Re: [OPSAWG] New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt
"Wubo (lana)" <lana.wubo@huawei.com> Thu, 11 July 2019 06:59 UTC
Return-Path: <lana.wubo@huawei.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA629120091 for <opsawg@ietfa.amsl.com>; Wed, 10 Jul 2019 23:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Le6WovfwL_IK for <opsawg@ietfa.amsl.com>; Wed, 10 Jul 2019 23:59:13 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0A94120045 for <opsawg@ietf.org>; Wed, 10 Jul 2019 23:59:12 -0700 (PDT)
Received: from lhreml709-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id E5E008B4E361BE1A8A1C for <opsawg@ietf.org>; Thu, 11 Jul 2019 07:59:10 +0100 (IST)
Received: from dggeme703-chm.china.huawei.com (10.1.199.99) by lhreml709-cah.china.huawei.com (10.201.108.32) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 11 Jul 2019 07:59:10 +0100
Received: from dggeme752-chm.china.huawei.com (10.3.19.98) by dggeme703-chm.china.huawei.com (10.1.199.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 11 Jul 2019 14:59:08 +0800
Received: from dggeme752-chm.china.huawei.com ([10.6.80.76]) by dggeme752-chm.china.huawei.com ([10.6.80.76]) with mapi id 15.01.1591.008; Thu, 11 Jul 2019 14:59:08 +0800
From: "Wubo (lana)" <lana.wubo@huawei.com>
To: Ebben Aries <exa@arrcus.com>
CC: wangzitao <wangzitao@huawei.com>, "Zhengguangying (Walker)" <zhengguangying@huawei.com>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt
Thread-Index: AdU3grojjD/NPzo3R4qeYQzvzWQ3CA==
Date: Thu, 11 Jul 2019 06:59:08 +0000
Message-ID: <056a90c3a97442e08af806fbad643d50@huawei.com>
Accept-Language: en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.189.23]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/O8Wwf2Yp96mJojHKKawdIko-BE8>
Subject: Re: [OPSAWG] New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 06:59:16 -0000
Hi Ebben, Thank you for your important comments. I will add this question to the open issue for discussion and ask our AD for further guidance. Please see the specific response inline. Thanks, Bo -----邮件原件----- 发件人: Ebben Aries [mailto:exa@arrcus.com] 发送时间: 2019年7月11日 0:25 收件人: Wubo (lana) <lana.wubo@huawei.com> 抄送: wangzitao <wangzitao@huawei.com>; Zhengguangying (Walker) <zhengguangying@huawei.com>; opsawg@ietf.org 主题: Re: [OPSAWG] New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt A few quick observations on the model - The model defines the client configuration and state parameters only but to be functional for operator use w/ AAA needs a few other things, otherwise this by itself is incomplete [Bo] Thanks again for your suggestion. You asked this question to us at the 103 meeting, and we submitted version 01 to solve this problem. https://tools.ietf.org/html/draft-zheng-opsawg-tacacs-yang-01#section-4 Although the augmentation was proposed, the Opsawg WG believes that only the tacacsplus YANG is in scope, system-aaa augmentation is not. In addition, there are also comments from Radius that system-aaa augmentation cannot solve only tacacsplus. So for this augmentation part model, I don't know what to do. - There should likely be an identity of 'tacacsplus' that is base off ietf-system:authentication-method [Bo] Yes. In the draft, we added: identity tacacs { base sys:authentication-method; We should define: identity tacacsplus { base sys:authentication-method; - The 'user-authentication-order' must restrictions in ietf-system would need to be accounted for as is done for radius [Bo] Agree, ‘must’ statement should be added for tacacsplus feature. - Is there intention to add an equivalent 'tacacsplus-authentication' feature much like there is for radius? [Bo] Yes, but for the time being, we have not yet proposed the augmentation draft. Or can we can added it as an appendix? Thx /ebben On Jun 20 13:04 PM, Wubo (lana) wrote: > Dear WG, > > We update the 02 version of draft-zheng-opsawg-tacacs-yang-02 to address the comments from 104 meeting. > https://tools.ietf.org/html/draft-zheng-opsawg-tacacs-yang-02 > > Here are some major changes in this version: > - This draft is focused on TACACS+ Client only YANG. > - Change the module name to ietf-system-tacacsplus. > - Group the all the rw objects together by changing timeout to server specific. > - Change "network-instance" to "vrf-instance" to make it specific and add text to describe it. > - Add "source-interface" as a choice to accommodate one more implementation. > > Please help to review the document, comments and suggestions are welcome! > > Thanks, > Bo > > > -----邮件原件----- > 发件人: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > 发送时间: 2019年6月20日 20:38 > 收件人: wangzitao <wangzitao@huawei.com>; Wubo (lana) <lana.wubo@huawei.com>; Zhengguangying (Walker) <zhengguangying@huawei.com>; Wubo (lana) <lana.wubo@huawei.com>; wangzitao <wangzitao@huawei.com> > 主题: New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt > > > A new version of I-D, draft-zheng-opsawg-tacacs-yang-02.txt > has been successfully submitted by Bo Wu and posted to the IETF repository. > > Name: draft-zheng-opsawg-tacacs-yang > Revision: 02 > Title: Yang data model for TACACS+ > Document date: 2019-06-20 > Group: Individual Submission > Pages: 14 > URL: https://www.ietf.org/internet-drafts/draft-zheng-opsawg-tacacs-yang-02.txt > Status: https://datatracker.ietf.org/doc/draft-zheng-opsawg-tacacs-yang/ > Htmlized: https://tools.ietf.org/html/draft-zheng-opsawg-tacacs-yang-02 > Htmlized: https://datatracker.ietf.org/doc/html/draft-zheng-opsawg-tacacs-yang > Diff: https://www.ietf.org/rfcdiff?url2=draft-zheng-opsawg-tacacs-yang-02 > > Abstract: > This document defines a YANG modules that augment the System data > model defined in the RFC 7317 with TACACS+ client model. The data > model of Terminal Access Controller Access Control System Plus > (TACACS+) client allows the configuration of TACACS+ servers for > centralized Authentication, Authorization and Accounting. > > The YANG modules in this document conforms to the Network Management > Datastore Architecture (NMDA) defined in RFC 8342. > > > > > Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg
- Re: [OPSAWG] New Version Notification for draft-z… Wubo (lana)
- Re: [OPSAWG] New Version Notification for draft-z… Wubo (lana)
- Re: [OPSAWG] New Version Notification for draft-z… Ebben Aries
- Re: [OPSAWG] New Version Notification for draft-z… Wubo (lana)