View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
RFC 3415

Document Type RFC - Internet Standard (December 2002; Errata)
Obsoletes RFC 2575
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 3415 (Internet Standard)
Telechat date
Responsible AD Randy Bush
IESG note Approved
Responsible: RFC Editor
Send notices to <mundy@tislabs.com>, <dbh@enterasys.com>
Network Working Group                                          B. Wijnen
Request for Comments: 3415                           Lucent Technologies
STD: 62                                                       R. Presuhn
Obsoletes: 2575                                       BMC Software, Inc.
Category: Standards Track                                  K. McCloghrie
                                                     Cisco Systems, Inc.
                                                           December 2002

             View-based Access Control Model (VACM) for the
               Simple Network Management Protocol (SNMP)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document describes the View-based Access Control Model (VACM)
   for use in the Simple Network Management Protocol (SNMP)
   architecture.  It defines the Elements of Procedure for controlling
   access to management information.  This document also includes a
   Management Information Base (MIB) for remotely managing the
   configuration parameters for the View-based Access Control Model.
   This document obsoletes RFC 2575.

Wijnen, et al.              Standards Track                     [Page 1]
RFC 3415                   VACM for the SNMP               December 2002

Table of Contents

   1.  Introduction .................................................  2
   1.2.  Access Control .............................................  3
   1.3.  Local Configuration Datastore ..............................  3
   2.  Elements of the Model ........................................  4
   2.1.  Groups .....................................................  4
   2.2.  securityLevel ..............................................  4
   2.3.  Contexts ...................................................  4
   2.4.  MIB Views and View Families ................................  5
   2.4.1.  View Subtree .............................................  5
   2.4.2.  ViewTreeFamily ...........................................  6
   2.5.  Access Policy ..............................................  6
   3.  Elements of Procedure ........................................  7
   3.1.  Overview  of isAccessAllowed Process .......................  8
   3.2.  Processing the isAccessAllowed Service Request .............  9
   4.  Definitions .................................................. 11
   5.  Intellectual Property ........................................ 28
   6.  Acknowledgements ............................................. 28
   7.  Security Considerations ...................................... 30
   7.1.  Recommended Practices ...................................... 30
   7.2.  Defining Groups ............................................ 30
   7.3.  Conformance ................................................ 31
   7.4.  Access to the SNMP-VIEW-BASED-ACM-MIB ...................... 31
   8.  References ................................................... 31
   A.  Installation ................................................. 33
   B.  Change Log ................................................... 36
   Editors' Addresses ............................................... 38
   Full Copyright Statement ......................................... 39

1.  Introduction

   The Architecture for describing Internet Management Frameworks
   [RFC3411] describes that an SNMP engine is composed of:

      1) a Dispatcher
      2) a Message Processing Subsystem,
      3) a Security Subsystem, and
      4) an Access Control Subsystem.

   Applications make use of the services of these subsystems.

   It is important to understand the SNMP architecture and its
   terminology to understand where the View-based Access Control Model
   described in this document fits into the architecture and interacts
   with other subsystems within the architecture.  The reader is
   expected to have read and understood the description and terminology
   of the SNMP architecture, as defined in [RFC3411].

Wijnen, et al.              Standards Track                     [Page 2]
RFC 3415                   VACM for the SNMP               December 2002

   The Access Control Subsystem of an SNMP engine has the responsibility
   for checking whether a specific type of access (read, write, notify)
   to a particular object (instance) is allowed.
Show full document text