draft-ietf-netconf-soap-07.txt   draft-ietf-netconf-soap-08.txt 
Network Working Group T. Goddard Network Working Group T. Goddard
Internet-Draft ICEsoft Technologies Inc. Internet-Draft ICEsoft Technologies Inc.
Expires: June 9, 2006 December 6, 2005 Expires: September 3, 2006 March 2, 2006
Using the Network Configuration Protocol (NETCONF) Over the Simple Using the Network Configuration Protocol (NETCONF) Over the Simple
Object Access Protocol (SOAP) Object Access Protocol (SOAP)
draft-ietf-netconf-soap-07 draft-ietf-netconf-soap-08
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 9, 2006. This Internet-Draft will expire on September 3, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
The Network Configuration Protocol (NETCONF) is applicable to a wide The Network Configuration Protocol (NETCONF) is applicable to a wide
range of devices in a variety of environments. The emergence of Web range of devices in a variety of environments. The emergence of Web
Services gives one such environment, and is presently characterized Services gives one such environment, and is presently characterized
by the use of the Simple Object Access Protocol (SOAP). NETCONF by the use of the Simple Object Access Protocol (SOAP). NETCONF
finds many benefits in this environment: from the re-use of existing finds many benefits in this environment: from the re-use of existing
standards, to ease of software development, to integration with standards, to ease of software development, to integration with
deployed systems. Herein, we describe SOAP over HTTP (Hypertext deployed systems. Herein, we describe SOAP over HTTP (Hypertext
skipping to change at page 2, line 31 skipping to change at page 2, line 31
3.1 Fundamental Use Case . . . . . . . . . . . . . . . . . . . 10 3.1 Fundamental Use Case . . . . . . . . . . . . . . . . . . . 10
3.2 NETCONF Session Establishment . . . . . . . . . . . . . . 10 3.2 NETCONF Session Establishment . . . . . . . . . . . . . . 10
3.3 NETCONF Capabilities Exchange . . . . . . . . . . . . . . 10 3.3 NETCONF Capabilities Exchange . . . . . . . . . . . . . . 10
3.4 NETCONF Session Usage . . . . . . . . . . . . . . . . . . 12 3.4 NETCONF Session Usage . . . . . . . . . . . . . . . . . . 12
3.5 NETCONF Session Teardown . . . . . . . . . . . . . . . . . 12 3.5 NETCONF Session Teardown . . . . . . . . . . . . . . . . . 12
3.6 A NETCONF Over SOAP example . . . . . . . . . . . . . . . 12 3.6 A NETCONF Over SOAP example . . . . . . . . . . . . . . . 12
3.7 NETCONF SOAP WSDL . . . . . . . . . . . . . . . . . . . . 14 3.7 NETCONF SOAP WSDL . . . . . . . . . . . . . . . . . . . . 14
3.8 Sample Service Definition WSDL . . . . . . . . . . . . . . 16 3.8 Sample Service Definition WSDL . . . . . . . . . . . . . . 16
4. Security Considerations . . . . . . . . . . . . . . . . . . . 17 4. Security Considerations . . . . . . . . . . . . . . . . . . . 17
4.1 Integrity, Privacy, and Authentication . . . . . . . . . . 17 4.1 Integrity, Privacy, and Authentication . . . . . . . . . . 17
4.2 Vulnerabilities . . . . . . . . . . . . . . . . . . . . . 17 4.2 Vulnerabilities . . . . . . . . . . . . . . . . . . . . . 18
4.3 Environmental Specifics . . . . . . . . . . . . . . . . . 18 4.3 Environmental Specifics . . . . . . . . . . . . . . . . . 18
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.1 Normative References . . . . . . . . . . . . . . . . . . . 20 6.1 Normative References . . . . . . . . . . . . . . . . . . . 20
6.2 Informative References . . . . . . . . . . . . . . . . . . 21 6.2 Informative References . . . . . . . . . . . . . . . . . . 21
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 21 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 21
Intellectual Property and Copyright Statements . . . . . . . . 22 Intellectual Property and Copyright Statements . . . . . . . . 22
1. Introduction 1. Introduction
skipping to change at page 9, line 17 skipping to change at page 9, line 17
<error-severity>error</error-severity> <error-severity>error</error-severity>
<error-info> <error-info>
<bad-attribute>message-id</bad-attribute> <bad-attribute>message-id</bad-attribute>
<bad-element>rpc</bad-element> <bad-element>rpc</bad-element>
</error-info> </error-info>
</rpc-error> </rpc-error>
the associated SOAP Fault message is the associated SOAP Fault message is
<soapenv:Envelope <soapenv:Envelope
xmlns:soapenv= xmlns:soapenv "http://www.w3.org/2003/05/soap-envelope"
"http://www.w3.org/2003/05/soap-envelope"
xmlns:xml="http://www.w3.org/XML/1998/namespace"> xmlns:xml="http://www.w3.org/XML/1998/namespace">
<soapenv:Body> <soapenv:Body>
<soapenv:Fault> <soapenv:Fault>
<soapenv:Code> <soapenv:Code>
<soapenv:Value>env:Receiver</soapenv:Value> <soapenv:Value>env:Receiver</soapenv:Value>
</soapenv:Code> </soapenv:Code>
<soapenv:Reason> <soapenv:Reason>
<soapenv:Text <soapenv:Text
xml:lang="en">MISSING_ATTRIBUTE</soapenv:Text> xml:lang="en">MISSING_ATTRIBUTE</soapenv:Text>
</soapenv:Reason> </soapenv:Reason>
<detail> <detail>
<rpc-error xmlns= <rpc-error xmlns "urn:ietf:params:xml:ns:netconf:base:1.0">
"urn:ietf:params:xml:ns:netconf:base:1.0">
<error-type>rpc</error-type> <error-type>rpc</error-type>
<error-tag>MISSING_ATTRIBUTE</error-tag> <error-tag>MISSING_ATTRIBUTE</error-tag>
<error-severity>error</error-severity> <error-severity>error</error-severity>
<error-info> <error-info>
<bad-attribute>message-id</bad-attribute> <bad-attribute>message-id</bad-attribute>
<bad-element>rpc</bad-element> <bad-element>rpc</bad-element>
</error-info> </error-info>
</rpc-error> </rpc-error>
</detail> </detail>
</soapenv:Fault> </soapenv:Fault>
skipping to change at page 17, line 35 skipping to change at page 17, line 35
is not available. is not available.
The IANA requested port SHOULD be used, as this provides a means for The IANA requested port SHOULD be used, as this provides a means for
efficient firewall filtering during possible denial-of-service efficient firewall filtering during possible denial-of-service
attacks. attacks.
4.1 Integrity, Privacy, and Authentication 4.1 Integrity, Privacy, and Authentication
The NETCONF SOAP binding relies on an underlying secure transport for The NETCONF SOAP binding relies on an underlying secure transport for
integrity and privacy. Such transports are expected to include TLS integrity and privacy. Such transports are expected to include TLS
[9] and IPsec. There are a number of options for authentication [9] (which, when combined with HTTP, is referred to as HTTPS) and
(some of which are deployment-specific): IPsec. There are a number of options for authentication (some of
which are deployment-specific):
o within the transport (such as with TLS client certificates) o within the transport (such as with TLS client certificates)
o within HTTP (such as Digest Access Authentication [7]) o within HTTP (such as Digest Access Authentication [7])
o within SOAP (such as a digital signature in the header [17]) o within SOAP (such as a digital signature in the header [17])
HTTP, BEEP, and SOAP level authentication can be integrated with HTTP, BEEP, and SOAP level authentication can be integrated with
RADIUS [10] (Remote Authentication Dial In User Service) to support RADIUS [10] (Remote Authentication Dial In User Service) to support
remote authentication databases. remote authentication databases.
At a miniumum, all conforming NETCONF over SOAP implementations MUST
support TLS. Specifically, NETCONF over SOAP over HTTP MUST support
NETCONF over SOAP over HTTPS, and NETCONF over SOAP over BEEP MUST
support NETCONF over SOAP over BEEP over TLS.
4.2 Vulnerabilities 4.2 Vulnerabilities
The above protocols may have various vulnerabilities, and these may The above protocols may have various vulnerabilities, and these may
be inherited by NETCONF over SOAP. be inherited by NETCONF over SOAP.
NETCONF itself may have vulnerabilities due to the fact that an NETCONF itself may have vulnerabilities due to the fact that an
authorization model is not currently specified. authorization model is not currently specified.
It is important that device capabilities and authorization remain It is important that device capabilities and authorization remain
constant for the duration of any outstanding NETCONF session. In the constant for the duration of any outstanding NETCONF session. In the
skipping to change at page 20, line 38 skipping to change at page 20, line 38
[5] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., [5] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999, HTTP/1.1", RFC 2616, June 1999,
<http://www.ietf.org/rfc/rfc2616.txt>. <http://www.ietf.org/rfc/rfc2616.txt>.
[6] Moore, K., "On the use of HTTP as a Substrate", RFC 3205, [6] Moore, K., "On the use of HTTP as a Substrate", RFC 3205,
February 2002, <http://www.ietf.org/rfc/rfc3205.txt>. February 2002, <http://www.ietf.org/rfc/rfc3205.txt>.
[7] Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P., [7] Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P.,
Luotonen, A., Sink, E., and L. Stewart, "An Extension to HTTP: Luotonen, A., Sink, E., and L. Stewart, "HTTP Authentication:
Digest Access Authentication", RFC 2069, January 1997, Basic and Digest Access Authentication", RFC 2617, June 1999,
<http://www.ietf.org/rfc/rfc2069.txt>. <http://www.ietf.org/rfc/rfc2617.txt>.
[8] Bradner, S., "Key words for use in RFCs to Indicate Requirement [8] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997, Levels", RFC 2119, March 1997,
<http://www.ietf.org/rfc/rfc2119.txt>. <http://www.ietf.org/rfc/rfc2119.txt>.
[9] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A., and [9] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A., and
P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, P. Kocher, "The TLS Protocol Version 1.0", RFC 2246,
January 1999, <http://www.ietf.org/rfc/rfc2246.txt>. January 1999, <http://www.ietf.org/rfc/rfc2246.txt>.
[10] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote [10] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote
skipping to change at page 22, line 41 skipping to change at page 22, line 41
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 11 change blocks. 
15 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/