[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS

To: "'Dave Nelson'" <d.b.nelson at comcast.net>, "'Romascanu, Dan $Dan$'" <dromasca at avaya.com>, <ops-dir at ietf.org>, <aaa-doctors at ietf.org>, <mib-doctors at ietf.org>
Subject: Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
From: "David B Harrington" <dbharrington at comcast.net>
Date: Wed, 10 Jun 2009 08:43:10 -0400
Cc: 'Pasi Eronen' <pasi.eronen at nokia.com>
Delivered-to: mib-doctors at core3.amsl.com
In-reply-to: <4F478F94E9C24469AF59E4734E9F7E89 at NEWTON603>
List-archive: <http://www.ietf.org/mail-archive/web/mib-doctors>
List-help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-id: MIB Doctors list <mib-doctors.ietf.org>
List-post: <mailto:mib-doctors@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
References: <EDC652A26FB23C4EB6384A4584434A04017900B5 at 307622ANEX5.global.avaya.com> <019a01c9e93b$3bfcdf20$0600a8c0 at china.huawei.com> <2DFEB3A3F37D43C9B5337339B9535DF0 at NEWTON603> <01dd01c9e989$de473610$0600a8c0 at china.huawei.com> <4F478F94E9C24469AF59E4734E9F7E89 at NEWTON603>
Thread-index: Acno15ngbywwnJ8UQ7+4FDVMH9D+vgATmAWwAAMMVZAAEWu0gAAELMrgAA4CjOAAAS65wA==

Hi,

I separated my responses, since one is about charter text and the rest
is an architecture and design discussion.

> Pedantically, you're correct.  The RADIUS client provides the 
> VACM extension
> with a policy name that's bound to a username and the VACM 
> extension uses
> that information to populate the MIB table.

Yes. My point is that the charter does not say this. The text is
wrong.
The charter says 
    a RADIUS-provisioned
    username-to-groupname dynamic mapping, that would provide a
binding
    between a user and preconfigured VACM policies via dynamic
additions
    to the securityToGroupname table.
What it should say is what you said:
	a RADIUS-provisioned policy name bound to a username, which
the VACM 
	extension will use to dynamically populate the
securityToGroupname table.

This may seem pedantic to you, but it is more than that to me. It took
the SNMPv2/SNMPv3 community ten years, including some very acrimonious
times, to get an architecture we could agree to, that was flexible
enough to meet the demands of multiple segments of the community. If
we want to change the architecture, then we should do so deliberately,
not as a side-effect of sloppy design. 

I strongly object to a WG goal based on the current wording, because
it is counter to the intentions of the SNMPv3 WG, and is not
compatible with the RFC3411 architecture.

I strongly support a WG goal based on the corrected wording.

dbh

Follow-Ups:
- Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
  - From: Dave Nelson

References:
- [MIB-DOCTORS] FW: Recharter: ISMS
  - From: Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] FW: Recharter: ISMS
  - From: David B Harrington
- Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
  - From: Dave Nelson
- Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
  - From: David B Harrington
- Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
  - From: Dave Nelson

Prev by Date: Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
Next by Date: Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
Previous by thread: Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
Next by thread: Re: [MIB-DOCTORS] [OPS-DIR] FW: Recharter: ISMS
Index(es):
- Date
- Thread