Hi, all The current immutable-flag draft (https://www.ietf.org/archive/id/draft-ma-netmod-immutable-flag-03.txt) defines both a YANG extension and a metadata annotation to indicate the immutability of data nodes and instances, respectively.
An alternative approach discussed on the list is to update NACM and define a "nacm: static-data" YANG extension besides nacm:default-deny-write and nacm:default-deny-all. Authors' considerations on this proposal are following: * Immutability is a property of YANG data nodes or instances, while NACM is a security feature * NACM can be switched off by setting the /nacm/enable-nacm leaf to "false" * Emergency recovery session will bypass access control enforcement * A single YANG extension cannot express instance-level immutability In the current draft, YANG extension we defined doesn't depend on NACM module, but this draft doesn't clarify one point well related to the relation between this YANG extension and NACM, i.e., whether using such YANG extension causes NACM rule not take effect. To address ambiguity when both an immutable-flag and "a user-provided NAC rule to allow write access" are used, the draft can add the following explicit text: "When a specific data node or instance is marked as "immutable", NACM cannot override this to allow create/delete/update access. Servers will ignore such NACM rule. For example, if a particular data node is marked as 'im:immutable' without the 'exceptions' argument for update, the server will ignore any user-defined NACM rule to allow update access operation to that specific data node." We plan to integrate this on Oct 19 if there is no objection to this change. Any thoughts or feedback on this? Best Regards, Qiufang
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
