Re: SOAP/HTTP over SSH
Andy Bierman <ietf@andybierman.com> Fri, 02 June 2006 12:40 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fm8wc-0007lq-Pp for netconf-archive@lists.ietf.org; Fri, 02 Jun 2006 08:40:02 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fm8wb-000096-Dz for netconf-archive@lists.ietf.org; Fri, 02 Jun 2006 08:40:02 -0400
Received: from majordom by psg.com with local (Exim 4.60 (FreeBSD)) (envelope-from <owner-netconf@ops.ietf.org>) id 1Fm8pb-000PGb-UI for netconf-data@psg.com; Fri, 02 Jun 2006 12:32:47 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.1
Received: from [205.178.146.56] (helo=omr6.networksolutionsemail.com) by psg.com with esmtp (Exim 4.60 (FreeBSD)) (envelope-from <ietf@andybierman.com>) id 1Fm8pa-000PGN-Cq for netconf@ops.ietf.org; Fri, 02 Jun 2006 12:32:46 +0000
Received: from mail.networksolutionsemail.com (ns-omr6.mgt.netsol.com [10.49.6.69]) by omr6.networksolutionsemail.com (8.13.6/8.13.6) with SMTP id k52CWjPh024271 for <netconf@ops.ietf.org>; Fri, 2 Jun 2006 08:32:45 -0400
Received: (qmail 22178 invoked by uid 78); 2 Jun 2006 12:32:05 -0000
Received: from unknown (HELO ?192.168.0.12?) (andy@andybierman.com@24.24.133.237) by 10.49.36.69 with SMTP; 2 Jun 2006 12:32:05 -0000
Message-ID: <44802FA9.2080601@andybierman.com>
Date: Fri, 02 Jun 2006 05:31:37 -0700
From: Andy Bierman <ietf@andybierman.com>
User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
MIME-Version: 1.0
To: Pooja Malhotra <pooja.malhotra@masconit.com>
CC: netconf@ops.ietf.org
Subject: Re: SOAP/HTTP over SSH
References: <KNEGJPGAMOCLFDOMGAEKCEFHCAAA.pooja.malhotra@masconit.com>
In-Reply-To: <KNEGJPGAMOCLFDOMGAEKCEFHCAAA.pooja.malhotra@masconit.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-netconf@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.1 (/)
X-Scan-Signature: b132cb3ed2d4be2017585bf6859e1ede
Pooja Malhotra wrote: > Thanks Andy.. > I really appreciate ur help. > But again..as the draft says > that SSH is an mandatory transport > protocol , Can we implement > SOAP over HTTPS (as transport Protocol) > and still be netconf compliant. Not unless you also implement NETCONF over SSH. > > Regards, > Pooja > Andy > > > -----Original Message----- > From: Andy Bierman [mailto:ietf@andybierman.com] > Sent: Thursday, June 01, 2006 10:44 PM > To: Pooja Malhotra > Cc: netconf@ops.ietf.org > Subject: Re: SOAP/HTTP over SSH > > > Pooja Malhotra wrote: >> Hi... >> >> We are planning to implement NetConf.And I am very new to this standard. >> In this effort I went thro' the initial draft >> "NETCONF Configuration Protocol draft-ietf-netconf-prot-12" proposed by >> IETF. >> After going through it , I understood the architecture >> as shown below in the figure: > > You have misunderstood the document. > The RPC layer is 'SOAP over HTTP'. > The transport protocol SOAP over HTTPS (HTTP over TLS) > is supported. You would use this instead of SSH. > > > Andy > >> >> Layer Example >> +-------------+ +-----------------------------+ >> (4) | Content | | Configuration data | >> +-------------+ +-----------------------------+ >> | | >> +-------------+ +-----------------------------+ >> (3) | Operations | | NETCONF operation | >> +-------------+ +-----------------------------+ >> | | >> +-------------+ +-----------------------------+ >> (2) | RPC | | SOAP over HTTP | >> +-------------+ +-----------------------------+ >> | | >> +-------------+ +-----------------------------+ >> (1) | Transport | | SSH | >> | Protocol | | | >> +-------------+ +-----------------------------+ >> >> As you can see, our proposed solution indicated that the SSH would >> be used as Transport Protocol.This choice was made because it >> is mentioned in section 2.4.(Mandatory Transport Protocol ) >> that SSH is mandatory for NetConf. Now we >> are stuck with the RPC layer protocol. Intially we thought of >> SOAP over HTTP (as RPC layer implementation), But if this the case, >> we fail to understand how the SSH layer will communicate with >> the RPC layer. >> How the SSH layer will interact with the RPC layer over HTTP as it is not >> secure. >> >> Also,once the SSH session is opened between the remote machine, >> how can we ensure that the data transfer is secured through SOAP/HTTP? >> >> What is the nature of the SSH connection?Is it socket connection like SSL? >> >> We tried implementing SSH using opensource Library from JSch >> (for client)and OpenSSH (for SSH Server). >> Other tool we tried was Corkscrew(tool for tunneling SSH >> through HTTP proxies.) >> >> Also Is it mandatory to implement SSH.Instead can we use SOAP >> over HTTPS. >> >> I would be highly obliged if you could please throw some light on >> the queries I have and tell us some tools which can help us in >> implementation. >> >> >> Thanks, >> >> Pooja Malhotra >> Senior Software Engineer, >> MASCON Global ltd. >> Bangalore >> Karnatka (India) >> >> >> >> >> >> -- >> to unsubscribe send a message to netconf-request@ops.ietf.org with >> the word 'unsubscribe' in a single line as the message text body. >> archive: <http://ops.ietf.org/lists/netconf/> >> >> > > > -- to unsubscribe send a message to netconf-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/netconf/>
- SOAP/HTTP over SSH Pooja Malhotra
- Re: SOAP/HTTP over SSH Juergen Schoenwaelder
- Re: SOAP/HTTP over SSH Andy Bierman
- Re: SOAP/HTTP over SSH Andy Bierman
- RE: SOAP/HTTP over SSH Pooja Malhotra