rfc2575.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

    SYNTAX       INTEGER  { included(1), excluded(2) }
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "Indicates whether the corresponding instances of
                 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask
                 define a family of view subtrees which is included in
                 or excluded from the MIB view.
                "
    DEFVAL      { included }
    ::= { vacmViewTreeFamilyEntry 4 }

vacmViewTreeFamilyStorageType OBJECT-TYPE
    SYNTAX       StorageType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "The storage type for this conceptual row.

                 Conceptual rows having the value 'permanent' need not



Wijnen, et al.              Standards Track                    [Page 24]

RFC 2575                     VACM for SNMP                    April 1999


                 allow write-access to any columnar objects in the row.
                "
    DEFVAL      { nonVolatile }
    ::= { vacmViewTreeFamilyEntry 5 }

vacmViewTreeFamilyStatus OBJECT-TYPE
    SYNTAX       RowStatus
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "The status of this conceptual row.

                 The  RowStatus TC [RFC2579] requires that this
                 DESCRIPTION clause states under which circumstances
                 other objects in this row can be modified:

                 The value of this object has no effect on whether
                 other objects in this conceptual row can be modified.
                "
    ::= { vacmViewTreeFamilyEntry 6 }

-- Conformance information *******************************************

vacmMIBCompliances  OBJECT IDENTIFIER ::= { vacmMIBConformance 1 }
vacmMIBGroups       OBJECT IDENTIFIER ::= { vacmMIBConformance 2 }

-- Compliance statements *********************************************

vacmMIBCompliance MODULE-COMPLIANCE
    STATUS       current
    DESCRIPTION "The compliance statement for SNMP engines which
                 implement the SNMP View-based Access Control Model
                 configuration MIB.
                "
    MODULE -- this module
        MANDATORY-GROUPS { vacmBasicGroup }

        OBJECT        vacmAccessContextMatch
        MIN-ACCESS    read-only
        DESCRIPTION  "Write access is not required."

        OBJECT        vacmAccessReadViewName
        MIN-ACCESS    read-only
        DESCRIPTION  "Write access is not required."

        OBJECT        vacmAccessWriteViewName
        MIN-ACCESS    read-only
        DESCRIPTION  "Write access is not required."




Wijnen, et al.              Standards Track                    [Page 25]

RFC 2575                     VACM for SNMP                    April 1999


        OBJECT        vacmAccessNotifyViewName
        MIN-ACCESS    read-only
        DESCRIPTION  "Write access is not required."

        OBJECT        vacmAccessStorageType
        MIN-ACCESS    read-only
        DESCRIPTION  "Write access is not required."

        OBJECT        vacmAccessStatus
        MIN-ACCESS    read-only
        DESCRIPTION  "Create/delete/modify access to the
                      vacmAccessTable is not required.
                     "

        OBJECT        vacmViewTreeFamilyMask
        WRITE-SYNTAX  OCTET STRING (SIZE (0))
        MIN-ACCESS    read-only
        DESCRIPTION  "Support for configuration via SNMP of subtree
                      families using wild-cards is not required.
                     "

        OBJECT        vacmViewTreeFamilyType
        MIN-ACCESS    read-only
        DESCRIPTION  "Write access is not required."

        OBJECT        vacmViewTreeFamilyStorageType
        MIN-ACCESS    read-only
        DESCRIPTION  "Write access is not required."

        OBJECT        vacmViewTreeFamilyStatus
        MIN-ACCESS    read-only
        DESCRIPTION  "Create/delete/modify access to the
                      vacmViewTreeFamilyTable is not required.
                     "
    ::= { vacmMIBCompliances 1 }

-- Units of conformance **********************************************

vacmBasicGroup OBJECT-GROUP
    OBJECTS {
              vacmContextName,
              vacmGroupName,
              vacmSecurityToGroupStorageType,
              vacmSecurityToGroupStatus,
              vacmAccessContextMatch,
              vacmAccessReadViewName,
              vacmAccessWriteViewName,
              vacmAccessNotifyViewName,



Wijnen, et al.              Standards Track                    [Page 26]

RFC 2575                     VACM for SNMP                    April 1999


              vacmAccessStorageType,
              vacmAccessStatus,
              vacmViewSpinLock,
              vacmViewTreeFamilyMask,
              vacmViewTreeFamilyType,
              vacmViewTreeFamilyStorageType,
              vacmViewTreeFamilyStatus
            }
    STATUS       current
    DESCRIPTION "A collection of objects providing for remote
                 configuration of an SNMP engine which implements
                 the SNMP View-based Access Control Model.
                "
    ::= { vacmMIBGroups 1 }

END

5.  Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.













Wijnen, et al.              Standards Track                    [Page 27]

RFC 2575                     VACM for SNMP                    April 1999


6.  Acknowledgements

   This document is the result of the efforts of the SNMPv3 Working
   Group.  Some special thanks are in order to the following SNMPv3 WG
   members:

   Harald Tveit Alvestrand (Maxware)
   Dave Battle (SNMP Research, Inc.)
   Alan Beard (Disney Worldwide Services)
   Paul Berrevoets (SWI Systemware/Halcyon Inc.)
   Martin Bjorklund (Ericsson)
   Uri Blumenthal (IBM T.J. Watson Research Center)
   Jeff Case (SNMP Research, Inc.)
   John Curran (BBN)
   Mike Daniele (Compaq Computer Corporation)
   T. Max Devlin (Eltrax Systems)
   John Flick (Hewlett Packard)
   Rob Frye (MCI)
   Wes Hardaker (U.C.Davis, Information Technology - D.C.A.S.)
   David Harrington (Cabletron Systems Inc.)
   Lauren Heintz (BMC Software, Inc.)
   N.C. Hien (IBM T.J. Watson Research Center)
   Michael Kirkham (InterWorking Labs, Inc.)
   Dave Levi (SNMP Research, Inc.)
   Louis A Mamakos (UUNET Technologies Inc.)
   Joe Marzot (Nortel Networks)
   Paul Meyer (Secure Computing Corporation)
   Keith McCloghrie (Cisco Systems)
   Bob Moore (IBM)
   Russ Mundy (TIS Labs at Network Associates)
   Bob Natale (ACE*COMM Corporation)
   Mike O'Dell (UUNET Technologies Inc.)
   Dave Perkins (DeskTalk)
   Peter Polkinghorne (Brunel University)
   Randy Presuhn (BMC Software, Inc.)
   David Reeder (TIS Labs at Network Associates)
   David Reid (SNMP Research, Inc.)
   Aleksey Romanov (Quality Quorum)
   Shawn Routhier (Epilogue)
   Juergen Schoenwaelder (TU Braunschweig)
   Bob Stewart (Cisco Systems)
   Mike Thatcher (Independent Consultant)
   Bert Wijnen (IBM T.J. Watson Research Center)








Wijnen, et al.              Standards Track                    [Page 28]

RFC 2575                     VACM for SNMP                    April 1999


   The document is based on recommendations of the IETF Security and
   Administrative Framework Evolution for SNMP Advisory Team.  Members
   of that Advisory Team were:

   David Harrington (Cabletron Systems Inc.)
   Jeff Johnson (Cisco Systems)
   David Levi (SNMP Research Inc.)
   John Linn (Openvision)
   Russ Mundy (Trusted Information Systems) chair
   Shawn Routhier (Epilogue)
   Glenn Waters (Nortel)
   Bert Wijnen (IBM T. J. Watson Research Center)

   As recommended by the Advisory Team and the SNMPv3 Working Group
   Charter, the design incorporates as much as practical from previous
   RFCs and drafts. As a result, special thanks are due to the authors
   of previous designs known as SNMPv2u and SNMPv2*:

   Jeff Case (SNMP Research, Inc.)
   David Harrington (Cabletron Systems Inc.)
   David Levi (SNMP Research, Inc.)
   Keith McCloghrie (Cisco Systems)
   Brian O'Keefe (Hewlett Packard)
   Marshall T. Rose (Dover Beach Consulting)
   Jon Saperia (BGS Systems Inc.)
   Steve Waldbusser (International Network Services)
   Glenn W. Waters (Bell-Northern Research Ltd.)

7.  Security Considerations

7.1.  Recommended Practices

   This document is meant for use in the SNMP architecture.  The View-
   based Access Control Model described in this document checks access
   rights to management information based on:

   - contextName, representing a set of management information at the
     managed system where the Access Control module is running.
   - groupName, representing a set of zero or more securityNames.
     The combination of a securityModel and a securityName is mapped
     into a group in the View-based Access Control Model.
   - securityModel under which access is requested.
   - securityLevel under which access is requested.
   - operation performed on the management information.
   - MIB views for read, write or notify access.






Wijnen, et al.              Standards Track                    [Page 29]

RFC 2575                     VACM for SNMP                    April 1999


   When the User-based Access Control module is called for checking
   access rights, it is assumed that the calling module has ensured the
   authentication and privacy aspects as specified by the securityLevel
   that is being passed.

   When creating entries in or deleting entries from the
   vacmViewTreeFamilyTable it is important to do such in the sequence as
   recommended in the DESCRIPTION clause of the vacmViewTreeFamilyTable
   definition. Otherwise unwanted access may be granted while changing
   the entries in the table.

7.2.  Defining Groups

   The groupNames are used to give access to a group of zero or more
   securityNames.  Within the View-Based Access Control Model, a
   groupName is considered to exist if that groupName is listed in the
   vacmSecurityToGroupTable.

   By mapping the combination of a securityModel and securityName into a
   groupName, an SNMP Command Generator application can add/delete
   securityNames to/from a group, if proper access is