I would expect that kind of kistory creation to be handled by something
like a syslog event report, rather than by anything internal to I2RS.
We do not normally specify as part of the protocols all the syslog
events they should generate, do we?
Yours,
Joel
On 8/14/13 12:29 PM, Joe Marcus Clarke wrote:
On 8/14/13 12:11 PM, Alia Atlas wrote:
[Alia] I think that (1) belongs in the architecture. I agree that it is
important - but I feel that the problem-statement part is covered in the
Multi-Headed Control.
(2) is mostly covered in "Secure Control". I did add "Such
communications must also have its integrity protected." since we hadn't
mentioned integrity but just authentication and authorization.
For (3), I'm not sure what aspects specifically apply to I2RS... We
have authentication and authorization and, in the architecture, tracking
of state written. What knobs or functionality are you looking for in
accounting?
I'll comment here, and I'm sure Carlos will chime in with anything I
miss or if he sees things differently.
Coming from a services/support mindset, accountability from a tracing
point of view is important. I would like to see a history of actions
performed, the client that performed them, when the actions were
performed (with very granular timestamps), and the result code.
Forgive me for using a vendor reference here (as an example), but in
Cisco IOS we have the buffer of CLI commands executed and syslog
messages generated. This buffer is very useful when it comes to tracing
a crash back to potential triggers. As we look to incorporate our own
APIs, we want to provide the same kind of history log to try and tie API
calls back to potential problems on the device.
With I2RS in particular, while crashes are certainly possible, being
able to look back at operations and correlate problems like packet loss,
service interruption, performance deviations, etc. will be vital from a
troubleshooting standpoint.
Joe
_______________________________________________
i2rs mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2rs
