On Thu, Mar 17, 2016 at 05:21:35AM -0700, Stephen Farrell wrote: > - section 2: security role, hmm..... Do netconf/restconf have > the concept of mapping identifiers to roles? If not, that > might be tricky to graft on. Not sure.
There may be room in the future protocol specific work for I2RS across a transport such as netconf/restconf to further refine this. However, as one example of role-binding, a given user (identity) may have access to specific resources such as portions of the configuration tree. Basically, typical user to configuration privileges. An example of this is user jeff is allowed to configure bgp, but should enver be allowed to interact with the device's security settings. NACM already provides something rather similar to this behavior in netconf, but discussion with the netconf working group is ongoing in terms of further bindings that are i2rs specific, such as priority. -- Jeff _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
