[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf-pm-04 notes

>>>>> On Fri, 23 Feb 2001 14:13:03 -0800, Steve Waldbusser <waldbusser@nextbeacon.com> said:

Steve>     "Policies are intended to express a notion of:
Steve>         if (an element has certain characteristics) then (apply an
Steve>             operation to that element)"

Steve> After fixing my notational blunder, would you agree that an
Steve> operation is more likely to apply to the same element?


Steve> Second most likely to a related element?


Steve> And unrelated elements are also possible but don't really draw
Steve> as many strengths from the architecture.

Yes, additional and non-related objects are possible.  I'd still argue
"an element" be the right wording in the action clause, but I
understand your point in wanting to point to the default case.

However, this would leave me to believe that this is not appropriate
for a policy, since the objects/elements/whatever are completely
independent (aside from being tied through this policy):

if (packet arrives with bit 12 set) then (blow up a building somewhere)

>> IMHO, it is a serious security issue not to enable a way for failed
>> actions to be run incorrectly and not have a way to inform an
>> administrator of this immediately.

Steve> Understood. Still thinking. And eager to hear others viewpoints.

Me too (on the view points idea, I'm done thinking about it ;-)

Wes Hardaker
NAI Labs
Network Associates