Re: [OPSAWG] Associating a MUD profile with a specific device

Tue, 19 Sep 2017 19:23:50 -0700 

Hi Eliot,

Attached is a proposed YANG file that defines a device to MUD association.
May I suggest words to the following effect:

      Implementations MAY choose to implement a mapping between a MUD URL
and a device identifier. Such a mapping may be communicated to the MUD
controller, which can then install access control rules based on a
previously retrieved MUD file. The mapping must conform to the YANG
specification below.

How does this sound? Thanks.



On Tue, Sep 19, 2017 at 5:39 PM, Eliot Lear <l...@cisco.com> wrote:

> Hi Ranga,
>
> The way we did the early code on github was just with FreeRadius and
> leveraging sessions which are indexed precisely by MAC address.  And so the
> MUD Controller functionality sits next to FreeRadius through callouts.  I
> don't think we want to get that specific in the draft, and there are others
> who don't want to bother with Radius at all in their implementations but
> would just assume use other control functions.  And that's fine.  In fact,
> you could build the functionality into a DHCP server, which I did in my
> first implementation.  So I'm not quite sure what to write.  Suggestions
> welcome ;-)
>
> Eliot
>
> ps: thanks for kinking out the example.  Chairs, I'll submit an updated
> draft with the example corrected.
>
> On 9/19/17 10:10 PM, M. Ranganathan wrote:
>
> Hello!
>
> MUD profiles are globally identified by the MUD URL. Devices are
> identified by a global Identifier (e.g. MAC address).
>
> In implementing this, I need to associate a specific MUD profile with a
> specific device.
>
> Would the authors consider it within scope to provide some guidance on
> this (for example a simple YANG model that provides the structure of a JSON
> document that can give such a mapping) ?
>
>
> Thanks for reading.
>
> Ranga.
>
>
> --
> M. Ranganathan
>
>
> _______________________________________________
> OPSAWG mailing listOPSAWG@ietf.orghttps://www.ietf.org/mailman/listinfo/opsawg
>
>
>


-- 
M. Ranganathan

Attachment: ietf-mud-device-association.yang
Description: Binary data

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to