idnits 2.17.1 draft-ietf-snmpsec-partyv2-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-24) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. ** Expected the document's filename to be given on the first page, but didn't find any == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Abstract section. ** The document seems to lack an Introduction section. (A line matching the expected section header was found, but with an unexpected indentation: ' 1. Introduction' ) ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** There are 114 instances of too long lines in the document, the longest one being 3 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 260 has weird spacing: '...address a.b.c...' == Line 1119 has weird spacing: '...ue. In parti...' == Line 1432 has weird spacing: '...w. The value...' == Couldn't figure out when the document was first submitted -- there may comments or warnings related to the use of a disclaimer for pre-RFC5378 work that could not be issued because of this. Please check the Legal Provisions document at https://trustee.ietf.org/license-info to determine if you need the pre-RFC5378 disclaimer. -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 1666 looks like a reference -- Missing reference section? '2' on line 1672 looks like a reference -- Missing reference section? '3' on line 1677 looks like a reference -- Missing reference section? '5' on line 1690 looks like a reference -- Missing reference section? '4' on line 1681 looks like a reference Summary: 14 errors (**), 0 flaws (~~), 5 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Draft Party MIB for SNMPv2 Jan 93 4 Party MIB 5 for version 2 of the 6 Simple Network Management Protocol (SNMPv2) 8 Tue Jan 26 15:33:46 1993 | 10 Keith McCloghrie 11 Hughes LAN Systems, Inc. 12 kzm@hls.com 14 James R. Davin 15 Bellcore 16 jrd@thumper.bellcore.com 18 James M. Galvin 19 Trusted Information Systems, Inc. 20 galvin@tis.com 22 Status of this Memo 24 This document is an Internet Draft. Internet Drafts are 25 working documents of the Internet Engineering Task Force 26 (IETF), its Areas, and its Working Groups. Note that other 27 groups may also distribute working documents as Internet 28 Drafts. 30 Internet Drafts are valid for a maximum of six months and may 31 be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet Drafts as reference 33 material or to cite them other than as a "work in progress". 35 Draft Party MIB for SNMPv2 Jan 93 37 1. Introduction 39 A network management system contains: several (potentially 40 many) nodes, each with a processing entity, termed an agent, 41 which has access to management instrumentation; at least one 42 management station; and, a management protocol, used to convey 43 management information between the agents and management 44 stations. Operations of the protocol are carried out under an 45 administrative framework which defines both authentication and 46 authorization policies. 48 Network management stations execute management applications 49 which monitor and control network elements. Network elements 50 are devices such as hosts, routers, terminal servers, etc., 51 which are monitored and controlled through access to their 52 management information. 54 Management information is viewed as a collection of managed 55 objects, residing in a virtual information store, termed the 56 Management Information Base (MIB). Collections of related 57 objects are defined in MIB modules. These modules are written 58 using a subset of OSI's Abstract Syntax Notation One (ASN.1) 59 [1], termed the Structure of Management Information (SMI) [2]. 61 The Administrative Model for SNMPv2 document [3] defines the 62 properties associated with SNMPv2 parties, SNMPv2 contexts, 63 and access control policies. It is the purpose of this 64 document, the Party MIB for SNMPv2, to define managed objects 65 which correspond to these properties. 67 1.1. A Note on Terminology 69 For the purpose of exposition, the original Internet-standard 70 Network Management Framework, as described in RFCs 1155, 1157, 71 and 1212, is termed the SNMP version 1 framework (SNMPv1). 72 The current framework is termed the SNMP version 2 framework 73 (SNMPv2). 75 Draft Party MIB for SNMPv2 Jan 93 77 2. Definitions 79 SNMPv2-PARTY-MIB DEFINITIONS ::= BEGIN 81 IMPORTS 82 MODULE-IDENTITY, OBJECT-TYPE, snmpModules, 83 UInteger32 84 FROM SNMPv2-SMI 85 TEXTUAL-CONVENTION, RowStatus, TruthValue 86 FROM SNMPv2-TC 87 MODULE-COMPLIANCE, OBJECT-GROUP 88 FROM SNMPv2-CONF; 90 partyMIB MODULE-IDENTITY 91 LAST-UPDATED "9301263233Z" | 92 ORGANIZATION "IETF SNMP Security Working Group" 93 CONTACT-INFO 94 " Keith McCloghrie 96 Postal: Hughes LAN Systems 97 Mountain View, CA 94043 98 US 100 Tel: +1 415 966 7934 101 Fax: +1 415 960 3738 103 E-mail: kzm@hls.com" 104 DESCRIPTION 105 "The MIB module describing SNMPv2 parties." 106 ::= { snmpModules 3 } 108 Draft Party MIB for SNMPv2 Jan 93 110 -- textual conventions 112 Party ::= TEXTUAL-CONVENTION 113 STATUS current 114 DESCRIPTION 115 "Denotes a SNMPv2 party identifier. 117 Note that agents may impose implementation 118 limitations on the length of OIDs used to identify 119 Parties. As such, management stations creating new 120 parties should be aware that using an excessively 121 long OID may result in the agent refusing to 122 perform the set operation and instead returning 123 the appropriate error response, e.g., noCreation." 124 SYNTAX OBJECT IDENTIFIER 126 TAddress ::= TEXTUAL-CONVENTION 127 STATUS current 128 DESCRIPTION 129 "Denotes a transport service address. 131 For snmpUDPDomain, a TAddress is 6 octets long, 132 the initial 4 octets containing the IP-address in 133 network-byte order and the last 2 containing the 134 UDP port in network-byte order. Consult [5] for 135 further information on snmpUDPDomain." 136 SYNTAX OCTET STRING 138 Draft Party MIB for SNMPv2 Jan 93 140 Clock ::= TEXTUAL-CONVENTION 141 STATUS current 142 DESCRIPTION 143 "A party's authentication clock - a non-negative 144 integer which is incremented as specified/allowed 145 by the party's Authentication Protocol. 147 For noAuth, a party's authentication clock is 148 unused and its value is undefined. 150 For v2md5AuthProtocol, a party's authentication 151 clock is a relative clock with 1-second 152 granularity." 153 SYNTAX UInteger32 155 Context ::= TEXTUAL-CONVENTION 156 STATUS current 157 DESCRIPTION 158 "Denotes a SNMPv2 context identifier. 160 Note that agents may impose implementation 161 limitations on the length of OIDs used to identify 162 Parties. As such, management stations creating new 163 parties should be aware that using an excessively 164 long OID may result in the agent refusing to 165 perform the set operation and instead returning 166 the appropriate error response, e.g., noCreation." 167 SYNTAX OBJECT IDENTIFIER 169 Draft Party MIB for SNMPv2 Jan 93 171 StorageType ::= TEXTUAL-CONVENTION 172 STATUS current 173 DESCRIPTION 174 "Describes the memory realization of a conceptual 175 row. A row which is volatile(2) is lost upon 176 reboot. A row which is nonVolatile(3) is backed 177 up by stable storage. A row which is permanent(4) 178 cannot be changed nor deleted." 179 SYNTAX INTEGER { 180 other(1), -- eh? 181 volatile(2), -- e.g., in RAM 182 nonVolatile(3), -- e.g., in NVRAM 183 permanent(4) -- e.g., in ROM 184 } 186 Draft Party MIB for SNMPv2 Jan 93 188 -- administrative assignments 190 partyAdmin OBJECT IDENTIFIER ::= { partyMIB 1 } 192 -- definitions of security protocols 194 partyProtocols OBJECT IDENTIFIER ::= { partyAdmin 1 } 196 -- the protocol without authentication 197 noAuth OBJECT IDENTIFIER ::= { partyProtocols 1 } 199 -- the protocol without privacy 200 noPriv OBJECT IDENTIFIER ::= { partyProtocols 2 } 202 -- the DES Privacy Protocol [4] 203 desPrivProtocol 204 OBJECT IDENTIFIER ::= { partyProtocols 3 } 206 -- the MD5 Authentication Protocol [4] 207 v2md5AuthProtocol 208 OBJECT IDENTIFIER ::= { partyProtocols 4 } 210 -- definitions of temporal domains 212 temporalDomains 213 OBJECT IDENTIFIER ::= { partyAdmin 2 } 215 -- this temporal domain refers to management information 216 -- at the current time 217 currentTime OBJECT IDENTIFIER ::= { temporalDomains 1 } 219 -- this temporal domain refers to management information 220 -- upon the next re-initialization of the managed device 221 restartTime OBJECT IDENTIFIER ::= { temporalDomains 2 } 223 -- the temporal domain { cacheTime N } refers to management 224 -- information that is cached and guaranteed to be at most 225 -- N seconds old 226 cacheTime OBJECT IDENTIFIER ::= { temporalDomains 3 } 227 Draft Party MIB for SNMPv2 Jan 93 229 -- Definition of Initial Party and Context Identifiers 231 -- When devices are installed, they need to be configured 232 -- with an initial set of SNMPv2 parties and contexts. The 233 -- configuration of SNMPv2 parties and contexts requires (among 234 -- other things) the assignment of several OBJECT IDENTIFIERs. 235 -- Any local network administration can obtain the delegated 236 -- authority necessary to assign its own OBJECT IDENTIFIERs. 237 -- However, to provide for those administrations who have not 238 -- obtained the necessary authority, this document allocates a 239 -- branch of the naming tree for use with the following 240 -- conventions. 242 initialPartyId OBJECT IDENTIFIER ::= { partyAdmin 3 } 244 initialContextId 245 OBJECT IDENTIFIER ::= { partyAdmin 4 } 247 -- Note these are identified as "initial" party and context 248 -- identifiers since these allow secure SNMPv2 communication 249 -- to proceed, thereby allowing further SNMPv2 parties to be 250 -- configured through use of the SNMPv2 itself. 252 -- The following definitions identify a party identifier, and 253 -- specify the initial values of various object instances 254 -- indexed by that identifier. In addition, the SNMPv2 255 -- context, access control policy, and MIB view information 256 -- assigned, by convention, are identified 257 Draft Party MIB for SNMPv2 Jan 93 259 -- Party Identifiers for use as initial SNMPv2 parties 260 -- at IP address a.b.c.d 262 -- Note that for all OBJECT IDENTIFIERs assigned under 263 -- initialPartyId, the four sub-identifiers immediately 264 -- following initialPartyId represent the four octets of 265 -- an IP address. Initial party identifiers for other address 266 -- families are assigned under a different OBJECT IDENTIFIER, 267 -- as defined elsewhere. 269 -- Devices which support SNMPv2 as entities acting in an 270 -- agent role, and accessed via the snmpUDPDomain transport 271 -- domain, are required to be configured with the appropriate 272 -- set of the following as implicit assignments as and when 273 -- they are configured with an IP address. The appropriate 274 -- set is all those applicable to the authentication and 275 -- privacy protocols supported by the device. 277 Draft Party MIB for SNMPv2 Jan 93 279 -- a noAuth/noPriv party which executes at the agent 280 -- partyIdentity = { initialPartyId a b c d 1 } 281 -- partyIndex = 1 282 -- partyTDomain = snmpUDPDomain 283 -- partyTAddress = a.b.c.d, 161 284 -- partyLocal = true (in agent's database) 285 -- partyAuthProtocol = noAuth 286 -- partyAuthClock = 0 287 -- partyAuthPrivate = ''H (the empty string) 288 -- partyAuthPublic = ''H (the empty string) 289 -- partyAuthLifetime = 0 290 -- partyPrivProtocol = noPriv 291 -- partyPrivPrivate = ''H (the empty string) 292 -- partyPrivPublic = ''H (the empty string) 294 -- a noAuth/noPriv party which executes at a manager 295 -- partyIdentity = { initialPartyId a b c d 2 } 296 -- partyIndex = 2 297 -- partyTDomain = snmpUDPDomain 298 -- partyTAddress = assigned by local administration 299 -- partyLocal = false (in agent's database) 300 -- partyAuthProtocol = noAuth 301 -- partyAuthClock = 0 302 -- partyAuthPrivate = ''H (the empty string) 303 -- partyAuthPublic = ''H (the empty string) 304 -- partyAuthLifetime = 0 305 -- partyPrivProtocol = noPriv 306 -- partyPrivPrivate = ''H (the empty string) 307 -- partyPrivPublic = ''H (the empty string) 308 Draft Party MIB for SNMPv2 Jan 93 310 -- a md5Auth/noPriv party which executes at the agent 311 -- partyIdentity = { initialPartyId a b c d 3 } 312 -- partyIndex = 3 313 -- partyTDomain = snmpUDPDomain 314 -- partyTAddress = a.b.c.d, 161 315 -- partyLocal = true (in agent's database) 316 -- partyAuthProtocol = v2md5AuthProtocol 317 -- partyAuthClock = 0 318 -- partyAuthPrivate = assigned by local administration 319 -- partyAuthPublic = ''H (the empty string) 320 -- partyAuthLifetime = 300 321 -- partyPrivProtocol = noPriv 322 -- partyPrivPrivate = ''H (the empty string) 323 -- partyPrivPublic = ''H (the empty string) 325 -- a md5Auth/noPriv party which executes at a manager 326 -- partyIdentity = { initialPartyId a b c d 4 } 327 -- partyIndex = 4 328 -- partyTDomain = snmpUDPDomain 329 -- partyTAddress = assigned by local administration 330 -- partyLocal = false (in agent's database) 331 -- partyAuthProtocol = v2md5AuthProtocol 332 -- partyAuthClock = 0 333 -- partyAuthPrivate = assigned by local administration 334 -- partyAuthPublic = ''H (the empty string) 335 -- partyAuthLifetime = 300 336 -- partyPrivProtocol = noPriv 337 -- partyPrivPrivate = ''H (the empty string) 338 -- partyPrivPublic = ''H (the empty string) 339 Draft Party MIB for SNMPv2 Jan 93 341 -- a md5Auth/desPriv party which executes at the agent 342 -- partyIdentity = { initialPartyId a b c d 5 } 343 -- partyIndex = 5 344 -- partyTDomain = snmpUDPDomain 345 -- partyTAddress = a.b.c.d, 161 346 -- partyLocal = true (in agent's database) 347 -- partyAuthProtocol = v2md5AuthProtocol 348 -- partyAuthClock = 0 349 -- partyAuthPrivate = assigned by local administration 350 -- partyAuthPublic = ''H (the empty string) 351 -- partyAuthLifetime = 300 352 -- partyPrivProtocol = desPrivProtocol 353 -- partyPrivPrivate = assigned by local administration 354 -- partyPrivPublic = ''H (the empty string) 356 -- a md5Auth/desPriv party which executes at a manager 357 -- partyIdentity = { initialPartyId a b c d 6 } 358 -- partyIndex = 6 359 -- partyTDomain = snmpUDPDomain 360 -- partyTAddress = assigned by local administration 361 -- partyLocal = false (in agent's database) 362 -- partyAuthProtocol = v2md5AuthProtocol 363 -- partyAuthClock = 0 364 -- partyAuthPrivate = assigned by local administration 365 -- partyAuthPublic = ''H (the empty string) 366 -- partyAuthLifetime = 300 367 -- partyPrivProtocol = desPrivProtocol 368 -- partyPrivPrivate = assigned by local administration 369 -- partyPrivPublic = ''H (the empty string) 370 Draft Party MIB for SNMPv2 Jan 93 372 -- the initial SNMPv2 contexts assigned, by convention, are: 374 -- contextIdentity = { initialContextId a b c d 1 } 375 -- contextIndex = 1 376 -- contextLocal = true (in agent's database) 377 -- contextViewIndex = 1 378 -- contextLocalEntity = ''H (the empty string) 379 -- contextLocalTime = currentTime 380 -- contextProxyDstParty = { 0 0 } 381 -- contextProxySrcParty = { 0 0 } 382 -- contextProxyContext = { 0 0 } 384 -- contextIdentity = { initialContextId a b c d 2 } 385 -- contextIndex = 2 386 -- contextLocal = true (in agent's database) 387 -- contextViewIndex = 2 388 -- contextLocalEntity = ''H (the empty string) 389 -- contextLocalTime = currentTime 390 -- contextProxyDstParty = { 0 0 } 391 -- contextProxySrcParty = { 0 0 } 392 -- contextProxyContext = { 0 0 } 393 Draft Party MIB for SNMPv2 Jan 93 395 -- The initial access control policy assigned, by 396 -- convention, is: 398 -- aclTarget = 1 399 -- aclSubject = 2 400 -- aclResources = 1 401 -- aclPrivileges = 35 (Get, Get-Next & Get-Bulk) 403 -- aclTarget = 2 404 -- aclSubject = 1 405 -- aclResources = 1 406 -- aclPrivileges = 132 (Response & SNMPv2-Trap) 408 -- aclTarget = 3 409 -- aclSubject = 4 410 -- aclResources = 2 411 -- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk) 413 -- aclTarget = 4 414 -- aclSubject = 3 415 -- aclResources = 2 416 -- aclPrivileges = 4 (Response) 418 -- aclTarget = 5 419 -- aclSubject = 6 420 -- aclResources = 2 421 -- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk) 423 -- aclTarget = 6 424 -- aclSubject = 5 425 -- aclResources = 2 426 -- aclPrivileges = 4 (Response) 428 -- Note that the initial context and access control | 429 -- information assigned above, by default, to the | 430 -- md5Auth/desPriv parties are identical to those assigned to | 431 -- the md5Auth/noPriv parties. However, each administration | 432 -- may choose to have different authorization policies, | 433 -- depending on whether privacy is used. | 434 Draft Party MIB for SNMPv2 Jan 93 436 -- The initial MIB views assigned, by convention, are: 438 -- viewIndex = 1 439 -- viewSubtree = system 440 -- viewMask = ''H 441 -- viewType = included 443 -- viewIndex = 1 444 -- viewSubtree = snmpStats 445 -- viewMask = ''H 446 -- viewType = included 448 -- viewIndex = 1 449 -- viewSubtree = snmpParties 450 -- viewMask = ''H 451 -- viewType = included 453 -- viewIndex = 2 454 -- viewSubtree = internet 455 -- viewMask = ''H 456 -- viewType = included 457 -- note that snmpV2 will be moved under internet later on... | 459 -- Note that full access to the partyTable, contextTable, + 460 -- aclTable, and viewTable gives a manager the ability to + 461 -- configure any parties with any/all capabilities (the + 462 -- equivalent of "root" access). A lesser manager can be + 463 -- given access only to the partyTable so that it can + 464 -- maintain its own parties, but not increase/decrease + 465 -- their capabilities. Such a lesser manager can also + 466 -- create new parties but they are of no use to it. + 467 Draft Party MIB for SNMPv2 Jan 93 469 -- object assignments 471 partyMIBObjects 472 OBJECT IDENTIFIER ::= { partyMIB 2 } 474 -- the SNMPv2 party database group 476 snmpParties OBJECT IDENTIFIER ::= { partyMIBObjects 1 } 478 partyTable OBJECT-TYPE 479 SYNTAX SEQUENCE OF PartyEntry 480 MAX-ACCESS not-accessible 481 STATUS current 482 DESCRIPTION 483 "The SNMPv2 Party database." 484 ::= { snmpParties 1 } 486 partyEntry OBJECT-TYPE 487 SYNTAX PartyEntry 488 MAX-ACCESS not-accessible 489 STATUS current 490 DESCRIPTION 491 "Locally held information about a particular 492 SNMPv2 party." 493 INDEX { IMPLIED partyIdentity } 494 ::= { partyTable 1 } 496 Draft Party MIB for SNMPv2 Jan 93 498 PartyEntry ::= 499 SEQUENCE { 500 partyIdentity Party, 501 partyIndex INTEGER, 502 partyTDomain OBJECT IDENTIFIER, 503 partyTAddress TAddress, 504 partyMaxMessageSize INTEGER, 505 partyLocal TruthValue, 506 partyAuthProtocol OBJECT IDENTIFIER, 507 partyAuthClock Clock, 508 partyAuthPrivate OCTET STRING, 509 partyAuthPublic OCTET STRING, 510 partyAuthLifetime INTEGER, 511 partyPrivProtocol OBJECT IDENTIFIER, 512 partyPrivPrivate OCTET STRING, 513 partyPrivPublic OCTET STRING, 514 partyCloneFrom Party, + 515 partyStorageType StorageType, 516 partyStatus RowStatus 517 } 519 partyIdentity OBJECT-TYPE 520 SYNTAX Party 521 MAX-ACCESS not-accessible 522 STATUS current 523 DESCRIPTION 524 "A party identifier uniquely identifying a 525 particular SNMPv2 party." 526 ::= { partyEntry 1 } 528 partyIndex OBJECT-TYPE 529 SYNTAX INTEGER (1..65535) 530 MAX-ACCESS read-only 531 STATUS current 532 DESCRIPTION 533 "A unique value for each SNMPv2 party. The value 534 for each SNMPv2 party must remain constant at 535 least from one re-initialization of the entity's 536 network management system to the next re- 537 initialization." 538 ::= { partyEntry 2 } 540 Draft Party MIB for SNMPv2 Jan 93 542 partyTDomain OBJECT-TYPE 543 SYNTAX OBJECT IDENTIFIER 544 MAX-ACCESS read-create 545 STATUS current 546 DESCRIPTION 547 "Indicates the kind of transport service by which 548 the party receives network management traffic." 549 DEFVAL { snmpUDPDomain } 550 ::= { partyEntry 3 } 552 partyTAddress OBJECT-TYPE 553 SYNTAX TAddress 554 MAX-ACCESS read-create 555 STATUS current 556 DESCRIPTION 557 "The transport service address by which the party 558 receives network management traffic, formatted 559 according to the corresponding value of 560 partyTDomain. For snmpUDPDomain, partyTAddress is 561 formatted as a 4-octet IP Address concatenated 562 with a 2-octet UDP port number." 563 DEFVAL { '000000000000'h } 564 ::= { partyEntry 4 } 566 partyMaxMessageSize OBJECT-TYPE 567 SYNTAX INTEGER (484..65507) 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "The maximum length in octets of a SNMPv2 message 572 which this party will accept. For parties which 573 execute at an agent, the agent initializes this 574 object to the maximum length supported by the 575 agent, and does not let the object be set to any 576 larger value. For parties which do not execute at 577 the agent, the agent must allow the manager to set 578 this object to any legal value, even if it is 579 larger than the agent can generate." 580 DEFVAL { 484 } 581 ::= { partyEntry 5 } 583 Draft Party MIB for SNMPv2 Jan 93 585 partyLocal OBJECT-TYPE 586 SYNTAX TruthValue 587 MAX-ACCESS read-create 588 STATUS current 589 DESCRIPTION 590 "An indication of whether this party executes at 591 this SNMPv2 entity. If this object has a value of 592 true(1), then the SNMPv2 entity will listen for 593 SNMPv2 messages on the partyTAddress associated 594 with this party. If this object has the value 595 false(2), then the SNMPv2 entity will not listen 596 for SNMPv2 messages on the partyTAddress 597 associated with this party." 598 DEFVAL { false } 599 ::= { partyEntry 6 } 601 partyAuthProtocol OBJECT-TYPE 602 SYNTAX OBJECT IDENTIFIER 603 MAX-ACCESS read-create 604 STATUS current 605 DESCRIPTION 606 "The authentication protocol by which all messages 607 generated by the party are authenticated as to 608 origin and integrity. The value noAuth signifies 609 that messages generated by the party are not | 610 authenticated. | 612 Once an instance of this object is created, its | 613 value can not be changed." | 614 DEFVAL { v2md5AuthProtocol } 615 ::= { partyEntry 7 } 617 Draft Party MIB for SNMPv2 Jan 93 619 partyAuthClock OBJECT-TYPE 620 SYNTAX Clock 621 MAX-ACCESS read-create 622 STATUS current 623 DESCRIPTION 624 "The authentication clock which represents the 625 local notion of the current time specific to the 626 party. This value must not be decremented unless 627 the party's private authentication key is changed 628 simultaneously." 629 DEFVAL { 0 } 630 ::= { partyEntry 8 } 632 Draft Party MIB for SNMPv2 Jan 93 634 partyAuthPrivate OBJECT-TYPE 635 SYNTAX OCTET STRING 636 -- for v2md5AuthProtocol: (SIZE (16)) 637 MAX-ACCESS read-create 638 STATUS current 639 DESCRIPTION 640 "An encoding of the party's private authentication 641 key which may be needed to support the 642 authentication protocol. Although the value of 643 this variable may be altered by a management 644 operation (e.g., a SNMPv2 Set-Request), its value 645 can never be retrieved by a management operation: 646 when read, the value of this variable is the zero 647 length OCTET STRING. 649 The private authentication key is NOT directly 650 represented by the value of this variable, but 651 rather it is represented according to an encoding. 652 This encoding is the bitwise exclusive-OR of the 653 old key with the new key, i.e., of the old private 654 authentication key (prior to the alteration) with 655 the new private authentication key (after the 656 alteration). Thus, when processing a received 657 protocol Set operation, the new private 658 authentication key is obtained from the value of 659 this variable as the result of a bitwise 660 exclusive-OR of the variable's value and the old 661 private authentication key. In calculating the 662 exclusive-OR, if the old key is shorter than the 663 new key, zero-valued padding is appended to the 664 old key. If no value for the old key exists, a 665 zero-length OCTET STRING is used in the 666 calculation." 667 DEFVAL { ''H } -- the empty string 668 ::= { partyEntry 9 } 670 Draft Party MIB for SNMPv2 Jan 93 672 partyAuthPublic OBJECT-TYPE 673 SYNTAX OCTET STRING 674 -- for v2md5AuthProtocol: (SIZE (0..16)) 675 MAX-ACCESS read-create 676 STATUS current 677 DESCRIPTION 678 "A publically-readable value for the party. 680 Depending on the party's authentication protocol, 681 this value may be needed to support the party's 682 authentication protocol. Alternatively, it may be 683 used by a manager during the procedure for 684 altering secret information about a party. (For 685 example, by altering the value of an instance of 686 this object in the same SNMPv2 Set-Request used to 687 update an instance of partyAuthPrivate, a 688 subsequent Get-Request can determine if the Set- 689 Request was successful in the event that no 690 response to the Set-Request is received, see [4].) 692 The length of the value is dependent on the 693 party's authentication protocol. If not used by 694 the authentication protocol, it is recommended 695 that agents support values of any length up to and 696 including the length of the corresponding 697 partyAuthPrivate object." 698 DEFVAL { ''H } -- the empty string 699 ::= { partyEntry 10 } 701 Draft Party MIB for SNMPv2 Jan 93 703 partyAuthLifetime OBJECT-TYPE 704 SYNTAX INTEGER (0..2147483647) 705 UNITS "seconds" 706 MAX-ACCESS read-create 707 STATUS current 708 DESCRIPTION 709 "The lifetime (in units of seconds) which 710 represents an administrative upper bound on 711 acceptable delivery delay for protocol messages | 712 generated by the party. | 714 Once an instance of this object is created, its | 715 value can not be changed." | 716 DEFVAL { 300 } 717 ::= { partyEntry 11 } 719 partyPrivProtocol OBJECT-TYPE 720 SYNTAX OBJECT IDENTIFIER 721 MAX-ACCESS read-create 722 STATUS current 723 DESCRIPTION 724 "The privacy protocol by which all protocol 725 messages received by the party are protected from 726 disclosure. The value noPriv signifies that | 727 messages received by the party are not protected. | 729 Once an instance of this object is created, its | 730 value can not be changed." | 731 DEFVAL { noPriv } 732 ::= { partyEntry 12 } 734 Draft Party MIB for SNMPv2 Jan 93 736 partyPrivPrivate OBJECT-TYPE 737 SYNTAX OCTET STRING 738 -- for desPrivProtocol: (SIZE (16)) 739 MAX-ACCESS read-create 740 STATUS current 741 DESCRIPTION 742 "An encoding of the party's private encryption key 743 which may be needed to support the privacy 744 protocol. Although the value of this variable may 745 be altered by a management operation (e.g., a 746 SNMPv2 Set-Request), its value can never be 747 retrieved by a management operation: when read, 748 the value of this variable is the zero length 749 OCTET STRING. 751 The private encryption key is NOT directly 752 represented by the value of this variable, but 753 rather it is represented according to an encoding. 754 This encoding is the bitwise exclusive-OR of the 755 old key with the new key, i.e., of the old private 756 encryption key (prior to the alteration) with the 757 new private encryption key (after the alteration). 758 Thus, when processing a received protocol Set 759 operation, the new private encryption key is 760 obtained from the value of this variable as the 761 result of a bitwise exclusive-OR of the variable's 762 value and the old private encryption key. In 763 calculating the exclusive-OR, if the old key is 764 shorter than the new key, zero-valued padding is 765 appended to the old key. If no value for the old 766 key exists, a zero-length OCTET STRING is used in 767 the calculation." 768 DEFVAL { ''H } -- the empty string 769 ::= { partyEntry 13 } 771 Draft Party MIB for SNMPv2 Jan 93 773 partyPrivPublic OBJECT-TYPE 774 SYNTAX OCTET STRING 775 -- for desPrivProtocol: (SIZE (0..16)) 776 MAX-ACCESS read-create 777 STATUS current 778 DESCRIPTION 779 "A publically-readable value for the party. 781 Depending on the party's privacy protocol, this 782 value may be needed to support the party's privacy 783 protocol. Alternatively, it may be used by a 784 manager as a part of its procedure for altering 785 secret information about a party. (For example, 786 by altering the value of an instance of this 787 object in the same SNMPv2 Set-Request used to 788 update an instance of partyPrivPrivate, a 789 subsequent Get-Request can determine if the Set- 790 Request was successful in the event that no 791 response to the Set-Request is received, see [4].) 793 The length of the value is dependent on the 794 party's privacy protocol. If not used by the 795 privacy protocol, it is recommended that agents 796 support values of any length up to and including 797 the length of the corresponding partyPrivPrivate 798 object." 799 DEFVAL { ''H } -- the empty string 800 ::= { partyEntry 14 } 802 Draft Party MIB for SNMPv2 Jan 93 804 partyCloneFrom OBJECT-TYPE + 805 SYNTAX Party + 806 MAX-ACCESS read-create + 807 STATUS current + 808 DESCRIPTION + 809 "The identity of a party to clone authentication + 810 and privacy parameters from. When read, the value + 811 { 0 0 } is returned. + 813 This value can only be written when the associated + 814 instance of partyStatus either does not exist or + 815 has the value `notReady'. When written, the value + 816 identifies a party, the cloning party, whose + 817 status column has the value `active'. The cloning + 818 party is used in two ways. + 820 One, if instances of the following objects do not + 821 exist for the party being created, then they are + 822 created with values identical to those of the + 823 corresponding objects for the cloning party: + 825 partyAuthProtocol + 826 partyAuthPublic + 827 partyAuthLifetime + 828 partyPrivProtocol + 829 partyPrivPublic + 831 Two, instances of the following objects are + 832 updated using the corresponding values of the + 833 cloning party: + 835 partyAuthPrivate + 836 partyPrivPrivate + 838 (e.g., the value of the cloning party's instance + 839 of the partyAuthPrivate object is XOR'd with the + 840 value of the partyAuthPrivate instances of the + 841 party being created.)" + 842 ::= { partyEntry 15 } + 844 Draft Party MIB for SNMPv2 Jan 93 846 partyStorageType OBJECT-TYPE 847 SYNTAX StorageType 848 MAX-ACCESS read-create 849 STATUS current 850 DESCRIPTION 851 "The storage type for this conceptual row in the 852 partyTable." 853 DEFVAL { nonVolatile } 854 ::= { partyEntry 16 } | 856 partyStatus OBJECT-TYPE 857 SYNTAX RowStatus 858 MAX-ACCESS read-create 859 STATUS current 860 DESCRIPTION 861 "The status of this conceptual row in the 862 partyTable. 864 A party is not qualified for activation until 865 instances of all columns of its partyEntry row 866 have an appropriate value. In particular: | 868 A value must be written to the Party's | 869 partyCloneFrom object. | 871 If the Party's partyAuthProtocol object has the | 872 value md5AuthProtocol, | 873 then the corresponding instance of 874 partyAuthPrivate must contain a secret of the | 875 appropriate length. Further, at least one | 876 management protocol set operation updating the | 877 value of the party's partyAuthPrivate object | 878 must be successfully processed, before the | 879 partyAuthPrivate column is considered | 880 appropriately configured. | 882 If the Party's partyPrivProtocol object has the | 883 value desPrivProtocol, | 884 then the corresponding instance of 885 partyPrivPrivate must contain a secret of the 886 appropriate length. Further, at least one + 887 management protocol set operation updating the + 888 value of the party's partyPrivPrivate object + 889 must be successfully processed, before the + 890 partyPrivPrivate column is considered + 892 Draft Party MIB for SNMPv2 Jan 93 894 appropriately configured. + 896 Until instances of all corresponding columns are 897 appropriately configured, the value of the 898 corresponding instance of the partyStatus column is 899 `notReady'." 900 ::= { partyEntry 17 } | 902 Draft Party MIB for SNMPv2 Jan 93 904 -- the SNMPv2 contexts database group 906 snmpContexts OBJECT IDENTIFIER ::= { partyMIBObjects 2 } 908 contextTable OBJECT-TYPE 909 SYNTAX SEQUENCE OF ContextEntry 910 MAX-ACCESS not-accessible 911 STATUS current 912 DESCRIPTION 913 "The SNMPv2 Context database." 914 ::= { snmpContexts 1 } 916 contextEntry OBJECT-TYPE 917 SYNTAX ContextEntry 918 MAX-ACCESS not-accessible 919 STATUS current 920 DESCRIPTION 921 "Locally held information about a particular 922 SNMPv2 context." 923 INDEX { IMPLIED contextIdentity } 924 ::= { contextTable 1 } 926 ContextEntry ::= 927 SEQUENCE { 928 contextIdentity Context, 929 contextIndex INTEGER, 930 contextLocal TruthValue, 931 contextViewIndex INTEGER, 932 contextLocalEntity OCTET STRING, 933 contextLocalTime OBJECT IDENTIFIER, 934 contextProxyDstParty Party, 935 contextProxySrcParty Party, 936 contextProxyContext OBJECT IDENTIFIER, 937 contextStorageType StorageType, 938 contextStatus RowStatus 939 } 941 Draft Party MIB for SNMPv2 Jan 93 943 contextIdentity OBJECT-TYPE 944 SYNTAX Context 945 MAX-ACCESS not-accessible 946 STATUS current 947 DESCRIPTION 948 "A context identifier uniquely identifying a 949 particular SNMPv2 context." 950 ::= { contextEntry 1 } 952 contextIndex OBJECT-TYPE 953 SYNTAX INTEGER (1..65535) 954 MAX-ACCESS read-only 955 STATUS current 956 DESCRIPTION 957 "A unique value for each SNMPv2 context. The 958 value for each SNMPv2 context must remain constant 959 at least from one re-initialization of the 960 entity's network management system to the next 961 re-initialization." 962 ::= { contextEntry 2 } 964 contextLocal OBJECT-TYPE 965 SYNTAX TruthValue 966 MAX-ACCESS read-create 967 STATUS current 968 DESCRIPTION 969 "An indication of whether this context is realized 970 by this SNMPv2 entity." 971 DEFVAL { true } 972 ::= { contextEntry 3 } 974 Draft Party MIB for SNMPv2 Jan 93 976 contextViewIndex OBJECT-TYPE 977 SYNTAX INTEGER (0..65535) 978 MAX-ACCESS read-create 979 STATUS current 980 DESCRIPTION 981 "If the value of an instance of this object is 982 zero, then this corresponding conceptual row in 983 the contextTable refers to a SNMPv2 context which 984 identifies a proxy relationship; the values of the 985 corresponding instances of the 986 contextProxyDstParty, contextProxySrcParty, and 987 contextProxyContext objects provide further 988 information on the proxy relationship. 990 Otherwise, if the value of an instance of this 991 object is greater than zero, then this 992 corresponding conceptual row in the contextTable 993 refers to a SNMPv2 context which identifies a MIB 994 view of a locally accessible entity; the value of 995 the instance identifies the particular MIB view 996 which has the same value of viewIndex; and the 997 value of the corresponding instances of the 998 contextLocalEntity and contextLocalTime objects 999 provide further information on the local entity 1000 and its temporal domain." 1001 ::= { contextEntry 4 } 1003 Draft Party MIB for SNMPv2 Jan 93 1005 contextLocalEntity OBJECT-TYPE 1006 SYNTAX OCTET STRING 1007 MAX-ACCESS read-create 1008 STATUS current 1009 DESCRIPTION 1010 "If the value of the corresponding instance of the 1011 contextViewIndex is greater than zero, then the 1012 value of an instance of this object identifies the 1013 local entity whose management information is in 1014 the SNMPv2 context's MIB view. The empty string 1015 indicates that the MIB view contains the SNMPv2 1016 entity's own local management information; 1017 otherwise, a non-empty string indicates that the 1018 MIB view contains management information of some 1019 other local entity, e.g., 'Repeater1'." 1020 DEFVAL { ''H } -- the empty string 1021 ::= { contextEntry 5 } 1023 contextLocalTime OBJECT-TYPE 1024 SYNTAX OBJECT IDENTIFIER 1025 MAX-ACCESS read-create 1026 STATUS current 1027 DESCRIPTION 1028 "If the value of the corresponding instance of the 1029 contextViewIndex is greater than zero, then the 1030 value of an instance of this object identifies the 1031 temporal context of the management information in 1032 the MIB view." 1033 DEFVAL { currentTime } 1034 ::= { contextEntry 6 } 1036 Draft Party MIB for SNMPv2 Jan 93 1038 contextProxyDstParty OBJECT-TYPE 1039 SYNTAX Party 1040 MAX-ACCESS read-create 1041 STATUS current 1042 DESCRIPTION 1043 "If the value of the corresponding instance of the 1044 contextViewIndex is equal to zero, then the value 1045 of an instance of this object identifies a SNMPv2 1046 party which is the proxy destination of a proxy 1047 relationship. 1049 If the value of the corresponding instance of the 1050 contextViewIndex is greater than zero, then the 1051 value of an instance of this object is zero." 1052 ::= { contextEntry 7 } 1054 contextProxySrcParty OBJECT-TYPE 1055 SYNTAX Party 1056 MAX-ACCESS read-create 1057 STATUS current 1058 DESCRIPTION 1059 "If the value of the corresponding instance of the 1060 contextViewIndex is equal to zero, then the value 1061 of an instance of this object identifies a SNMPv2 1062 party which is the proxy source of a proxy 1063 relationship. 1065 Interpretation of an instance of this object 1066 depends upon the value of the transport domain 1067 associated with the SNMPv2 party used as the proxy 1068 destination in this proxy relationship. 1070 If the value of the corresponding instance of the 1071 contextViewIndex is greater than zero, then the 1072 value of an instance of this object is zero." 1073 ::= { contextEntry 8 } 1075 Draft Party MIB for SNMPv2 Jan 93 1077 contextProxyContext OBJECT-TYPE 1078 SYNTAX OBJECT IDENTIFIER 1079 MAX-ACCESS read-create 1080 STATUS current 1081 DESCRIPTION 1082 "If the value of the corresponding instance of the 1083 contextViewIndex is equal to zero, then the value 1084 of an instance of this object identifies the 1085 context of a proxy relationship. 1087 Interpretation of an instance of this object 1088 depends upon the value of the transport domain 1089 associated with the SNMPv2 party used as the proxy 1090 destination in this proxy relationship. 1092 If the value of the corresponding instance of the 1093 contextViewIndex is greater than zero, then the 1094 value of an instance of this object is { 0 0 }." 1095 ::= { contextEntry 9 } 1097 contextStorageType OBJECT-TYPE 1098 SYNTAX StorageType 1099 MAX-ACCESS read-create 1100 STATUS current 1101 DESCRIPTION 1102 "The storage type for this conceptual row in the 1103 contextTable." 1104 DEFVAL { nonVolatile } 1105 ::= { contextEntry 10 } 1107 Draft Party MIB for SNMPv2 Jan 93 1109 contextStatus OBJECT-TYPE 1110 SYNTAX RowStatus 1111 MAX-ACCESS read-create 1112 STATUS current 1113 DESCRIPTION 1114 "The status of this conceptual row in the 1115 contextTable. 1117 A context is not qualified for activation until 1118 instances of all corresponding columns have the 1119 appropriate value. In particular, if the 1120 context's contextViewIndex is greater than zero, 1121 then the viewStatus column of the associated 1122 conceptual row(s) in the viewTable must have the 1123 value `active'. Until instances of all 1124 corresponding columns are appropriately 1125 configured, the value of the corresponding 1126 instance of the contextStatus column is 1127 `notReady'." 1128 ::= { contextEntry 11 } 1130 Draft Party MIB for SNMPv2 Jan 93 1132 -- the SNMPv2 access privileges database group 1134 snmpAccess OBJECT IDENTIFIER ::= { partyMIBObjects 3 } 1136 aclTable OBJECT-TYPE 1137 SYNTAX SEQUENCE OF AclEntry 1138 MAX-ACCESS not-accessible 1139 STATUS current 1140 DESCRIPTION 1141 "The access privileges database." 1142 ::= { snmpAccess 1 } 1144 aclEntry OBJECT-TYPE 1145 SYNTAX AclEntry 1146 MAX-ACCESS not-accessible 1147 STATUS current 1148 DESCRIPTION 1149 "The access privileges for a particular subject 1150 SNMPv2 party when asking a particular target 1151 SNMPv2 party to access a particular SNMPv2 1152 context." 1153 INDEX { aclTarget, aclSubject, aclResources } 1154 ::= { aclTable 1 } 1156 AclEntry ::= 1157 SEQUENCE { 1158 aclTarget INTEGER, 1159 aclSubject INTEGER, 1160 aclResources INTEGER, 1161 aclPrivileges INTEGER, 1162 aclStorageType StorageType, 1163 aclStatus RowStatus 1164 } 1166 Draft Party MIB for SNMPv2 Jan 93 1168 aclTarget OBJECT-TYPE 1169 SYNTAX INTEGER (1..65535) 1170 MAX-ACCESS not-accessible 1171 STATUS current 1172 DESCRIPTION 1173 "The value of an instance of this object 1174 identifies a SNMPv2 party which is the target of 1175 an access control policy, and has the same value 1176 as the instance of the partyIndex object for that 1177 party." 1178 ::= { aclEntry 1 } 1180 aclSubject OBJECT-TYPE 1181 SYNTAX INTEGER (1..65535) 1182 MAX-ACCESS not-accessible 1183 STATUS current 1184 DESCRIPTION 1185 "The value of an instance of this object 1186 identifies a SNMPv2 party which is the subject of 1187 an access control policy, and has the same value 1188 as the instance of the partyIndex object for that 1189 SNMPv2 party." 1190 ::= { aclEntry 2 } 1192 aclResources OBJECT-TYPE 1193 SYNTAX INTEGER (1..65535) 1194 MAX-ACCESS not-accessible 1195 STATUS current 1196 DESCRIPTION 1197 "The value of an instance of this object 1198 identifies a SNMPv2 context in an access control 1199 policy, and has the same value as the instance of 1200 the contextIndex object for that SNMPv2 context." 1201 ::= { aclEntry 3 } 1203 Draft Party MIB for SNMPv2 Jan 93 1205 aclPrivileges OBJECT-TYPE 1206 SYNTAX INTEGER (0..255) 1207 MAX-ACCESS read-create 1208 STATUS current 1209 DESCRIPTION 1210 "The access privileges which govern what 1211 management operations a particular target party 1212 may perform with respect to a particular SNMPv2 1213 context when requested by a particular subject 1214 party. These privileges are specified as a sum of 1215 values, where each value specifies a SNMPv2 PDU 1216 type by which the subject party may request a 1217 permitted operation. The value for a particular 1218 PDU type is computed as 2 raised to the value of 1219 the ASN.1 context-specific tag for the appropriate 1220 SNMPv2 PDU type. The values (for the tags defined 1221 in [5]) are defined in [3] as: 1223 Get : 1 1224 GetNext : 2 1225 Response : 4 1226 Set : 8 1227 unused : 16 1228 GetBulk : 32 1229 Inform : 64 1230 SNMPv2-Trap : 128 1232 The null set is represented by the value zero." 1233 DEFVAL { 35 } -- Get, Get-Next & Get-Bulk 1234 ::= { aclEntry 4 } 1236 aclStorageType OBJECT-TYPE 1237 SYNTAX StorageType 1238 MAX-ACCESS read-create 1239 STATUS current 1240 DESCRIPTION 1241 "The storage type for this conceptual row in the 1242 aclTable." 1243 DEFVAL { nonVolatile } 1244 ::= { aclEntry 5 } 1246 Draft Party MIB for SNMPv2 Jan 93 1248 aclStatus OBJECT-TYPE 1249 SYNTAX RowStatus 1250 MAX-ACCESS read-create 1251 STATUS current 1252 DESCRIPTION 1253 "The status of this conceptual row in the 1254 aclTable." 1255 ::= { aclEntry 6 } 1257 Draft Party MIB for SNMPv2 Jan 93 1259 -- the MIB view database group 1261 snmpViews OBJECT IDENTIFIER ::= { partyMIBObjects 4 } 1263 viewTable OBJECT-TYPE 1264 SYNTAX SEQUENCE OF ViewEntry 1265 MAX-ACCESS not-accessible 1266 STATUS current 1267 DESCRIPTION 1268 "Locally held information about the MIB views 1269 known to this SNMPv2 entity. 1271 Each SNMPv2 context which is locally accessible 1272 has a single MIB view which is defined by two 1273 collections of view subtrees: the included view 1274 subtrees, and the excluded view subtrees. Every 1275 such subtree, both included and excluded, is 1276 defined in this table. 1278 To determine if a particular object instance is in 1279 a particular MIB view, compare the object 1280 instance's OBJECT IDENTIFIER with each of the MIB 1281 view's entries in this table. If none match, then 1282 the object instance is not in the MIB view. If 1283 one or more match, then the object instance is 1284 included in, or excluded from, the MIB view 1285 according to the value of viewType in the entry 1286 whose value of viewSubtree has the most sub- 1287 identifiers. If multiple entries match and have 1288 the same number of sub-identifiers, then the 1289 lexicographically greatest instance of viewType 1290 determines the inclusion or exclusion. 1292 An object instance's OBJECT IDENTIFIER X matches 1293 an entry in this table when the number of sub- 1294 identifiers in X is at least as many as in the 1295 value of viewSubtree for the entry, and each sub- 1296 identifier in the value of viewSubtree matches its 1297 corresponding sub-identifier in X. Two sub- 1298 identifiers match either if the corresponding bit 1299 of viewMask is zero (the 'wild card' value), or if 1300 they are equal. 1302 Due to this 'wild card' capability, we introduce 1304 Draft Party MIB for SNMPv2 Jan 93 1306 the term, a 'family' of view subtrees, to refer to 1307 the set of subtrees defined by a particular 1308 combination of values of viewSubtree and viewMask. 1309 In the case where no 'wild card' is defined in 1310 viewMask, the family of view subtrees reduces to a 1311 single view subtree." 1312 ::= { snmpViews 1 } 1314 viewEntry OBJECT-TYPE 1315 SYNTAX ViewEntry 1316 MAX-ACCESS not-accessible 1317 STATUS current 1318 DESCRIPTION 1319 "Information on a particular family of view 1320 subtrees included in or excluded from a particular | 1321 SNMPv2 context's MIB view. | 1323 Implementations must not restrict the number of | 1324 families of view subtrees for a given MIB view, | 1325 except as dictated by resource constraints on the | 1326 overall number of entries in the viewTable." | 1327 INDEX { viewIndex, IMPLIED viewSubtree } 1328 ::= { viewTable 1 } 1330 ViewEntry ::= 1331 SEQUENCE { 1332 viewIndex INTEGER, 1333 viewSubtree OBJECT IDENTIFIER, 1334 viewMask OCTET STRING, 1335 viewType INTEGER, 1336 viewStorageType StorageType, 1337 viewStatus RowStatus 1338 } 1340 Draft Party MIB for SNMPv2 Jan 93 1342 viewIndex OBJECT-TYPE 1343 SYNTAX INTEGER (1..65535) 1344 MAX-ACCESS not-accessible 1345 STATUS current 1346 DESCRIPTION 1347 "A unique value for each MIB view. The value for 1348 each MIB view must remain constant at least from 1349 one re-initialization of the entity's network 1350 management system to the next re-initialization." 1351 ::= { viewEntry 1 } 1353 viewSubtree OBJECT-TYPE 1354 SYNTAX OBJECT IDENTIFIER 1355 MAX-ACCESS not-accessible 1356 STATUS current 1357 DESCRIPTION 1358 "A MIB subtree." 1359 ::= { viewEntry 2 } 1361 viewMask OBJECT-TYPE 1362 SYNTAX OCTET STRING (SIZE (0..16)) 1363 MAX-ACCESS read-create 1364 STATUS current 1365 DESCRIPTION 1366 "The bit mask which, in combination with the 1367 corresponding instance of viewSubtree, defines a 1368 family of view subtrees. 1370 Each bit of this bit mask corresponds to a sub- 1371 identifier of viewSubtree, with the most 1372 significant bit of the i-th octet of this octet 1373 string value (extended if necessary, see below) 1374 corresponding to the (8*i - 7)-th sub-identifier, 1375 and the least significant bit of the i-th octet of 1376 this octet string corresponding to the (8*i)-th 1377 sub-identifier, where i is in the range 1 through 1378 16. 1380 Each bit of this bit mask specifies whether or not 1381 the corresponding sub-identifiers must match when 1382 determining if an OBJECT IDENTIFIER is in this 1383 family of view subtrees; a '1' indicates that an 1384 exact match must occur; a '0' indicates 'wild 1385 card', i.e., any sub-identifier value matches. 1387 Draft Party MIB for SNMPv2 Jan 93 1389 Thus, the OBJECT IDENTIFIER X of an object 1390 instance is contained in a family of view subtrees 1391 if the following criteria are met: 1393 for each sub-identifier of the value of 1394 viewSubtree, either: 1396 the i-th bit of viewMask is 0, or 1398 the i-th sub-identifier of X is equal to 1399 the i-th sub-identifier of the value of 1400 viewSubtree. 1402 If the value of this bit mask is M bits long and 1403 there are more than M sub-identifiers in the 1404 corresponding instance of viewSubtree, then the 1405 bit mask is extended with 1's to be the required 1406 length. 1408 Note that when the value of this object is the 1409 zero-length string, this extension rule results in 1410 a mask of all-1's being used (i.e., no 'wild 1411 card'), and the family of view subtrees is the one 1412 view subtree uniquely identified by the 1413 corresponding instance of viewSubtree." 1414 DEFVAL { ''H } 1415 ::= { viewEntry 3 } 1417 Draft Party MIB for SNMPv2 Jan 93 1419 viewType OBJECT-TYPE 1420 SYNTAX INTEGER { 1421 included(1), 1422 excluded(2) 1423 } 1424 MAX-ACCESS read-create 1425 STATUS current 1426 DESCRIPTION 1427 "The status of a particular family of view 1428 subtrees within the particular SNMPv2 context's 1429 MIB view. The value 'included(1)' indicates that 1430 the corresponding instances of viewSubtree and 1431 viewMask define a family of view subtrees included 1432 in the MIB view. The value 'excluded(2)' 1433 indicates that the corresponding instances of 1434 viewSubtree and viewMask define a family of view 1435 subtrees excluded from the MIB view." 1436 DEFVAL { included } 1437 ::= { viewEntry 4 } 1439 viewStorageType OBJECT-TYPE 1440 SYNTAX StorageType 1441 MAX-ACCESS read-create 1442 STATUS current 1443 DESCRIPTION 1444 "The storage type for this conceptual row in the 1445 viewTable." 1446 DEFVAL { nonVolatile } 1447 ::= { viewEntry 5 } 1449 viewStatus OBJECT-TYPE 1450 SYNTAX RowStatus 1451 MAX-ACCESS read-create 1452 STATUS current 1453 DESCRIPTION 1454 "The status of this conceptual row in the 1455 viewTable." 1456 ::= { viewEntry 6 } 1458 Draft Party MIB for SNMPv2 Jan 93 1460 familyTable OBJECT-TYPE 1461 SYNTAX SEQUENCE OF FamilyEntry 1462 MAX-ACCESS not-accessible 1463 STATUS current 1464 DESCRIPTION 1465 "Locally held information about a family of view 1466 subtrees." 1467 ::= { snmpViews 2 } 1469 familyEntry OBJECT-TYPE 1470 SYNTAX FamilyEntry 1471 MAX-ACCESS not-accessible 1472 STATUS current 1473 DESCRIPTION 1474 "Information on a particular family of view 1475 subtrees." 1476 INDEX { familyIndex } 1477 ::= { familyTable 1 } 1479 FamilyEntry ::= 1480 SEQUENCE { 1481 familyIndex INTEGER, 1482 familySubtree OBJECT IDENTIFIER, 1483 familyMask OCTET STRING, 1484 familyStorageType StorageType, 1485 familyStatus RowStatus 1486 } 1488 familyIndex OBJECT-TYPE 1489 SYNTAX INTEGER (1..65535) 1490 MAX-ACCESS not-accessible 1491 STATUS current 1492 DESCRIPTION 1493 "A unique value for each family of view subtrees. 1494 The value for each family of view subtrees must 1495 remain constant at least from one re- 1496 initialization of the entity's network management 1497 system to the next re-initialization." 1498 ::= { familyEntry 1 } 1500 Draft Party MIB for SNMPv2 Jan 93 1502 familySubtree OBJECT-TYPE 1503 SYNTAX OBJECT IDENTIFIER 1504 MAX-ACCESS read-create 1505 STATUS current 1506 DESCRIPTION 1507 "An object identifier which, in combination with 1508 the corrsponding instance of familyMask, defines a 1509 family of view subtrees." 1510 ::= { familyEntry 2 } 1512 familyMask OBJECT-TYPE 1513 SYNTAX OCTET STRING (SIZE (0..16)) 1514 MAX-ACCESS read-create 1515 STATUS current 1516 DESCRIPTION 1517 "The bit mask which, in combination with the 1518 corresponding instance of familySubtree, defines a 1519 family of view subtrees." 1520 DEFVAL { ''H } 1521 ::= { familyEntry 3 } 1523 familyStorageType OBJECT-TYPE 1524 SYNTAX StorageType 1525 MAX-ACCESS read-create 1526 STATUS current 1527 DESCRIPTION 1528 "The storage type for this conceptual row in the 1529 familyTable." 1530 DEFVAL { nonVolatile } 1531 ::= { familyEntry 4 } 1533 familyStatus OBJECT-TYPE 1534 SYNTAX RowStatus 1535 MAX-ACCESS read-create 1536 STATUS current 1537 DESCRIPTION 1538 "The status of this conceptual row in the 1539 familyTable." 1540 ::= { familyEntry 5 } 1542 Draft Party MIB for SNMPv2 Jan 93 1544 -- conformance information 1546 partyMIBConformance 1547 OBJECT IDENTIFIER ::= { partyMIB 3 } 1549 partyMIBCompliances 1550 OBJECT IDENTIFIER ::= { partyMIBConformance 1 } 1551 partyMIBGroups 1552 OBJECT IDENTIFIER ::= { partyMIBConformance 2 } 1554 -- compliance statements 1556 unSecurableCompliance MODULE-COMPLIANCE 1557 STATUS current 1558 DESCRIPTION 1559 "The compliance statement for SNMPv2 entities 1560 which implement the Party MIB, but do not support 1561 any authentication or privacy protocols (i.e., | 1562 only the noAuth and noPriv protocols are | 1563 supported)." | 1564 MODULE -- this module 1565 MANDATORY-GROUPS { partyMIBGroup } 1566 ::= { partyMIBCompliances 1 } 1568 partyNoPrivacyCompliance MODULE-COMPLIANCE | 1569 STATUS current 1570 DESCRIPTION 1571 "The compliance statement for SNMPv2 entities 1572 which implement the Party MIB, and support an 1573 authentication protocol, but do not support any 1574 privacy protocols (i.e., only the noAuth, | 1575 v2md5AuthProtocol, and noPriv protocols are | 1576 supported)." | 1577 MODULE -- this module 1578 MANDATORY-GROUPS { partyMIBGroup } 1579 ::= { partyMIBCompliances 2 } 1581 Draft Party MIB for SNMPv2 Jan 93 1583 partyPrivacyCompliance MODULE-COMPLIANCE | 1584 STATUS current 1585 DESCRIPTION 1586 "The compliance statement for SNMPv2 entities 1587 which implement the Party MIB, support an 1588 authentication protocol, and support a privacy 1589 protocol ONLY for the purpose of accessing 1590 security parameters. - 1592 For all aclTable entries authorizing a subject 1593 and/or target SNMPv2 party whose privacy protocol 1594 is desPrivProtocol, to be used in accessing a 1595 SNMPv2 context, the MIB view for that SNMPv2 1596 context shall include only those objects 1597 subordinate to partyMIBObjects, or a subset 1598 thereof, e.g., 1600 viewSubtree = { partyMIBObjects } 1601 viewMask = ''H 1602 viewType = { included } 1604 Any attempt to configure an entry in the 1605 partyTable, the contextTable, the aclTable or the 1606 viewTable such that a party using the 1607 desPrivProtocol would be authorized for use in 1608 accessing objects outside of the partyMIBObjects 1609 subtree shall result in the appropriate error 1610 response (e.g., wrongValue or inconsistentValue)." 1611 MODULE -- this module 1612 MANDATORY-GROUPS { partyMIBGroup } 1613 ::= { partyMIBCompliances 3 } 1615 Draft Party MIB for SNMPv2 Jan 93 1617 fullPrivacyCompliance MODULE-COMPLIANCE 1618 STATUS current 1619 DESCRIPTION 1620 "The compliance statement for SNMPv2 entities 1621 which implement the Party MIB, support an 1622 authentication protocol, and support a privacy | 1623 protocol without restrictions on its use." | 1624 MODULE -- this module 1625 MANDATORY-GROUPS { partyMIBGroup } 1626 ::= { partyMIBCompliances 4 } 1628 -- units of conformance 1630 partyMIBGroup OBJECT-GROUP 1631 OBJECTS { partyIndex, partyTDomain, partyTAddress, 1632 partyMaxMessageSize, partyLocal, 1633 partyAuthProtocol, partyAuthClock, 1634 partyAuthPrivate, partyAuthPublic, 1635 partyAuthLifetime, partyPrivProtocol, 1636 partyPrivPrivate, partyPrivPublic, 1637 partyStorageType, partyStatus, 1638 partyCloneFrom, + 1639 contextIndex, contextLocal, 1640 contextViewIndex, contextLocalEntity, 1641 contextLocalTime, contextStorageType, 1642 contextStatus, aclTarget, aclSubject, 1643 aclPrivileges, aclStorageType, aclStatus, 1644 viewMask, viewType, viewStorageType, viewStatus } 1645 STATUS current 1646 DESCRIPTION 1647 "The collection of objects allowing the 1648 description and configuration of SNMPv2 parties. 1650 Note that objects which support proxy 1651 relationships are not included in this conformance 1652 group." 1653 ::= { partyMIBGroups 1 } 1655 END 1656 Draft Party MIB for SNMPv2 Jan 93 1658 3. Acknowledgments 1660 This document is based, almost entirely, on RFC 1353. 1662 Draft Party MIB for SNMPv2 Jan 93 1664 4. References 1666 [1] Information processing systems - Open Systems 1667 Interconnection - Specification of Abstract Syntax 1668 Notation One (ASN.1), International Organization for 1669 Standardization. International Standard 8824, (December, 1670 1987). 1672 [2] J.D. Case, K. McCloghrie, M.T. Rose, S.L. Waldbusser, 1673 Structure of Management Information for version 2 of the 1674 Simple Network Management Protocol (SNMPv2). Internet- 1675 Draft, (January 26, 1993). | 1677 [3] J.R. Davin, J.M. Galvin, K. McCloghrie, Administrative 1678 Model for version 2 of the Simple Network Management 1679 Protocol (SNMPv2). Internet-Draft, (January 26, 1993). | 1681 [4] J.M. Galvin, K. McCloghrie, J.R. Davin, Security 1682 Protocols for version 2 of the Simple Network Management 1683 Protocol (SNMPv2). Internet-Draft, (January 26, 1993). | 1685 [5] J.D. Case, K. McCloghrie, M.T. Rose, S.L. Waldbusser, 1686 Protocol Operations for version 2 of the Simple Network 1687 Management Protocol (SNMPv2). Internet-Draft, (January | 1688 26, 1993). | 1690 [5] J.D. Case, K. McCloghrie, M.T. Rose, S.L. Waldbusser, 1691 Transport Mappings for version 2 of the Simple Network 1692 Management Protocol (SNMPv2). Internet-Draft, (January | 1693 26, 1993). | 1695 Draft Party MIB for SNMPv2 Jan 93 1697 Table of Contents 1699 1 Introduction .......................................... 2 1700 1.1 A Note on Terminology ............................... 2 1701 2 Definitions ........................................... 3 1702 3.1 Textual Conventions ................................. 4 1703 3.2 Administrative Assignments .......................... 7 1704 3.2.1 Initial Party and Context Identifiers ............. 8 1705 3.3 Object Assignments .................................. 16 1706 3.4 The SNMPv2 Party Database Group ..................... 16 1707 3.5 The SNMPv2 Contexts Database Group .................. 29 1708 3.5 The SNMPv2 Access Privileges Database Group ......... 36 1709 3.6 The MIB View Database Group ......................... 40 1710 3.7 Conformance Information ............................. 47 1711 3.7.1 Compliance Statements ............................. 47 1712 3.7.2 Units of Conformance .............................. 49 1713 3 Acknowledgments ....................................... 50 1714 4 References ............................................ 51