Protocol Action: 'Policy Based Management MIB' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Thu, 02 September 2004 14:52 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA09407; Thu, 2 Sep 2004 10:52:20 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C2szE-00023T-IH; Thu, 02 Sep 2004 10:54:52 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C2sde-0006Fz-22; Thu, 02 Sep 2004 10:32:34 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C2sUp-0000Wz-Tq; Thu, 02 Sep 2004 10:23:28 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA07296; Thu, 2 Sep 2004 10:23:25 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C2sXF-00086D-8y; Thu, 02 Sep 2004 10:25:57 -0400
Received: from apache by megatron.ietf.org with local (Exim 4.32) id 1C2sK2-0001y1-Ic; Thu, 02 Sep 2004 10:12:18 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1C2sK2-0001y1-Ic@megatron.ietf.org>
Date: Thu, 02 Sep 2004 10:12:18 -0400
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
Cc: snmpconf mailing list <snmpconf@snmp.com>, Internet Architecture Board <iab@iab.org>, snmpconf chair <david.partain@ericsson.com>, snmpconf chair <saperia@jdscons.com>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'Policy Based Management MIB' to Proposed Standard
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
The IESG has approved the following document: - 'Policy Based Management MIB ' <draft-ietf-snmpconf-pm-15.txt> as a Proposed Standard This document is the product of the Configuration Management with SNMP Working Group. The IESG contact persons are Bert Wijnen and David Kessens. Technical Summary This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, this MIB defines objects that enable policy-based monitoring and management of SNMP infrastructures as well as a scripting language and a script execution environment. Working Group Summary The Working Group took a long time to discuss this document. There was also discussion about the fact that this document combines both a MIB module and a Scripting language specification, and some WG members proposed to split the document in two. However, in the end there was rough consensus to go forward with the combined specification and the WG supports this document as a standards track document. Protocol Quality The document has been reviewed for the IESG by Bert Wijnen. Patrik Faltstrom has reviewed the document for UTF-8 and for internationalization aspects. David Harrington did extensive review of revisions 9, 10 and 11 at the request of the Area Director back in mid 2002. RFC-Editor note: pls add the following text to the end of sect 13 "Security Considerations", so that is on page 126: This MIB allows the delegation of access rights so that a user ("Joe") can instruct a Policy MIB agent to execute remote operations on his behalf that are authorized by keys stored by "Joe" into the usmUserTable. Care needs to be taken to ensure that unauthorized users are unable to configure their policies to use Joe's keys. While there are theoretically many ways to configure SNMP security, users are advised to follow the most straightforward way outlined below to minimize complexity and the resulting opportunity for errors. Assume that Joe has credentials that give him authority to manage agents A, B, and C, as well as the Policy MIB agent "P". Joe will store credentials for Joe@A, Joe@B, Joe@C in the usmUserTable of the Policy MIB agent. Then the following VACM configuration will will be used: VACM securityToGroupTable A single entry mapping user Joe@P to group JoesGroup VACM accessTable A single entry mapping group JoesGroup to write view JoesView VACM viewTreeFamilyTable ViewName Subtree Type JoesView points to Joe@A in usmUserTable included JoesView points to Joe@B in usmUserTable included JoesView points to Joe@C in usmUserTable included In the preceding examples, the notation Joe@A represents the entry indexed by usmUserEngineID and usmUserName, where the SnmpEngineID is that of system A and the usmUserName is "Joe". _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce