rfc2275.View-based Access Control Model (VACM) for

NetworkWorkingGroupB.WijnenRequestforComments:2275IBMT.J.WatsonResearchObsoletes:2265R.PresuhnCategory:StandardsTrackBMCSoftware,Inc.K.McCloghrieCiscoSystems,Inc.January1998View-basedAccessControlModel(VACM)fortheSimpleNetworkManagementProtocol(SNMP)StatusofthisMemoThisdocumentspecifiesanInternetstandardstrackprotocolfortheInternetcommunity,andrequestsdiscussionandsuggestionsforimprovements.PleaserefertothecurrenteditionoftheInternetOfficialProtocolStandards(STD1)forthestandardizationstateandstatusofthisprotocol.Distributionofthismemoisunlimited.CopyrightNoticeCopyright(C)TheInternetSociety(1998).AllRightsReserved.IANANoteDuetoaclericalerrorintheassignmentofthesnmpModulesinthismemo,thisRFCprovidesthecorrectednumberassignmentforthisprotocol.ThismemoobsoletesRFC2265.AbstractThisdocumentdescribestheView-basedAccessControlModelforuseintheSNMParchitecture[RFC2271].ItdefinestheElementsofProcedureforcontrollingaccesstomanagementinformation.ThisdocumentalsoincludesaMIBforremotelymanagingtheconfigurationparametersfortheView-basedAccessControlModel.TableofContents1.Introduction21.2.AccessControl31.3.LocalConfigurationDatastore32.ElementsoftheModel32.1.Groups32.2.securityLevel42.3.Contexts42.4.MIBViewsandViewFamilies42.4.1.ViewSubtree5Wijnen,et.al.StandardsTrack[Page1]RFC2275VACMforSNMPv3January19982.4.2.ViewTreeFamily52.5.AccessPolicy63.ElementsofProcedure63.1.OverviewofisAccessAllowedProcess83.2.ProcessingtheisAccessAllowedServiceRequest94.Definitions105.IntellectualProperty266.Acknowledgements277.SecurityConsiderations287.1.RecommendedPractices287.2.DefiningGroups297.3.Conformance298.References299.Editors’Addresses30A.1.InstallationParameters31B.FullCopyrightStatement361.IntroductionTheArchitecturefordescribingInternetManagementFrameworks[RFC2271]describesthatanSNMPengineiscomposedof:1)aDispatcher2)aMessageProcessingSubsystem,3)aSecuritySubsystem,and4)anAccessControlSubsystem.Applicationsmakeuseoftheservicesofthesesubsystems.ItisimportanttounderstandtheSNMParchitectureanditsterminologytounderstandwheretheView-basedAccessControlModeldescribedinthisdocumentfitsintothearchitectureandinteractswithothersubsystemswithinthearchitecture.ThereaderisexpectedtohavereadandunderstoodthedescriptionandterminologyoftheSNMParchitecture,asdefinedin[RFC2271].TheAccessControlSubsystemofanSNMPenginehastheresponsibilityforcheckingwhetheraspecifictypeofaccess(read,write,notify)toaparticularobject(instance)isallowed.ItisthepurposeofthisdocumenttodefineaspecificmodeloftheAccessControlSubsystem,designatedtheView-basedAccessControlModel.NotethatthisisnotnecessarilytheonlyAccessControlModel.ThekeywordsMUST,MUSTNOT,REQUIRED,SHALL,SHALLNOT,SHOULD,SHOULDNOT,RECOMMENDED,MAY,andOPTIONALinthisdocumentaretobeinterpretedasdescribedin[RFC2119].Wijnen,et.al.StandardsTrack[Page2]RFC2275VACMforSNMPv3January19981.2.AccessControlAccessControloccurs(eitherimplicitlyorexplicitly)inanSNMPentitywhenprocessingSNMPretrievalormodificationrequestmessagesfromanSNMPentity.ForexampleaCommandResponderapplicationappliesAccessControlwhenprocessingrequeststhatitreceivedfromaCommandGeneratorapplication.Theserequestsincludethesetypesofoperations:GetRequest,GetNextRequest,GetBulkRequest,andSetRequestoperations.AccessControlalsooccursinanSNMPentitywhenanSNMPnotificationmessageisgenerated(byaNotificationOriginatorapplication).Thesenotificationmessagesincludethesetypesofoperations:InformRequestandSNMPv2-Trapoperations.TheView-basedAccessControlModeldefinesasetofservicesthatanapplication(suchasaCommandResponderoraNotificationOriginatorapplication)canuseforcheckingaccessrights.Itistheresponsibilityoftheapplicationtomaketheproperservicecallsforaccesschecking.1.3.LocalConfigurationDatastoreToimplementthemodeldescribedinthisdocument,anSNMPentityneedstoretaininformationaboutaccessrightsandpolicies.ThisinformationispartoftheSNMPengine’sLocalConfigurationDatastore(LCD).See[RFC2271]forthedefinitionofLCD.InordertoallowanSNMPentity’sLCDtoberemotelyconfigured,portionsoftheLCDneedtobeaccessibleasmanagedobjects.AMIBmodule,theView-basedAccessControlModelConfigurationMIB,whichdefinesthesemanagedobjecttypesisincludedinthisdocument.2.ElementsoftheModelThissectioncontainsdefinitionstorealizetheaccesscontrolserviceprovidedbytheView-basedAccessControlModel.2.1.GroupsAgroupisasetofzeroormoresecurityModel,securityNametuplesonwhosebehalfSNMPmanagementobjectscanbeaccessed.AgroupdefinestheaccessrightsaffordedtoallsecurityNameswhichbelongtothatgroup.ThecombinationofasecurityModelandasecurityNamemapstoatmostonegroup.AgroupisidentifiedbyagroupName.TheAccessControlmoduleassumesthatthesecurityNamehasalreadybeenauthenticatedasneededandprovidesnofurtherauthenticationWijnen,et.al.StandardsTrack[Page3]RFC2275VACMforSNMPv3January1998ofitsown.TheView-basedAccessControlModelusesthesecurityModelandthesecurityNameasinputstotheAccessControlmodulewhencalledtocheckforaccessrights.ItdeterminesthegroupNameasafunctionofsecurityModelandsecurityName.2.2.securityLevelDifferentaccessrightsformembersofagroupcanbedefinedfordi