Search This Blog

Tuesday, November 13, 2007

NETCONF Access Control Profile for XACML

"The Network Configuration Protocol defines an XML-based protocol for
managing network device configuration databases." The NETCONF protocol
uses a remote procedure call (RPC) paradigm. A client encodes an RPC
in XML and sends it to a server using a secure, connection-oriented
session. The server responds with a reply encoded in XML. The contents
of both the request and the response are fully described in XML DTDs
or XML schemas, or both, allowing both parties to recognize the syntax
constraints imposed on the exchange. The NETCONF remote network
configuration protocol currently lacks an access control model. The
need for such a model has been recognised within the NETCONF working
group. The Extensible Access Control Markup Language (XACML) is an
XML-based access control standard, with widespread acceptance from
the industry and good open-source support. This document proposes a
profile that defines how to use XACML to provide fine-grain access
control for NETCONF commands. More Information

No comments: