AM
To: ietfdbh at comcast.net; Blumenthal, Uri; isms at ietf.org
Subject: RE: [Isms] #1: is it important to support anonymous user
accesstoSNMP?


Since it seems like we are talking about unauthenticated access I see
this as more of an operational issue than something that would require
much, if any, protocol specification.  If unauthenticated access is
really required then operational conventions can be developed to support
this within the current authentication framework of SSH.  



_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms