Juergen: In my opinion, the i2rs:client-name is not different than the NETCONF/RESTCONF user name. If you have a proposal on how to link the i2rs priority to different than Jeff's proposal for NACM rules, we would be glad to hear it. Jeff is trying to provide workable I2RS requirements to the netconf/netmod WGs
The architecture document indicates that the I2RS Client will obtain the client identity and priority out-side of the protocol. Our intent was to re-use the AAA mechanisms to spread client-identity, priority, and secondary opaque id (if necessary). Early proof-of-concept implementations suggest this easily linked to. NETCONF/NETMOD will indeed need to determine how the NETCONF protocol WG will meet (or not meet) the I2RS requirements. Sue -----Original Message----- From: Juergen Schoenwaelder [mailto:[email protected]] Sent: Thursday, May 28, 2015 2:05 AM To: Andy Bierman Cc: Joel M. Halpern; Jeffrey Haas; [email protected]; [email protected]; Alia Atlas; Susan Hares Subject: Re: [i2rs] draft-chen-i2rs-identifier-management-00 On Wed, May 27, 2015 at 06:04:58PM -0700, Andy Bierman wrote: > > Although I should be promoting use of NACM, I am not so sure it should > be mandatory for I2RS or required to configure I2RS client priority. > > list i2rs-client { > key name; > leaf name { > description "The client name"; > type i2rs:client-name; > } > leaf priority { > description "The priority value assigned to this client."; > type i2rs:client-priority; > } > } So what is i2rs:client-name - is it any different from a NETCONF/RESTCONF username? NACM maps user names into groups and NACM allows to have the mapping supplied by an external source (e.g. RADIUS). If this priority mapping is kept separate from NACM, would we need to provision means to get the priority from AAA as well? And the bigger question: Do we create something specific for I2RS or are we going to extend the generic YANG/NC/RC framework to provide the tools I2RS needs? This is probably a question the NETCONF WG has to answer. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
