[Isms] current naming agreement

To: ISMS WG <isms at ietf.org>
Subject: [Isms] current naming agreement
From: Wes Hardaker <wjhns1 at hardakers.net>
Date: Tue, 29 Jul 2008 03:37:32 -0700
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=hardakers.net; h=from:to :subject:date:message-id:mime-version:content-type; s=wesmail; bh=gFh87kE1e3JZu3/2FMiUCabPKYI=; b=Y6nSho2qFNhOTX3FuKNXGYulz5wF pdRC/OaCNc1b8Z7/q77BPHvnjDx5ZEGKURNEMJQgZ64Ute5p+lV15o/XRJ1zaTa7 BOD3p98TcFKetGsk7p2uHum8Y5ABjw6gzXAPOMVAH7/jermwv477XA9yHgLLBqFk AnSNvD8eq1zg4zQ=
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Organization: Sparta
Sender: isms-bounces at ietf.org
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE)

I *think* that there is almost agreement on the following as a solution,
based on discussions on the list and in the hallways.  I think this is a
reasonable compromise on most sides (it's not the solution I myself
would pick, but I'm willing to accept it).  It combines elements from
multiple people and satisfies some of the issues some folks have.  None
of the elements are new, just combined.

Points:
* Defaults to no-configuration necessary for the easiest use case
** (IE, SSH user "david" will end up at the VACM as "david" unless the
   operator dictates otherwise).
* Doesn't require a complex management scheme
** Uses a single scalar for configuration.  It's not as flexible as some
   (including myself) may like, but it achieves the needed goal.
* Allows separation of TM protocols if needed by an operator.
* Assumes this is needed, which I'm not sure consensus has been reached
  on, but I think it's close.
* Puts the prefixing requirement in the TM instead of the TSM so the TSM
  can be TM agnostic (providing more architectural separation).
* Insanely simple to implement.  Searching for a mandatory : passed up
  by the lower level transport and stripping it is very little code and
  should be very fast.

Proposal Summary:
  In the TM document:
     "Documents defining a new TM implementation MUST define a security
     name prefix that will be pre-pended to all passed securityNames.
     This prefix MUST be from 1-4 securityName compatible octets
     followed by a ':' (ASCII 0x3a) character."

  In the TSM document:
     Add the following object (or similar) to the MIB:

     tsmStripSecurityNamePrefix OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
             "This object indicates whether the transport modules string
             prefix will be removed before being passing the securityName
             to the message processing model.  If set to true, the string
             prefix will be removed.  If set to false, the string prefix
             will be left in place in front of the securityName passed up
             from the transport."
         DEFVAL { true }
         ::= { FILL }     

    (sorry David, I forgot the object name you wanted but I'll leave it
    to you to propose the scalar name you wished)

    Change bullet 4 in section 5.2 to read:

   4) Set securityName to the value of tmSecurityName from the cache
      referenced by tmStateReference.  If the tsmStripSecurityNamePrefix
      object indicates that the TM prefix should be removed, remove
      everything up to and including the first ':' (ASCII 0x3a)
      character in the securityName value to be returned.

-- 
Wes Hardaker
Sparta, Inc.
_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] current naming agreement
  - From: Juergen Schoenwaelder
- Re: [Isms] current naming agreement
  - From: David B. Nelson
- Re: [Isms] current naming agreement
  - From: David B. Nelson

Prev by Date: Re: [Isms] Multiple user namespaces (was RE: pre11 comments)
Next by Date: Re: [Isms] current naming agreement
Previous by thread: [Isms] note taker and jabber scribe - please volunteer
Next by thread: Re: [Isms] current naming agreement
Index(es):
- Date
- Thread

[Isms] current naming agreement

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.