Protocol Action: 'A YANG Module for TACACS+' to Proposed Standard (draft-ietf-opsawg-tacacs-yang-12.txt)

The IESG <iesg-secretary@ietf.org> Thu, 17 June 2021 13:11 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C8F13A1F22; Thu, 17 Jun 2021 06:11:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Subject: Protocol Action: 'A YANG Module for TACACS+' to Proposed Standard (draft-ietf-opsawg-tacacs-yang-12.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 7.32.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: Joe Clarke <jclarke@cisco.com>, The IESG <iesg@ietf.org>, draft-ietf-opsawg-tacacs-yang@ietf.org, jclarke@cisco.com, opsawg-chairs@ietf.org, opsawg@ietf.org, rfc-editor@rfc-editor.org, rwilton@cisco.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <162393546022.32458.17198501790771110045@ietfa.amsl.com>
Date: Thu, 17 Jun 2021 06:11:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/pZoWSZFYCUb7o_E6UbgMqfwrIMc>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 13:11:01 -0000

The IESG has approved the following document:
- 'A YANG Module for TACACS+'
  (draft-ietf-opsawg-tacacs-yang-12.txt) as Proposed Standard

This document is the product of the Operations and Management Area Working
Group.

The IESG contact persons are Warren Kumari and Robert Wilton.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/




Technical Summary

   This document defines a Terminal Access Controller Access-Control
   System Plus (TACACS+) client YANG module, that augments the System
   Management data model, defined in RFC 7317, to allow devices to make
   use of TACACS+ servers for centralized Authentication, Authorization
   and Accounting (AAA).

Working Group Summary

The contention over TACACS+ in general carried over a bit in the initial development of this document and its module.  To alleviate that, the scope was reduced to avoid an overall AAA module and instead focus on configuring the client-side of the TACACS+ protocol specifically.  Towards the end, there was good feedback on YANG structure, terminology and providing an example to make the module use clearer.

That said, the ietf-system currently only defines authentication and not authorization and accounting.  So, while the TACACS+ module allows to specify a TACACS+ server that can do both authorization and accounting, the configuration nodes for that are not yet in the ietf-system module.  The intent, as understood by the doc shepherd, is to propose new work to handle those methods in a more general approach outside the restricted scope of this TACACS+ document.

Document Quality

TACACS+ is certainly implemented and deployed. 

Huawei has implemented this draft in their devices.  It is likely that this YANG module will be implemented by other vendors as part of the wider IETF YANG ecosystem.

The document has undergone various expert-level reviews besides the WG review.  In particular YANG Doctors and SECDIR have reviewed and said it was ready.  The comments that arose from those reviews have been addressed in revision -05 of the document.  

Personnel

Joe Clarke is the Document Shepherd.
Rob Wilton is the responsible Area Director.