> Jeffrey Haas, Tuesday, May 31, 2016 3:51 PM > > yang-push covers much of our desired pub-sub behavior. (Yay!)
Excellent > Discussion is required for how to tag security considerations impacting > transport > into the yang model, in particular for notification. We have been working two mechanisms being worked in the pub-sub drafts: (1) For dynamically established subscriptions, the security credentials used for establishing the transport connection will also be used to determine either (a) access to an Event stream, or (b) access to nodes in a YANG datastore. For (b) if the subscription has no read access to the target node then the subscription is rejected; if subtree nodes have no read access, then they are filtered out of the response. (2) For subscriptions statically configured on a device, minimum security expectations and transport requirements will be included as part of the subscription. Once the transport connectivity is established, the process in (1) above would be followed. Are these addressing the security concerns you have about the subscription mechanisms? Is something else needed? > Proposals for secondary identity and priority are also needed. Per my other email, mechanisms for priority might be adoptable from the Subscription drafts. Eric > -- Jeff > > _______________________________________________ > i2rs mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2rs _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
