Re: [NGO] comments on CANMOD BoF
Balazs Lengyel <balazs.lengyel@ericsson.com> Mon, 17 March 2008 10:30 UTC
Return-Path: <ngo-bounces@ietf.org>
X-Original-To: ietfarch-ngo-archive@core3.amsl.com
Delivered-To: ietfarch-ngo-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3AA528C2AC; Mon, 17 Mar 2008 03:30:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.89
X-Spam-Level:
X-Spam-Status: No, score=-101.89 tagged_above=-999 required=5 tests=[AWL=-1.453, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IotE50n1k5MF; Mon, 17 Mar 2008 03:30:30 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7B7E28C231; Mon, 17 Mar 2008 03:30:30 -0700 (PDT)
X-Original-To: ngo@core3.amsl.com
Delivered-To: ngo@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8EAFD28C231 for <ngo@core3.amsl.com>; Mon, 17 Mar 2008 03:30:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9A+mmEVYk14K for <ngo@core3.amsl.com>; Mon, 17 Mar 2008 03:30:28 -0700 (PDT)
Received: from mailgw3.ericsson.se (mailgw3.ericsson.se [193.180.251.60]) by core3.amsl.com (Postfix) with ESMTP id 0072B28C21F for <ngo@ietf.org>; Mon, 17 Mar 2008 03:30:27 -0700 (PDT)
Received: from mailgw3.ericsson.se (unknown [127.0.0.1]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id 04C5C2209D; Mon, 17 Mar 2008 11:19:28 +0100 (CET)
X-AuditID: c1b4fb3c-af09dbb00000193b-69-47de45afcd37
Received: from esealmw126.eemea.ericsson.se (unknown [153.88.254.123]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id D942020850; Mon, 17 Mar 2008 11:19:27 +0100 (CET)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.172]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Mar 2008 11:19:16 +0100
Received: from [159.107.197.224] ([159.107.197.224]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 17 Mar 2008 11:19:16 +0100
Message-ID: <47DE45A3.4050202@ericsson.com>
Date: Mon, 17 Mar 2008 11:19:15 +0100
From: Balazs Lengyel <balazs.lengyel@ericsson.com>
User-Agent: Thunderbird 2.0.0.4 (X11/20070604)
MIME-Version: 1.0
To: Andy Bierman <ietf@andybierman.com>
References: <200803161721.m2GHLUlc054962@idle.juniper.net> <47DD72BE.707@andybierman.com>
In-Reply-To: <47DD72BE.707@andybierman.com>
X-OriginalArrivalTime: 17 Mar 2008 10:19:16.0218 (UTC) FILETIME=[5AB0ADA0:01C88818]
X-Brightmail-Tracker: AAAAAA==
Cc: NETCONF Goes On <ngo@ietf.org>
Subject: Re: [NGO] comments on CANMOD BoF
X-BeenThere: ngo@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NETCONF Goes On - discussions on future work and extensions to NETCONF <ngo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ngo>, <mailto:ngo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ngo>
List-Post: <mailto:ngo@ietf.org>
List-Help: <mailto:ngo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ngo>, <mailto:ngo-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ngo-bounces@ietf.org
Errors-To: ngo-bounces@ietf.org
While agreeing that access control is important, I would also mention that we just made the very first step for the DML. We still have many months of hard work before us, so if we loose focus we are doomed. Balazs Andy Bierman wrote: > Phil Shafer wrote: >> Andy Bierman writes: >>> The NETMOD WG (if there ever is one) should deal >>> with the entire problem of standardized CM, which includes >>> secure operation in a multi-user environment. >> With this approach, we'd still be working on the NETCONF draft. We >> need to find what we agree on, build concensus on that, publish, >> gain experience, learn, and evolve. >> >> If the plan is "all or nothing", we'll get nothing. >> > > The NETCONF access control model is "all or nothing", > not the NETCONF feature development plan. That is in its > 3rd phase, and new stuff like partial-locking and yet another > optional transport (which is only needed to avoid the mandatory > transport) are given higher priority than security. > > You have to design the 2nd floor of the house, even though > you start out by building the first floor. If you don't, > at best the project will cost 10X more expensive than it should, > and at worse, the house will collapse when you add the weight > the load-bearing walls on the first floor were never designed to handle. > > A standard access control model is clearly needed. > Every NETCONF implementation has its own proprietary ACM. > The requirements for standardized access control could impact > the NETMOD architecture and the DML. Ignoring access control > and bolting it on later might be a huge mistake. > > So by 'all', I mean a coherent and well-planned execution strategy > to reach a complete standardized CM solution for NETCONF, > as opposed to an ad-hoc free-for-all that continues to produce > zero writable standard objects for NETCONF. > >> Thanks, >> Phil >> >> >> > > Andy > > _______________________________________________ > NGO mailing list > NGO@ietf.org > https://www.ietf.org/mailman/listinfo/ngo -- Balazs Lengyel Ericsson Hungary Ltd. TSP System Manager ECN: 831 7320 Fax: +36 1 4377792 Tel: +36-1-437-7320 email: Balazs.Lengyel@ericsson.com _______________________________________________ NGO mailing list NGO@ietf.org https://www.ietf.org/mailman/listinfo/ngo
- [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Yoshifumi Atarashi
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Leif Johansson
- Re: [NGO] comments on CANMOD BoF Phil Shafer
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Balazs Lengyel
- Re: [NGO] comments on CANMOD BoF Mehmet Ersue
- Re: [NGO] comments on CANMOD BoF Andy Bierman
- Re: [NGO] comments on CANMOD BoF Jon Saperia
- Re: [NGO] comments on CANMOD BoF David Harrington