Hi Ranga, I think this makes sense for a MUD controller YANG model, but doesn't do well in a MUD file itself. We stop short of that in the document, for fear of boiling the ocean, but I would happily do some follow-up work with you that would include this, if you're interested. The model *is* structured so that you can "use" appropriate elements.
Eliot On 9/20/17 4:22 AM, M. Ranganathan wrote: > Hi Eliot, > > Attached is a proposed YANG file that defines a device to MUD > association. May I suggest words to the following effect: > > Implementations MAY choose to implement a mapping between a MUD > URL and a device identifier. Such a mapping may be communicated to the > MUD controller, which can then install access control rules based on a > previously retrieved MUD file. The mapping must conform to the YANG > specification below. > > How does this sound? Thanks. > > > > On Tue, Sep 19, 2017 at 5:39 PM, Eliot Lear <[email protected] > <mailto:[email protected]>> wrote: > > Hi Ranga, > > The way we did the early code on github was just with FreeRadius > and leveraging sessions which are indexed precisely by MAC > address. And so the MUD Controller functionality sits next to > FreeRadius through callouts. I don't think we want to get that > specific in the draft, and there are others who don't want to > bother with Radius at all in their implementations but would just > assume use other control functions. And that's fine. In fact, > you could build the functionality into a DHCP server, which I did > in my first implementation. So I'm not quite sure what to write. > Suggestions welcome ;-) > > Eliot > > ps: thanks for kinking out the example. Chairs, I'll submit an > updated draft with the example corrected. > > > On 9/19/17 10:10 PM, M. Ranganathan wrote: >> Hello! >> >> MUD profiles are globally identified by the MUD URL. Devices are >> identified by a global Identifier (e.g. MAC address). >> >> In implementing this, I need to associate a specific MUD profile >> with a specific device. >> >> Would the authors consider it within scope to provide some >> guidance on this (for example a simple YANG model that provides >> the structure of a JSON document that can give such a mapping) ? >> >> >> Thanks for reading. >> >> Ranga. >> >> >> -- >> M. Ranganathan >> >> >> _______________________________________________ >> OPSAWG mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/opsawg >> <https://www.ietf.org/mailman/listinfo/opsawg> > > > > > -- > M. Ranganathan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
