📄 rfc3231.txt
字号:
An implementation must ensure that access control rules are applied
when doing the set operation. This is accomplished by calling the
isAccessAllowed abstract service interface defined in RFC 2571
[RFC2571]:
statusInformation = -- success or errorIndication
isAccessAllowed(
IN securityModel -- Security Model in use
IN securityName -- principal who wants to access
IN securityLevel -- Level of Security
IN viewType -- read, write, or notify view
IN contextName -- context containing variableName
IN variableName -- OID for the managed object
)
The securityModel, securityName and securityLevel parameters are set
to the values that were recorded when the scheduling entry was
created. The viewType parameter must select the write view and the
contextName and variableName parameters are taken from the
schedContextName and schedVariableName values of the scheduling
entry.
This MIB limits scheduled actions to objects in the local MIB. This
avoids security problems with the delegation of access rights.
However, it might be possible for a user of this MIB to own some
schedules that might trigger far in the future. This can cause
security risks if the security administrator did not properly update
the access control lists when a user is withdrawn from an SNMP
engine. Therefore, entries in the schedTable SHOULD be cleaned up
whenever a user is removed from an SNMP engine.
To facilitate the provisioning of access control by a security
administrator using the View-Based Access Control Model (VACM)
defined in RFC 2575 [RFC2575] for tables in which multiple users may
need to independently create or modify entries, the initial index is
used as an "owner index". Such an initial index has a syntax of
Levi & Schoenwaelder Standards Track [Page 24]
RFC 3231 Schedule MIB January 2002
SnmpAdminString, and can thus be trivially mapped to a securityName
or groupName as defined in VACM, in accordance with a security
policy.
All entries in related tables belonging to a particular user will
have the same value for this initial index. For a given user's
entries in a particular table, the object identifiers for the
information in these entries will have the same subidentifiers
(except for the "column" subidentifier) up to the end of the encoded
owner index. To configure VACM to permit access to this portion of
the table, one would create vacmViewTreeFamilyTable entries with the
value of vacmViewTreeFamilySubtree including the owner index portion,
and vacmViewTreeFamilyMask "wildcarding" the column subidentifier.
More elaborate configurations are possible.
7. Intellectual Property
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP 11, RFC 2028.
Copies of claims of rights made available for publication and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementors or users of this
specification can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
8. Changes from RFC 2591
The following list documents major changes from the previous version
of this document, published as RFC 2591:
- Updated the SNMP Management Framework boilerplate and the
references.
- Added revision clauses to the module identity macro.
- Clarified the behavior during time transitions.
Levi & Schoenwaelder Standards Track [Page 25]
RFC 3231 Schedule MIB January 2002
- Clarified that schedInterval and schedCalendarGroup objects can be
modified regardless of the current value of schedRowStatus,
schedAdminStatus and schedOperStatus.
- Added some additional boilerplate text to the security
considerations section.
- Clarified that implementations must re-calculate any pending
action invocations when scheduling parameters are modified.
- Clarified that schedOperStatus must not be enabled while the
schedRowStatus is not active.
- Clarified that schedRowStatus can not be changed as long as the
schedOperStatus is enabled.
- Clarified that implementations can delegate the isAccessAllowed
check by sending themself an SNMP Set message.
- Added the schedTriggers object which counts the total number of
triggers.
- Added DEFVALs for schedContextName, schedVariable, and schedValue
and updated the schedRowStatus description.
- Deprecated schedCompliance, schedGroup and created
schedCompliance2 and schedGroup2 that take care of the new
schedTriggers object.
9. Acknowledgments
This document was produced by the IETF Distributed Management
(DISMAN) working group.
10. References
[RFC2571] Harrington, D., Presuhn, R. and B. Wijnen, "An
Architecture for Describing SNMP Management Frameworks",
RFC 2571, April 1999.
[RFC1155] Rose, M. and K. McCloghrie, "Structure and Identification
of Management Information for TCP/IP-based Internets", STD
16, RFC 1155, May 1990.
[RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD
16, RFC 1212, March 1991.
Levi & Schoenwaelder Standards Track [Page 26]
RFC 3231 Schedule MIB January 2002
[RFC1215] Rose, M., "A Convention for Defining Traps for use with
the SNMP", RFC 1215, March 1991.
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999.
[RFC1157] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple
Network Management Protocol", STD 15, RFC 1157, May 1990.
[RFC1901] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901,
January 1996.
[RFC1906] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, January 1996.
[RFC2572] Case, J., Harrington D., Presuhn R. and B. Wijnen,
"Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP)", RFC 2572, April 1999.
[RFC2574] Blumenthal, U. and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", RFC 2574, April 1999.
[RFC1905] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1905, January 1996.
[RFC2573] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications",
RFC 2573, April 1999.
[RFC2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based
Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)", RFC 2575, April 1999.
Levi & Schoenwaelder Standards Track [Page 27]
RFC 3231 Schedule MIB January 2002
[RFC2570] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction to Version 3 of the Internet-standard
Network Management Framework", RFC 2570, April 1999.
[RFC2028] Hovey, R. and S. Bradner, "The Organizations Involved in
the IETF Standards Process", BCP 11, RFC 2028, October
1996.
[RFC3165] Levi, D. and J. Schoenwaelder, "Definitions of Managed
Objects for the Delegation of Management Scripts", RFC
3165, August 2001.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, June 2000.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
11. Editors' Addresses
David B. Levi
Nortel Networks
4401 Great America Parkway
Santa Clara, CA 95052-8185
USA
Phone: +1 865 686 0432
EMail: dlevi@nortelnetworks.com
Juergen Schoenwaelder
TU Braunschweig
Bueltenweg 74/75
38106 Braunschweig
Germany
Phone: +49 531 391-3283
EMail: schoenw@ibr.cs.tu-bs.de
Levi & Schoenwaelder Standards Track [Page 28]
RFC 3231 Schedule MIB January 2002
12. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Levi & Schoenwaelder Standards Track [Page 29]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -