Re: [Netconf] notification access control

To: Andy Bierman <andy at netconfcentral.com>
Subject: Re: [Netconf] notification access control
From: Phil Shafer <phil at juniper.net>
Date: Wed, 17 Jun 2009 15:44:11 -0400
Cc: NETCONF <netconf at ietf.org>
Delivered-to: netconf at core3.amsl.com
In-reply-to: <4A394337.6020004 at netconfcentral.com>
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>

Andy Bierman writes:
>3.2, para 4:
>    After generation of the <notification> element, access control is
>    applied by the server.  If a session does not have permission to
>    receive the <notification>, then it is discarded for that session,
>    and processing of the internal event is completed for that session.

>I will assume an implementation may silently prune
>parts of the payload from the notification, due to access
>control policy.  The notification MUST be dropped
>if the <eventType> element would be filtered out,
>in violation of the <notification> element schema.

Yes, let's add this as an issue list for a future -bis, since an
implementation should be able to prune inappropriate elements from
the notification.

Also we should repair the word "after" in the above text, since
there isn't any explicit to generate the <notification> element at
all if no one is permitted to receive the content.

Thanks,
 Phil

Follow-Ups:
- Re: [Netconf] notification access control
  - From: Andy Bierman

References:
- [Netconf] notification access control
  - From: Andy Bierman

Prev by Date: [Netconf] notification access control
Next by Date: Re: [Netconf] notification access control
Previous by thread: [Netconf] notification access control
Next by thread: Re: [Netconf] notification access control
Index(es):
- Date
- Thread

Re: [Netconf] notification access control

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.