Re: [Isms] comments on draft-nelson-isms-extended-vacm-00

To: "'Juergen Schoenwaelder'" <j.schoenwaelder at jacobs-university.de>, "'Dave Nelson'" <d.b.nelson at comcast.net>
Subject: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
From: "David Harrington" <ietfdbh at comcast.net>
Date: Mon, 27 Jul 2009 16:04:31 +0200
Cc: isms at ietf.org
Delivered-to: isms at core3.amsl.com
In-reply-to: <20090727133100.GA10978 at elstar.local>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <20090727072452.GA10456 at elstar.local><A1B512CB9018492C90EEDB94D8515C41 at NEWTON603><20090727123600.GA10809 at elstar.local><28B607CB37B04687A54A88B201043BFF at NEWTON603> <20090727133100.GA10978 at elstar.local>
Thread-index: AcoOvoHvx1AVHsFpQEe0T+sa5w98BQAAWIag

Hi,

This particular binding between the info delivered from RADIUS to VACM
uses the "other" path:
implementation-dependent magic happens! The RADIUS management
attributes are stored in an implementation-dependent manner.

The RADIUS management attributes are principal-specific.
The principal-specific attributes can be found using
securitymodel/securityname/securitylevel.
isAccessAllowed already supports these fields.

dbh

> -----Original Message-----
> From: isms-bounces at ietf.org [mailto:isms-bounces at ietf.org] On 
> Behalf Of Juergen Schoenwaelder
> Sent: Monday, July 27, 2009 3:31 PM
> To: Dave Nelson
> Cc: isms at ietf.org
> Subject: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
> 
> On Mon, Jul 27, 2009 at 02:54:27PM +0200, Dave Nelson wrote:
>  
> > The transport populates tmStateReference.  It's up to the 
> extended VACM code
> > to do something with that information, i.e., populate MIB tables.
> 
> Except that the ASIs do not pass the tmStateReference to VACM.
>  
> > My concern is related to attempting to use extended VACM, 
> and thus the
> > tmStateRefrence, in the absence of a RADIUS-aware secure 
> transport.  The
> > only input to the VACM's ASI that would indicate whether 
> there is or is not
> > a RADIUS-aware transport at work would be the Security 
> Model selector.  Do
> > you see another way to accomplish this?
> 
> /js
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> _______________________________________________
> Isms mailing list
> Isms at ietf.org
> https://www.ietf.org/mailman/listinfo/isms
>

Follow-Ups:
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: d . b . nelson

References:
- [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Juergen Schoenwaelder
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Dave Nelson
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Juergen Schoenwaelder
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Dave Nelson
- Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Next by Date: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Previous by thread: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Next by thread: Re: [Isms] comments on draft-nelson-isms-extended-vacm-00
Index(es):
- Date
- Thread

Re: [Isms] comments on draft-nelson-isms-extended-vacm-00

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.