Re: [Netconf] notification access control

[Andy Bierman <andy at netconfcentral.com>]

Randy Presuhn wrote:
> Hi -
>
> > From: "Andy Bierman" <andy at netconfcentral.com>
> > To: "Randy Presuhn" <randy_presuhn at mindspring.com>
> > Cc: "NETCONF" <netconf at ietf.org>
> > Sent: Thursday, June 18, 2009 10:11 AM
> > Subject: Re: [Netconf] notification access control
> ...
> > The scenario you are describing is not well-suited to a
> > single monolithic agent at all.
>
> I do have a strong bias against monolithic agents.
>
> I think they spell software configuration management
> disaster for complex or multi-vendor systems.  But
> the current IETF direction seems to be to not worry about
> those cases, and let them define their own solutions
> as the need arises.  I don't think that was a good choice,
> but this is not the place to re-hash old debates.
>
> >  Instead, each customer
> > should get their own virtual agent, and use some
> > sort of proprietary 'glue code' to let each virtual agent have
> > access to a subset of the real agent.
>
> "And then a miracle occurs."  :-)
>
> We have clearly different visions of how to make this stuff
> work, so I guess I'll just have to wait until we see how that
> glue code actually works.  But I am concerned that these
> decisions will inexorably paint the developers of the netconf
> ACM (or, more likely, ACMs) into a corner.

This is already being done with CLI, so I imagine
someday a NETCONF version might show up.

The problem with ACMs is that they are always too hard
to configure, so they don't get used. That's why I am
experimenting with 'schema content tagging'.
That way, with zero-config, the defaults do the right thing.
(e.g., tag the password leaf as 'very-secure' in the YANG file
with an extension, and the agent knows not to let it be
accessed at all by default (no ACL found)).

> Randy

Andy