View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
RFC 2265
Document | Type |
RFC - Proposed Standard
(January 1998; No errata)
Obsoleted by RFC 2275
|
|
---|---|---|---|
Authors | Keith McCloghrie , Randy Presuhn , Bert Wijnen | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 2265 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group B. Wijnen Request for Comments: 2265 IBM T. J. Watson Research Category: Standards Track R. Presuhn BMC Software, Inc. K. McCloghrie Cisco Systems, Inc. January 1998 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1997). All Rights Reserved. Abstract This document describes the View-based Access Control Model for use in the SNMP architecture [RFC2261]. It defines the Elements of Procedure for controlling access to management information. This document also includes a MIB for remotely managing the configuration parameters for the View-based Access Control Model. Table of Contents 1. Introduction 2 1.2. Access Control 2 1.3. Local Configuration Datastore 3 2. Elements of the Model 3 2.1. Groups 3 2.2. securityLevel 4 2.3. Contexts 4 2.4. MIB Views and View Families 4 2.4.1. View Subtree 5 2.4.2. ViewTreeFamily 5 2.5. Access Policy 6 3. Elements of Procedure 6 3.1. Overview of isAccessAllowed Process 8 3.2. Processing the isAccessAllowed Service Request 9 4. Definitions 10 Wijnen, et. al. Standards Track [Page 1] RFC 2265 VACM for SNMPv3 January 1998 5. Intellectual Property 26 6. Acknowledgements 27 7. Security Considerations 28 7.1. Recommended Practices 28 7.2. Defining Groups 29 7.3. Conformance 29 8. References 29 9. Editors' Addresses 30 A.1. Installation Parameters 31 B. Full Copyright Statement 36 1. Introduction The Architecture for describing Internet Management Frameworks [RFC2261] describes that an SNMP engine is composed of: 1) a Dispatcher 2) a Message Processing Subsystem, 3) a Security Subsystem, and 4) an Access Control Subsystem. Applications make use of the services of these subsystems. It is important to understand the SNMP architecture and its terminology to understand where the View-based Access Control Model described in this document fits into the architecture and interacts with other subsystems within the architecture. The reader is expected to have read and understood the description and terminology of the SNMP architecture, as defined in [RFC2261]. The Access Control Subsystem of an SNMP engine has the responsibility for checking whether a specific type of access (read, write, notify) to a particular object (instance) is allowed. It is the purpose of this document to define a specific model of the Access Control Subsystem, designated the View-based Access Control Model. Note that this is not necessarily the only Access Control Model. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. Access Control Access Control occurs (either implicitly or explicitly) in an SNMP entity when processing SNMP retrieval or modification request messages from an SNMP entity. For example a Command Responder Wijnen, et. al. Standards Track [Page 2] RFC 2265 VACM for SNMPv3 January 1998Show full document text