[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: snmpconf Comments on BCP-09
>>>>> David T Perkins writes:
David> 6) David> Fine grained access control assignment - a desirable
David> property is to allow management apps to create resource
David> instances via an SNMP set, and to gain "exclusive" or "owner"
David> access as found in file creation operations found in many
David> operating systems, such as the Unix variants. However, the
David> VACM-based access control is VERY different than Unix-like file
David> access control. A design pattern was introduced in the MIB
David> modules from the DISMAN WG which attempted to mimic the
David> Unix-like access control behavior on creation. This design
David> pattern is flawed (and many have not yet realized it). Please
David> describe the objective, show the MIB design pattern and
David> describe how it is flawed.
Can you please send a message to the DISMAN WG list which explains why
the design pattern is flawed so that we can all understand the issue
and either fix it or at least document it somewhere?
Juergen Schoenwaelder <http://www.informatik.uni-osnabrueck.de/schoenw/>