Re: SOAP/HTTP over SSH
Andy Bierman <ietf@andybierman.com> Thu, 01 June 2006 17:21 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Flqr0-0002sH-EN for netconf-archive@lists.ietf.org; Thu, 01 Jun 2006 13:21:02 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Flqqz-0002da-1O for netconf-archive@lists.ietf.org; Thu, 01 Jun 2006 13:21:02 -0400
Received: from majordom by psg.com with local (Exim 4.60 (FreeBSD)) (envelope-from <owner-netconf@ops.ietf.org>) id 1FlqkP-00048e-DI for netconf-data@psg.com; Thu, 01 Jun 2006 17:14:13 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.1
Received: from [205.178.146.55] (helo=omr5.networksolutionsemail.com) by psg.com with esmtp (Exim 4.60 (FreeBSD)) (envelope-from <ietf@andybierman.com>) id 1FlqkN-00048O-TK for netconf@ops.ietf.org; Thu, 01 Jun 2006 17:14:12 +0000
Received: from mail.networksolutionsemail.com (ns-omr5.mgt.netsol.com [10.49.6.68]) by omr5.networksolutionsemail.com (8.13.6/8.13.6) with SMTP id k51HEAsx031000 for <netconf@ops.ietf.org>; Thu, 1 Jun 2006 13:14:11 -0400
Received: (qmail 8663 invoked by uid 78); 1 Jun 2006 17:13:12 -0000
Received: from unknown (HELO ?192.168.0.12?) (andy@andybierman.com@24.24.133.237) by 10.49.36.68 with SMTP; 1 Jun 2006 17:13:12 -0000
Message-ID: <447F2061.5080105@andybierman.com>
Date: Thu, 01 Jun 2006 10:14:09 -0700
From: Andy Bierman <ietf@andybierman.com>
User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
MIME-Version: 1.0
To: Pooja Malhotra <pooja.malhotra@masconit.com>
CC: netconf@ops.ietf.org
Subject: Re: SOAP/HTTP over SSH
References: <KNEGJPGAMOCLFDOMGAEKCEFBCAAA.pooja.malhotra@masconit.com>
In-Reply-To: <KNEGJPGAMOCLFDOMGAEKCEFBCAAA.pooja.malhotra@masconit.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-netconf@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 32b73d73e8047ed17386f9799119ce43
Pooja Malhotra wrote: > Hi... > > We are planning to implement NetConf.And I am very new to this standard. > In this effort I went thro' the initial draft > "NETCONF Configuration Protocol draft-ietf-netconf-prot-12" proposed by > IETF. > After going through it , I understood the architecture > as shown below in the figure: You have misunderstood the document. The RPC layer is 'SOAP over HTTP'. The transport protocol SOAP over HTTPS (HTTP over TLS) is supported. You would use this instead of SSH. Andy > > > Layer Example > +-------------+ +-----------------------------+ > (4) | Content | | Configuration data | > +-------------+ +-----------------------------+ > | | > +-------------+ +-----------------------------+ > (3) | Operations | | NETCONF operation | > +-------------+ +-----------------------------+ > | | > +-------------+ +-----------------------------+ > (2) | RPC | | SOAP over HTTP | > +-------------+ +-----------------------------+ > | | > +-------------+ +-----------------------------+ > (1) | Transport | | SSH | > | Protocol | | | > +-------------+ +-----------------------------+ > > As you can see, our proposed solution indicated that the SSH would > be used as Transport Protocol.This choice was made because it > is mentioned in section 2.4.(Mandatory Transport Protocol ) > that SSH is mandatory for NetConf. Now we > are stuck with the RPC layer protocol. Intially we thought of > SOAP over HTTP (as RPC layer implementation), But if this the case, > we fail to understand how the SSH layer will communicate with > the RPC layer. > How the SSH layer will interact with the RPC layer over HTTP as it is not > secure. > > Also,once the SSH session is opened between the remote machine, > how can we ensure that the data transfer is secured through SOAP/HTTP? > > What is the nature of the SSH connection?Is it socket connection like SSL? > > We tried implementing SSH using opensource Library from JSch > (for client)and OpenSSH (for SSH Server). > Other tool we tried was Corkscrew(tool for tunneling SSH > through HTTP proxies.) > > Also Is it mandatory to implement SSH.Instead can we use SOAP > over HTTPS. > > I would be highly obliged if you could please throw some light on > the queries I have and tell us some tools which can help us in > implementation. > > > Thanks, > > Pooja Malhotra > Senior Software Engineer, > MASCON Global ltd. > Bangalore > Karnatka (India) > > > > > > -- > to unsubscribe send a message to netconf-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/netconf/> > > -- to unsubscribe send a message to netconf-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/netconf/>
- SOAP/HTTP over SSH Pooja Malhotra
- Re: SOAP/HTTP over SSH Juergen Schoenwaelder
- Re: SOAP/HTTP over SSH Andy Bierman
- Re: SOAP/HTTP over SSH Andy Bierman
- RE: SOAP/HTTP over SSH Pooja Malhotra