Re: [Netconf] LC on subscribed-notifications-10

"Eric Voit (evoit)" <evoit@cisco.com> Wed, 14 March 2018 15:35 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22D481270FC; Wed, 14 Mar 2018 08:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.631
X-Spam-Level:
X-Spam-Status: No, score=-12.631 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w1YGv-sJPCUf; Wed, 14 Mar 2018 08:35:55 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BDE1200B9; Wed, 14 Mar 2018 08:35:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2575; q=dns/txt; s=iport; t=1521041755; x=1522251355; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=e3ZxLhPFA17D0Cxo0rtpB3h8n/oJMn8HmyrTi10UHBI=; b=iAKBY/2HjxohOOO/MuF7M7mhEEYT+EgSDLg+wivTV/pUXt8IHyyZVDQI xB2WuCOe1aAUYmnaP0LBBvUQMpd+qk/ovOLMhWiMv1XTS2eqv03za99PD BXE6qH7XqhcAQBpQmESWWx6VXzu/ShPaxHUKWCrbRQMbPDqoRvcHg8EXd A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DvAABPQKla/4MNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNQgVUoCo1gjXOCA4EWlDaCEwqFEQKDJiE0GAECAQEBAQEBAms?= =?us-ascii?q?ohSUBAQEDATo9AgULAgEIDgcDDAEREDIlAgQBDQUIhQgIryKIYIIMhS6CFIFVg?= =?us-ascii?q?VSDIIRwhgAEmlgJAolShwaOa5EmAhETAYErAR44gVJwFYJ9gjMcjiB3jQMFgSy?= =?us-ascii?q?BGAEBAQ?=
X-IronPort-AV: E=Sophos;i="5.47,470,1515456000"; d="scan'208";a="83987147"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Mar 2018 15:35:55 +0000
Received: from XCH-RTP-010.cisco.com (xch-rtp-010.cisco.com [64.101.220.150]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id w2EFZsnq010281 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 14 Mar 2018 15:35:54 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-010.cisco.com (64.101.220.150) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 14 Mar 2018 11:35:54 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1320.000; Wed, 14 Mar 2018 11:35:53 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>, "Andy Bierman (andy@yumaworks.com)" <andy@yumaworks.com>, "alex@clemm.org" <alex@clemm.org>
CC: "Robert Wilton -X (rwilton - ENSOFT LIMITED at Cisco)" <rwilton@cisco.com>, "kwatsen@juniper.net" <kwatsen@juniper.net>, "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-subscribed-notifications@ietf.org" <draft-ietf-netconf-subscribed-notifications@ietf.org>
Thread-Topic: [Netconf] LC on subscribed-notifications-10
Thread-Index: AQHTuiDhP4UPxNeFY0CSJ8tCCoPN1aPM98TAgAK21ACAAAhYEIAAUPqA///MxoA=
Date: Wed, 14 Mar 2018 15:35:53 +0000
Message-ID: <9b8cf6b9e6114e00800525db71505023@XCH-RTP-013.cisco.com>
References: <8d4f4193c6694fe387d284d7b74c9b09@XCH-RTP-013.cisco.com> <20180314.093900.1449292548839197417.mbj@tail-f.com> <379cfb19a5c64753a067a2ae42f65a82@XCH-RTP-013.cisco.com> <20180314.145841.72164558423482638.mbj@tail-f.com>
In-Reply-To: <20180314.145841.72164558423482638.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.56.228]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ZjOxOsjHKGOHZtAN0wSUr0yfRF8>
Subject: Re: [Netconf] LC on subscribed-notifications-10
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 15:35:57 -0000

(reducing to the single open item, and adding Andy + Alex to the "to")

> From: Martin Bjorklund, March 14, 2018 9:59 AM
> 
> Hi,
> 
> "Eric Voit (evoit)" <evoit@cisco.com> wrote:
> > Hi Martin,
> >
> > But for
> > subscription to event streams, it is assumed that any event records
> > placed on a stream permitted for that receiver is authorized content
> > (just like RFC-5277).
> 
> Hmm.  This is not how it is defined in RFC 5277:

Agree.   I should not have said "just like 5277".   More below.

>    After generation of the <notification> element, access control is
>    applied by the server.  If a session does not have permission to
>    receive the <notification>, then it is discarded for that session,
>    and processing of the internal event is completed for that session.
> 
> Also, NACM is designed to drop notifications that the client doesn't have
> access to.

A few years ago during early discussions, Alex and I remember Andy asking that per receiver access control not be applied to traffic coming out of a stream.    We took that to mean that a receiver should get all the event records on a stream, without any per-notification filtering.  This is what drove the current text.

Per RFC-6536, section 3.4.6., the outgoing <notification> authorization is able to look at the notification event type, and if a receiver is authorized to receive the notification event type, then it is also authorized to receive any data it contains.  

Reconsidering this, perhaps Alex and I interpreted Andy's intent wrong.  And Andy actually requested the current event type behavior which NACM can currently perform on the RFC-5277 NETCONF event stream, but no other filtering of event records beyond that.

If that is the case, and this capability is desired by the WG, Alex and I would be happy to replicate the relevant text from RFC-5277 section 3.2 to draft-ietf-netconf-subscribed-notifications to cover this.

Thanks,
Eric

> > Effects like this are why the two drafts, as well as the YANG model
> > targets and filters for datastores and to streams have been separated.
> >
> > > Your statement:
> > >
> > >   Access control is to the stream rather than the content.
> > >
> > > seems to imply that in order to subscribe to changes to the
> > > datastore, you need full access to all nodes covered by the filter.
> >
> > As a stream and a datastore are different, hopefully my comment above
> > clears this up.
> >
> > Eric
> > > /martin
> 
> 
> /martin