draft-ietf-netconf-notification-13.txt | draft-ietf-netconf-notification-14.txt | |||
---|---|---|---|---|
Network Working Group S. Chisholm | Network Working Group S. Chisholm | |||
Internet-Draft Nortel | Internet-Draft Nortel | |||
Intended status: Standards Track H. Trevino | Intended status: Standards Track H. Trevino | |||
Expires: November 30, 2008 Cisco | Expires: December 15, 2008 Cisco | |||
May 29, 2008 | June 13, 2008 | |||
NETCONF Event Notifications | NETCONF Event Notifications | |||
draft-ietf-netconf-notification-13.txt | draft-ietf-netconf-notification-14.txt | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 35 | skipping to change at page 1, line 35 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on November 30, 2008. | This Internet-Draft will expire on December 15, 2008. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||
Abstract | Abstract | |||
This document defines mechanisms that provide an asynchronous message | This document defines mechanisms that provide an asynchronous message | |||
notification delivery service for the NETCONF protocol. This is an | notification delivery service for the NETCONF protocol. This is an | |||
optional capability built on top of the base NETCONF definition. | optional capability built on top of the base NETCONF definition. | |||
skipping to change at page 3, line 16 | skipping to change at page 3, line 16 | |||
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 | |||
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 38 | 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 38 | |||
10. Normative References . . . . . . . . . . . . . . . . . . . . . 39 | 10. Normative References . . . . . . . . . . . . . . . . . . . . . 39 | |||
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 40 | Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 40 | |||
A.1. Version -08 . . . . . . . . . . . . . . . . . . . . . . . 40 | A.1. Version -08 . . . . . . . . . . . . . . . . . . . . . . . 40 | |||
A.2. Version -09 . . . . . . . . . . . . . . . . . . . . . . . 42 | A.2. Version -09 . . . . . . . . . . . . . . . . . . . . . . . 42 | |||
A.3. Version -10 . . . . . . . . . . . . . . . . . . . . . . . 44 | A.3. Version -10 . . . . . . . . . . . . . . . . . . . . . . . 44 | |||
A.4. Version -11 . . . . . . . . . . . . . . . . . . . . . . . 44 | A.4. Version -11 . . . . . . . . . . . . . . . . . . . . . . . 44 | |||
A.5. Version -12 . . . . . . . . . . . . . . . . . . . . . . . 45 | A.5. Version -12 . . . . . . . . . . . . . . . . . . . . . . . 45 | |||
A.6. Version -13 . . . . . . . . . . . . . . . . . . . . . . . 45 | A.6. Version -13 . . . . . . . . . . . . . . . . . . . . . . . 45 | |||
A.7. Version -13 . . . . . . . . . . . . . . . . . . . . . . . 47 | ||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 48 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 48 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 49 | Intellectual Property and Copyright Statements . . . . . . . . . . 49 | |||
1. Introduction | 1. Introduction | |||
[NETCONF] can be conceptually partitioned into four layers: | [NETCONF] can be conceptually partitioned into four layers: | |||
Layer Example | Layer Example | |||
+-------------+ +-------------------------------------------+ | +-------------+ +-------------------------------------------+ | |||
| Content | | Configuration data | | | Content | | Configuration data | | |||
skipping to change at page 35, line 46 | skipping to change at page 35, line 46 | |||
One potential security issue is the transport of data from non- | One potential security issue is the transport of data from non- | |||
NETCONF streams, such as syslog and SNMP. This data may be more | NETCONF streams, such as syslog and SNMP. This data may be more | |||
vulnerable (or less vulnerable) when being transported over NETCONF | vulnerable (or less vulnerable) when being transported over NETCONF | |||
than when being transported using the protocol normally used for | than when being transported using the protocol normally used for | |||
transporting it, depending on the security credentials of the two | transporting it, depending on the security credentials of the two | |||
subsystems. The NETCONF server is responsible for applying access | subsystems. The NETCONF server is responsible for applying access | |||
control to stream content. | control to stream content. | |||
The contents of notifications as well as the names of event streams | The contents of notifications as well as the names of event streams | |||
may contain sensitive information and care should be taken to ensure | may contain sensitive information and care should be taken to ensure | |||
that they are viewed only by authorized users. If a user is not | that they are viewed only by authorized users. The NETCONF server | |||
authorized to view all elements in the content of the notification, | MUST NOT include any content in a notification which the user is not | |||
the notification is not sent to that user. | authorized to view. | |||
If a subscription is created with a <stopTime>, the NETCONF session | If a subscription is created with a <stopTime>, the NETCONF session | |||
will return to being a normal command-response NETCONF session when | will return to being a normal command-response NETCONF session when | |||
the replay is completed. It is the responsibility of the NETCONF | the replay is completed. It is the responsibility of the NETCONF | |||
client to close this session when it is no longer of use. | client to close this session when it is no longer of use. | |||
8. IANA Considerations | 8. IANA Considerations | |||
-- Editor note to IANA/RFC-Editor: we request that you make these | -- Editor note to IANA/RFC-Editor: we request that you make these | |||
assignments, in which case it is to be documented as below | assignments, in which case it is to be documented as below | |||
skipping to change at page 48, line 5 | skipping to change at page 47, line 30 | |||
involved. When a <get> is received against the content defined | involved. When a <get> is received against the content defined | |||
in this memo, clients should only be able to view the content | in this memo, clients should only be able to view the content | |||
for which they have sufficient privileges. A create <create- | for which they have sufficient privileges. A create <create- | |||
subscription> operation can be considered like a deferred <get>, | subscription> operation can be considered like a deferred <get>, | |||
and the content that different users can access may vary. This | and the content that different users can access may vary. This | |||
different access is reflected in the <notification> that | different access is reflected in the <notification> that | |||
different users are able to subscribe to. | different users are able to subscribe to. | |||
14. Updated import statements to not used fully qualified URLs. | 14. Updated import statements to not used fully qualified URLs. | |||
A.7. Version -13 | ||||
1. In the Security Considerations section replaced "If a user is not | ||||
authorized to view all elements in the content of the | ||||
notification, the notification is not sent to that user." with | ||||
"The NETCONF server MUST NOT include any content in a | ||||
notification which the user is not authorized to view." | ||||
Authors' Addresses | Authors' Addresses | |||
Sharon Chisholm | Sharon Chisholm | |||
Nortel | Nortel | |||
3500 Carling Ave | 3500 Carling Ave | |||
Nepean, Ontario K2H 8E9 | Nepean, Ontario K2H 8E9 | |||
Canada | Canada | |||
Email: schishol@nortel.com | Email: schishol@nortel.com | |||
End of changes. 6 change blocks. | ||||
7 lines changed or deleted | 16 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |