rfc3415.View-based Access Control Model (VACM) for

NetworkWorkingGroupB.WijnenRequestforComments:3415LucentTechnologiesSTD:62R.PresuhnObsoletes:2575BMCSoftware,Inc.Category:StandardsTrackK.McCloghrieCiscoSystems,Inc.December2002View-basedAccessControlModel(VACM)fortheSimpleNetworkManagementProtocol(SNMP)StatusofthisMemoThisdocumentspecifiesanInternetstandardstrackprotocolfortheInternetcommunity,andrequestsdiscussionandsuggestionsforimprovements.PleaserefertothecurrenteditionoftheInternetOfficialProtocolStandards(STD1)forthestandardizationstateandstatusofthisprotocol.Distributionofthismemoisunlimited.CopyrightNoticeCopyright(C)TheInternetSociety(2002).AllRightsReserved.AbstractThisdocumentdescribestheView-basedAccessControlModel(VACM)foruseintheSimpleNetworkManagementProtocol(SNMP)architecture.ItdefinestheElementsofProcedureforcontrollingaccesstomanagementinformation.ThisdocumentalsoincludesaManagementInformationBase(MIB)forremotelymanagingtheconfigurationparametersfortheView-basedAccessControlModel.ThisdocumentobsoletesRFC2575.Wijnen,etal.StandardsTrack[Page1]RFC3415VACMfortheSNMPDecember2002TableofContents1.Introduction.................................................21.2.AccessControl.............................................31.3.LocalConfigurationDatastore..............................32.ElementsoftheModel........................................42.1.Groups.....................................................42.2.securityLevel..............................................42.3.Contexts...................................................42.4.MIBViewsandViewFamilies................................52.4.1.ViewSubtree.............................................52.4.2.ViewTreeFamily...........................................62.5.AccessPolicy..............................................63.ElementsofProcedure........................................73.1.OverviewofisAccessAllowedProcess.......................83.2.ProcessingtheisAccessAllowedServiceRequest.............94.Definitions..................................................115.IntellectualProperty........................................286.Acknowledgements.............................................287.SecurityConsiderations......................................307.1.RecommendedPractices......................................307.2.DefiningGroups............................................307.3.Conformance................................................317.4.AccesstotheSNMP-VIEW-BASED-ACM-MIB......................318.References...................................................31A.Installation.................................................33B.ChangeLog...................................................36Editors’Addresses...............................................38FullCopyrightStatement.........................................391.IntroductionTheArchitecturefordescribingInternetManagementFrameworks[RFC3411]describesthatanSNMPengineiscomposedof:1)aDispatcher2)aMessageProcessingSubsystem,3)aSecuritySubsystem,and4)anAccessControlSubsystem.Applicationsmakeuseoftheservicesofthesesubsystems.ItisimportanttounderstandtheSNMParchitectureanditsterminologytounderstandwheretheView-basedAccessControlModeldescribedinthisdocumentfitsintothearchitectureandinteractswithothersubsystemswithinthearchitecture.ThereaderisexpectedtohavereadandunderstoodthedescriptionandterminologyoftheSNMParchitecture,asdefinedin[RFC3411].Wijnen,etal.StandardsTrack[Page2]RFC3415VACMfortheSNMPDecember2002TheAccessControlSubsystemofanSNMPenginehastheresponsibilityforcheckingwhetheraspecifictypeofaccess(read,write,notify)toaparticularobject(instance)isallowed.ItisthepurposeofthisdocumenttodefineaspecificmodeloftheAccessControlSubsystem,designatedtheView-basedAccessControlModel.NotethatthisisnotnecessarilytheonlyAccessControlModel.ThekeywordsMUST,MUSTNOT,REQUIRED,SHALL,SHALLNOT,SHOULD,SHOULDNOT,RECOMMENDED,MAY,andOPTIONALinthisdocumentaretobeinterpretedasdescribedinBCP14,RFC2119.1.2.AccessControlAccessControloccurs(eitherimplicitlyorexplicitly)inanSNMPentitywhenprocessingSNMPretrievalormodificationrequestmessagesfromanSNMPentity.ForexampleaCommandResponderapplicationappliesAccessControlwhenprocessingrequeststhatitreceivedfromaCommandGeneratorapplication.TheserequestscontainReadClassandWriteClassPDUsasdefinedin[RFC3411].AccessControlalsooccursinanSNMPentitywhenanSNMPnotificationmessageisgenerated(byaNotificationOriginatorapplication).ThesenotificationmessagescontainNotificationClassPDUsasdefinedin[RFC3411].TheView-basedAccessControlModeldefinesasetofservicesthatanapplication(suchasaCommandResponderoraNotificationOriginatorapplication)canuseforcheckingaccessrights.Itistheresponsibilityoftheapplicationtomaketheproperservicecallsforaccesschecking.1.3.LocalConfigurationDatastoreToimplementthemodeldescribedinthisdocument,anSNMPentityneedstoretaininformationaboutaccessrightsandpolicies.ThisinformationispartoftheSNMPengine’sLocalConfigurationDatastore(LCD).See[RFC3411]forthedefinitionofLCD.InordertoallowanSNMPentity’sLCDtoberemotelyconfigured,portionso