Re: [Netconf] notification access control

To: Randy Presuhn <randy_presuhn at mindspring.com>
Subject: Re: [Netconf] notification access control
From: Andy Bierman <andy at netconfcentral.com>
Date: Thu, 18 Jun 2009 10:11:30 -0700
Cc: NETCONF <netconf at ietf.org>
Delivered-to: netconf at core3.amsl.com
In-reply-to: <004001c9f036$40d57140$6801a8c0 at oemcomputer>
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
References: <200906171944.n5HJiBBo056500 at idle.juniper.net> <4A394F71.4090500 at netconfcentral.com> <001201c9ef9c$832a64a0$6801a8c0 at oemcomputer> <4A397C90.1050801 at netconfcentral.com> <000c01c9efaa$f6489340$6801a8c0 at oemcomputer> <4A398AAE.5000300 at netconfcentral.com> <000401c9efb0$9eb7d4a0$6801a8c0 at oemcomputer> <4A399C99.8060709 at netconfcentral.com> <000601c9efbf$53822580$6801a8c0 at oemcomputer> <4A39ADF9.4060006 at netconfcentral.com> <000401c9efc8$9dbbd480$6801a8c0 at oemcomputer> <4A3A2C5F.9030003 at netconfcentral.com> <004001c9f036$40d57140$6801a8c0 at oemcomputer>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

Randy Presuhn wrote:

Hi -

From: "Andy Bierman" <andy at netconfcentral.com>
To: "Randy Presuhn" <randy_presuhn at mindspring.com>
Cc: "NETCONF" <netconf at ietf.org>
Sent: Thursday, June 18, 2009 5:00 AM
Subject: Re: [Netconf] notification access control

...

Depending on the environment, the operator can configure
the ACM to do the right thing.


The point is this: configuring the ACM to "do the right thing"
would mean that notification payload redaction would not
happen, because the cases where redaction would occur
should have been precluded by access control to begin with.
Or is the idea that payload redaction would function
as a kind of "harm reduction" in cases where the security
administrator didn't set up notification access control correctly?


I don't agree with you that all-or-nothing is always the
best choice for delivering notifications.  It is up to the
operator to decide which data is sensitive.

The scenario you are describing is not well-suited to a
single monolithic agent at all.  Instead, each customer
should get their own virtual agent, and use some
sort of proprietary 'glue code' to let each virtual agent have
access to a subset of the real agent.

Randy


Andy

Follow-Ups:
- Re: [Netconf] notification access control
  - From: Randy Presuhn

References:
- Re: [Netconf] notification access control
  - From: Phil Shafer
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn

Prev by Date: Re: [Netconf] notification access control
Next by Date: [Netconf] SSH question
Previous by thread: Re: [Netconf] notification access control
Next by thread: Re: [Netconf] notification access control
Index(es):
- Date
- Thread

Re: [Netconf] notification access control

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.