Re: [netconf] Secdir last call review of draft-ietf-netconf-restconf-notif-13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2019-04-19, 11:56 PM, "Benjamin Kaduk" <kaduk@xxxxxxx> wrote:

    On Fri, Apr 12, 2019 at 09:29:35PM +0000, Reshad Rahman (rrahman) wrote:
    > Hi Aanchal,
    > 
    > Thanks for the review. Please see inline.
    > 
    > On 2019-04-11, 5:54 PM, "netconf on behalf of Aanchal Malhotra via Datatracker" <netconf-bounces@xxxxxxxx on behalf of noreply@xxxxxxxx> wrote:
    > 
    >     Reviewer: Aanchal Malhotra
    >     Review result: Ready
    >     
    >     The document is very clear and concise.  I just have one minor clarification question.
    >     Section 3.4 Page 9 that says the following:
    >     "In addition to any required ........SHOULD only be allowed......".  
    >     
    >     Is there a reason for using SHOULD instead of MUST? 
    > 
    > There may be reasons why an implementation decides not to enforce this restriction. Going by RFC2119 definitions, this is why we chose SHOULD instead of MUST.
    
    If you have some reasons in mind, it is often helpful to list them as
    examples of when the recommended behavior would not be followed.

What we had in mind is a "super-user" who could be given access to subscriptions of other users. Is this obvious or should I can add text to that effect at the end the bullet below? Something along the lines of "For example, a RESTCONF username with the required administrative permissions could be allowed to invoke RPCs modify-subscription, resync-subscription and delete-subscription on a subscription which was created by another username.".

   o  In addition to any required access permissions (e.g., NACM), RPCs
      modify-subscription, resync-subscription and delete-subscription
      SHOULD only be allowed by the same RESTCONF username [RFC8040]
      which invoked establish-subscription.

Regards,
Reshad.
    
    Thank you Aanchal for the review!
    
    -Ben
    





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux