[Netconf] notification access control

To: NETCONF <netconf at ietf.org>
Subject: [Netconf] notification access control
From: Andy Bierman <andy at netconfcentral.com>
Date: Wed, 17 Jun 2009 12:25:43 -0700
Delivered-to: netconf at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

Hi,

I know I keep complaining about the lack of a coherent
ACM in NETCONF, but the presumption of a completely
unspecified access control in this RFC is problematic.

3.2, para 4:

   After generation of the <notification> element, access control is
   applied by the server.  If a session does not have permission to
   receive the <notification>, then it is discarded for that session,
   and processing of the internal event is completed for that session.

Without any actual ACM, what does 'permission' really mean?

Why is there a presumption that data delivered to a session
via <get> should have a different ACM architecture than data
delivered to the exact same session via <notification>?

The RFC never says the agent MUST make an all-or-nothing
decision wrt/ granting permission to deliver the notification.
What if access control is enforced at a lower level,
in the XML generation, so no matter what RPC method is
trying to access /path/to/secret-password, they can't?

I will assume an implementation may silently prune
parts of the payload from the notification, due to access
control policy.  The notification MUST be dropped
if the <eventType> element would be filtered out,
in violation of the <notification> element schema.


Andy

Follow-Ups:
- Re: [Netconf] notification access control
  - From: WashamFan
- Re: [Netconf] notification access control
  - From: Phil Shafer

Prev by Date: Re: [Netconf] notification replay question
Next by Date: Re: [Netconf] notification access control
Previous by thread: [Netconf] notification replay question
Next by thread: Re: [Netconf] notification access control
Index(es):
- Date
- Thread

[Netconf] notification access control

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.