Definitions of Managed Objects for IP Storage User Identity Authorization
RFC 4545

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>, 
    ips mailing list <>, 
    ips chair <>
Subject: Protocol Action: 'Definitions of Managed Objects for IP 
         Storage User Identity Authorization' to Proposed Standard 

The IESG has approved the following document:

- 'Definitions of Managed Objects for IP Storage User Identity 
   Authorization '
   <draft-ietf-ips-auth-mib-09.txt> as a Proposed Standard

This document is the product of the IP Storage Working Group. 

The IESG contact persons are Allison Mankin and Magnus Westerlund.

A URL of this Internet-Draft is:

Technical Summary
   This MIB defines objects for managing user identities and the
   names, addresses, and credentials required manage access control, for
   use with various protocols.  This draft was motivated by the need for
   the configuration of authorized user identities for the iSCSI
   protocol, but has been extended to be useful for other storage protocols
   with similar requirements.  It is important to note that this MIB
   module provides only the set of identities to be used within access
   lists; it is the responsibility of other MIB modules (or applications) 
   using this to tie them to their own access lists or other authorization
   control methods.
Working Group Summary
  The working group reached consensus on this document easily.  
  The group's work on this document completed a long time ago; there
  was considerable delay before a MIB doctor review slot could be
Protocol Quality
  Bert Wijnen became the MIB Doctor for this specification and
  provided extensive comments, for which revisions were made.
  David Black is the WG Chair shepherd.  Allison Mankin is the
  Responsible Area Director.

Notes to RFC Editor
Please make the following changes:

(1) Add the following sentence to the end of Section 7.6 as a
separate paragraph (i.e., not as part of the description of "Other"):

   An additional credential type can be added to this MIB module by
   defining a new OID in the ipsAuthMethodTypes subtree, and defining
   a new table specific to that credential-type.

(2) Make the following changes so that RFC 4120 is referenced instead
    of RFC 1510.  

- Section 7.6
        OLD: [RFC1510]   NEW: [RFC4120]

- Section 9, DESCRIPTION clause for ipsAuthCredKerbPrincipal
        J. Kohl, C. Neuman, RFC 1510: The Kerberos Network
        Authentication Service (V5), September 1993
        C. Neuman, S. Hartman, and K. Raeburn, RFC 4120:
        The Kerberos Network Authentication Service (V5),
        July 2005

- Section 11, replace the normative reference to RFC 1510
  with a normative reference to RFC 4120.