datatracker.ietf.org
Sign in
Version 5.12.0.p1, 2015-03-01
Report a bug

Definitions of Managed Objects for IP Storage User Identity Authorization
RFC 4545

Document type: RFC - Proposed Standard (May 2006; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4545 (Proposed Standard)
Responsible AD: Allison Mankin
Send notices to: <black_david@emc.com>, magnus.westerlund@ericsson.com, mankin@psg.com

Network Working Group                                           M. Bakke
Request for Comments: 4545                                 Cisco Systems
Category: Standards Track                                      J. Muchow
                                                            Qlogic Corp.
                                                                May 2006

                   Definitions of Managed Objects for
                 IP Storage User Identity Authorization

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in TCP/IP-based internets.
   In particular, it defines objects for managing user identities and
   the names, addresses, and credentials required manage access control,
   for use with various protocols.  This document was motivated by the
   need for the configuration of authorized user identities for the
   iSCSI protocol, but has been extended to be useful for other
   protocols that have similar requirements.  It is important to note
   that this MIB module provides only the set of identities to be used
   within access lists; it is the responsibility of other MIB modules
   making use of this one to tie them to their own access lists or other
   authorization control methods.

Bakke & Muchow              Standards Track                     [Page 1]
RFC 4545                 IPS Authorization MIB                  May 2006

Table of Contents

   1. Introduction ....................................................3
   2. Specification of Requirements ...................................3
   3. The Internet-Standard Management Framework ......................3
   4. Relationship to Other MIB Modules ...............................3
   5. Relationship to the USM MIB Module ..............................4
   6. Relationship to SNMP Contexts ...................................5
   7. Discussion ......................................................5
      7.1. Authorization MIB Object Model .............................5
      7.2. ipsAuthInstance ............................................6
      7.3. ipsAuthIdentity ............................................7
      7.4. ipsAuthIdentityName ........................................7
      7.5. ipsAuthIdentityAddress .....................................8
      7.6. ipsAuthCredential ..........................................8
      7.7. IP, Fibre Channel, and Other Addresses .....................9
      7.8. Descriptors: Using OIDs in Place of Enumerated Types ......10
      7.9. Notifications .............................................10
   8. MIB Definitions ................................................11
   9. Security Considerations ........................................35
      9.1. MIB Security Considerations ...............................35
      9.2. Other Security Considerations .............................38
   10. IANA Considerations ...........................................40
   11. Normative References ..........................................40
   12. Informative References ........................................41
   13. Acknowledgements ..............................................41

Bakke & Muchow              Standards Track                     [Page 2]
RFC 4545                 IPS Authorization MIB                  May 2006

1.  Introduction

   This MIB module will be used to configure and/or look at the
   configuration of user identities and their credential information.
   For the purposes of this MIB module, a "user" identity does not need
   to be an actual person; a user can also be a host, an application, a
   cluster of hosts, or any other identifiable entity that can be
   authorized to access a resource.

   Most objects in this MIB module have a MAX-ACCESS of read-create;
   this module is intended to allow configuration of user identities and
   their names, addresses, and credentials.  MIN-ACCESS for all objects
   is read-only for those implementations that configure through other
   means, but require the ability to monitor user identities.

2.  Specification of Requirements

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

[include full document text]