[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OPS-AREA] Issue 1: should we have a securityboilerplateformanagement protocols and data models?
Hi -
> From: "David Harrington" <ietfdbh at comcast.net>
> To: "'Randy Presuhn'" <randy_presuhn at mindspring.com>; "'ops-area (IETF)'" <ops-area at ietf.org>
> Sent: Thursday, February 05, 2009 10:03 AM
> Subject: RE: [OPS-AREA] Issue 1: should we have a securityboilerplateformanagement protocols and data models?
...
> I think you may be reading more into "information element" than I am.
> In a management information system that uses verbs or RPCs, I consider
> those as information elements as well. Some verbs modify, some expose.
> Some RPCs modify, some expose. In a system that uses hierarchies of
> things, like MIBs and XML and UNIX filesystems, both leafs and
> subtrees can be information elements that can expose or possibly be
> modifed.
Consequently, until we know the granularity and orientation of the netconf
access control model, the boilerplate is premature. To be most useful,
it should make it abundantly clear to the document writer what bits
have to be filled in, and at what granularity.
> I do not think the whole IETF strategy for managing networks should be
> totally dependent on what Netconf and netmod decide to do about access
> control, anyway. There are quite a few different protocols in the IETF
> that address network management.
Agreed, and there seem to be more every week. Though
it would be nice for there to be a coherent architecture, I'm
afraid the horses have already left the barn. If a boilerplate
document like this is going to be truly useful, it needs appropriate
hooks corresponding to the knobs provided by the various
protocols' access control facilities.
Randy