The standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) or RESTCONF protocol requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF or RESTCONF protocol access for particular users to a pre-configured subset of all available NETCONF or RESTCONF protocol operations and content. This document defines such an access control model.
Working Group Summary
This document is a bis document to RFC 6536 and as such is an update rather than a new draft. The main purpose of the document is to bring it up to date with the publication of RFC 7950 (YANG 1.1).
The document was reviewed and comments were provided in both the IETF meetings and on the NETCONF WG mailing list. A YANG doctors review was requested for the YANG module in the document, and Kent has agreed to provide it soon.
The changes to the document are minor w.r.t. RFC 6536 and it would be difficult to distinguish the implementation of this draft vis-a-vis RFC 6536. YumaWorks has indicated that they have implemented RFC 6536 for NETCONF and RESTCONF and for YANG 1.1 actions. Support for nested notifications, which is also a YANG 1.1 feature is not yet supported. Cisco is currently implementing RFC 6536 for NETCONF on the XR platforms, and the NCS platform (from tail-f acquisition) implements RFC 6536.
The document shepherd is Mahesh Jethanandani and the AD will be Benoit Claise.