[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

snmpconf RE: Policy issues: definition of Roles



Yap.

It just dawned on me that a roles are "logical interfaces" in the
router, as opposed to "physical interfaces".

So, in a router with physical interfaces S0..S4, rather than

SNMP:

"Configure interface S0 with ....."
"Configure interface S1 with ....."
"Configure interface S2 with ....."
"Configure interface S3 with ....."
"Configure interface S4 with ....."

The PDP says (using COPS or similar):

"Configure role "Edge+Serial" with ....."

And the PEP knows that it has 5 serial physical interfaces with this
role combination and configures S0..S4 with ....

Shai

P.S., ...With a note regarding "user profiles" and other attributes
used in the schema, which may overload the term Roles but aren't
related to the PEP roles. I call it user profiles since this
is the terminology used in security, access policies, and many
other areas of networking.


At 12:44 PM 02/08/2000, avri.doria@nokia.com wrote:
>So, the role isn't a selector in the schema (although simple schema may
>use it) it is also not a selector at the PDP, but only a selector
>for the PEP to advertise the kind of roles it has, and receive policy
>for each one of its roles.
>...
>
>
>
>
>
>
>
><js>
>Seems to me that you want to differentiate between roles as used to
>influence device configuration on the PEP level vs. roles as used to build
>policy statements at the PDP level. Is this what you meant by "levels" of
>roles?
>
>If so, then I suggest that we talk about PEP roles vs. PDP roles (as Keith
>suggested earlier) vs. roles as a selector (to make me happy ;-) )
></js>
>
>
>
>YES YES YES, you hit it bulls eye! I was talking about PEP roles only
>and was trying (clumsily) to express myself, thanks!
>
>So, lets call it "PEP ROLES"
>
>As for the other one, I believe PDP is merely an interpreter (in comes
>abstract policy, out goes device policy) so it doesn't really have
>roles. So, we should find another name for the second type that you
>described, perhaps "Profile" (as in "user profile, application
>profile,...)? or "Usage Roles".
>
>Shai
>
>
>
>
>
>__________________________________________________________________
>Shai Herzog, Founder & CTO   IPHighway Inc.   Tel : (914) 654-4810
>55 New York Avenue                            Main: (508) 620-1141
>Framingham, MA 01701                          Fax : (212) 656-1006
>
>
>
>
>


__________________________________________________________________
Shai Herzog, Founder & CTO   IPHighway Inc.   Tel : (914) 654-4810
55 New York Avenue                            Main: (508) 620-1141
Framingham, MA 01701                          Fax : (212) 656-1006