Re: [netconf] UserId for authentication in https-notif

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Fri, 11 October 2019 23:00 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25C5F120059 for <netconf@ietfa.amsl.com>; Fri, 11 Oct 2019 16:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2YPQ733r6wcy for <netconf@ietfa.amsl.com>; Fri, 11 Oct 2019 16:00:36 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150040.outbound.protection.outlook.com [40.107.15.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B506F120106 for <netconf@ietf.org>; Fri, 11 Oct 2019 16:00:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dhqua8IlfIyvikvqeSqcnmMgyvbBPl5LQ8xFwqx/VJJkDi8ebfPu9+B3UgnYS9OEOefikuaKQDVyCARVlGKERzDxLFLiAun9bMp1CQoK1aK0G/x38LFmLc/NCFs2iMIyghjeIrfm7013MptAj1QMxNgYHaIEL4M5ILZ7MOJJhPwMW1uqSih7RQc3xnk1eFFSvec3eApm0jG/5q/ACdF8towxhBbsOFHWoI9ikM6r4RcJkyNEt7ya9pnaeMATVjxU/R9kpw/2rVFZE79CxHM/A1cpUUxXngabH4kMSp7bbLIiWiEnD4QAUu+aYWRt8HbTiB9elEYcY2OnM9vjt3zioQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z8gbCEVQM1R5EIoph1Gl5dVCZQ+2n87SurHsJeC1BIU=; b=F6QV20bzeQtAosZ73MNrSQGBoR+g1x2EtijZj0hJf77ak0rJCJM3EIAqNdu5xxOn4Lv+NbBzyZ/o1C7uSd5hal8nV7PQCCjt4MKK16HeKrremxrOevQ9u7Dn8UipvelFtthnCZxUJ3g9bi62J70f1cKBjdCwgN+FGtdJr5BOMcG/tqX+5wolE2Zsm/kAjqOBQJEBMQ6suINjJoKFdQeLhNqHm0JD3CiqHLVLGrcnnAa65jL7kBbBnsojn0Jul8PVFNaKRZQ/sL7Zm5958ijI0YqmLwrHk1wKpRelUhYT00q06mWFcILVPJ+hXLuhQCnmtPE1YQu3WwNDn076kGolcQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z8gbCEVQM1R5EIoph1Gl5dVCZQ+2n87SurHsJeC1BIU=; b=GQCrS59UWkwomhoE4m7Aj5gpqsjor3+nhy/cgmSDtxN0VNNsQE9VREUbjRxb7yg4xrTz9EH4wbhWdq8jXjAgo4r8NpR0M1TKx6vMRmsIzPx1emsC29hOWBPVc0vKGti1ZAhLX9BHaeJJjMKshQGWwMg053GV5p5nPi3gWP+xSgg=
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6SPR00MB248.EURP190.PROD.OUTLOOK.COM (10.169.227.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Fri, 11 Oct 2019 23:00:33 +0000
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908%4]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 23:00:33 +0000
From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
To: Kent Watsen <kent+ietf@watsen.net>
CC: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= <balazs.lengyel=40ericsson.com@dmarc.ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] UserId for authentication in https-notif
Thread-Index: AQHVgIE/whHAHCNTOk6mw7OMqq8oCqdWDlqA
Date: Fri, 11 Oct 2019 23:00:32 +0000
Message-ID: <20191011230031.eqq3ydbam7f6olyu@anna.jacobs.jacobs-university.de>
References: <VI1PR0701MB228689F4451F67AC255DEFAFF0970@VI1PR0701MB2286.eurprd07.prod.outlook.com> <0100016dbce32ea3-ea8a4576-f71e-45f2-91dd-ac4d1cae0f86-000000@email.amazonses.com>
In-Reply-To: <0100016dbce32ea3-ea8a4576-f71e-45f2-91dd-ac4d1cae0f86-000000@email.amazonses.com>
Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM3PR05CA0145.eurprd05.prod.outlook.com (2603:10a6:207:3::23) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3744d5a0-9e7e-4f3a-a0ed-08d74e9ed1bf
x-ms-traffictypediagnostic: DB6SPR00MB248:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DB6SPR00MB248AD96DAD5820093105690DE970@DB6SPR00MB248.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0187F3EA14
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(376002)(366004)(136003)(346002)(396003)(189003)(199004)(11346002)(446003)(46003)(386003)(786003)(71200400001)(6116002)(71190400001)(476003)(4744005)(6246003)(14454004)(5660300002)(486006)(6506007)(186003)(54906003)(3450700001)(316002)(8676002)(66946007)(64756008)(66556008)(66476007)(8936002)(66446008)(81156014)(81166006)(45776006)(99286004)(256004)(6486002)(4326008)(86362001)(229853002)(1076003)(7736002)(43066004)(305945005)(6512007)(52116002)(25786009)(2906002)(76176011)(6436002)(478600001)(6306002)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6SPR00MB248; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RM4XF+TGdQQ/rlmpR1BsWRCdYx3ZDc52lRq8qtZ7JEMxzXGXgRgIYlTEIq12ZAOFau/abdyhPUtXE/L8kolZeeJtNofReVqdXm1T8//D6WeU72v+446yW5FO112xl/5Hi+vx36hMtdPcBjNNehOLO92um2Db26JHjCgcTpUxLVi85yY8uAHY1qi0KEEWnMDtG5ha+n1yRG2Tn+PjIKmw5WR8vpbqcJhFkPhwVOpRPXioKHeV8k1poQCIG1rcw8nYmZU5mPpP15qhb5twW85xYt6MLYXF5usSqXF8Gp4Br/0yilejP/BcFj+7dSEeaXw26sB2j7V+ezapnMN4dLGcrN8oZtknirO0xzNadBd54FC4victjVRvTwNm+StY7eLgWA6wuPHe7JFAAhOeCKLQbCHOH7+lUVf7IJfQggjPuZJYwaJCvaBj1HCcaQu/z7wgbiJG5W/5wVW3lhbqnGlMlg==
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <C3E4F8D78A41824EB1AFD415C7577479@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 3744d5a0-9e7e-4f3a-a0ed-08d74e9ed1bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 23:00:32.9089 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Y9cy1Q3vPBTdlimJGc4a2wq7n17D0awzBlM6laXAbNO+Kc0yqPUo+KjlbR0d9fYw5eIxK6KvHVqDMO0FBDZ5oPPRMjQ+0r6OToxhgmtZmr4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6SPR00MB248
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/QUoMELlZ0SC2TDS1hBuJHUmh-nI>
Subject: Re: [netconf] UserId for authentication in https-notif
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 23:00:38 -0000

On Fri, Oct 11, 2019 at 10:14:28PM +0000, Kent Watsen wrote:
> 
> What does Syslog configuration and processing like?  - it seems that this effort could (should?) mimic Syslog...
>
> Note: the client-credentials (client-cert or basic auth) used to log into the remote system (i.e., the receiver) reflect a user that exists on that remote system and hence cannot be used as a local user id.
> 
> FWIW, this is new protocol (i.e., not NETCONF or RESTCONF) such that the concept of NACM may not necessarily apply.
>

For deployments using RC/NC implementations that support NACM, a
backdoor protocol side-stepping NACM may not be a desirable feature.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>