Decentralized Access Control Management for Network Configuration
Identifieur interne : 004402 ( Main/Exploration ); précédent : 004401; suivant : 004403Decentralized Access Control Management for Network Configuration
Auteurs : Ludwig Seitz [Suède] ; Göran Selander [Suède] ; Erik Rissanen [Suède] ; Cao Ling [Suède] ; Babak Sadighi [Suède]Source :
- Journal of Network and Systems Management [ 1064-7570 ] ; 2008-09-01.
English descriptors
Abstract
Abstract: Configuration management is of great importance for network operators and service providers today. Sharing of resources between business parties with conflicting interests is a reality and raises many issues with respect to configuration management. One issue is access control to configuration data. A network operator or service provider needs appropriate tools, not only to control its networked resources, but also to specify how this control should be exercised. We propose an access control model for the IETF NETCONF network configuration protocol, based on the OASIS XACML access control standard, which allows a flexible and fine-grained control for NETCONF commands. Our approach does not require any additions to the NETCONF protocol and is independent of the configuration’s data-model. Furthermore our approach can easily be extended to cover new NETCONF functionality.
Url:
DOI: 10.1007/s10922-008-9111-3
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 000208
- to stream Istex, to step Curation: 000207
- to stream Istex, to step Checkpoint: 000E30
- to stream Main, to step Merge: 004513
- to stream Main, to step Curation: 004402
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Decentralized Access Control Management for Network Configuration</title><author><name sortKey="Seitz, Ludwig" sort="Seitz, Ludwig" uniqKey="Seitz L" first="Ludwig" last="Seitz">Ludwig Seitz</name></author><author><name sortKey="Selander, Goran" sort="Selander, Goran" uniqKey="Selander G" first="Göran" last="Selander">Göran Selander</name></author><author><name sortKey="Rissanen, Erik" sort="Rissanen, Erik" uniqKey="Rissanen E" first="Erik" last="Rissanen">Erik Rissanen</name></author><author><name sortKey="Ling, Cao" sort="Ling, Cao" uniqKey="Ling C" first="Cao" last="Ling">Cao Ling</name></author><author><name sortKey="Sadighi, Babak" sort="Sadighi, Babak" uniqKey="Sadighi B" first="Babak" last="Sadighi">Babak Sadighi</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:09F5DBE931FD77808870AF1D301BA822630FE230</idno><date when="2008" year="2008">2008</date><idno type="doi">10.1007/s10922-008-9111-3</idno><idno type="url">https://api.istex.fr/ark:/67375/VQC-CW9CC8TX-X/fulltext.pdf</idno><idno type="wicri:Area/Istex/Corpus">000208</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">000208</idno><idno type="wicri:Area/Istex/Curation">000207</idno><idno type="wicri:Area/Istex/Checkpoint">000E30</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000E30</idno><idno type="wicri:doubleKey">1064-7570:2008:Seitz L:decentralized:access:control</idno><idno type="wicri:Area/Main/Merge">004513</idno><idno type="wicri:Area/Main/Curation">004402</idno><idno type="wicri:Area/Main/Exploration">004402</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Decentralized Access Control Management for Network Configuration</title><author><name sortKey="Seitz, Ludwig" sort="Seitz, Ludwig" uniqKey="Seitz L" first="Ludwig" last="Seitz">Ludwig Seitz</name><affiliation wicri:level="1"><country xml:lang="fr">Suède</country><wicri:regionArea>SPOT, SICS, Box 1263, 16429, Kista</wicri:regionArea><wicri:noRegion>Kista</wicri:noRegion></affiliation><affiliation wicri:level="1"><country wicri:rule="url">Suède</country></affiliation></author><author><name sortKey="Selander, Goran" sort="Selander, Goran" uniqKey="Selander G" first="Göran" last="Selander">Göran Selander</name><affiliation wicri:level="1"><country xml:lang="fr">Suède</country><wicri:regionArea>Ericsson Research, 16480, Kista</wicri:regionArea><wicri:noRegion>Kista</wicri:noRegion></affiliation><affiliation></affiliation></author><author><name sortKey="Rissanen, Erik" sort="Rissanen, Erik" uniqKey="Rissanen E" first="Erik" last="Rissanen">Erik Rissanen</name><affiliation wicri:level="1"><country xml:lang="fr">Suède</country><wicri:regionArea>Axiomatics AB, Electrum 223, 16440, Kista</wicri:regionArea><wicri:noRegion>Kista</wicri:noRegion></affiliation><affiliation></affiliation></author><author><name sortKey="Ling, Cao" sort="Ling, Cao" uniqKey="Ling C" first="Cao" last="Ling">Cao Ling</name><affiliation wicri:level="1"><country xml:lang="fr">Suède</country><wicri:regionArea>SPOT, SICS, Box 1263, 16429, Kista</wicri:regionArea><wicri:noRegion>Kista</wicri:noRegion></affiliation><affiliation wicri:level="1"><country wicri:rule="url">Suède</country></affiliation></author><author><name sortKey="Sadighi, Babak" sort="Sadighi, Babak" uniqKey="Sadighi B" first="Babak" last="Sadighi">Babak Sadighi</name><affiliation wicri:level="1"><country xml:lang="fr">Suède</country><wicri:regionArea>SPOT, SICS, Box 1263, 16429, Kista</wicri:regionArea><wicri:noRegion>Kista</wicri:noRegion></affiliation><affiliation wicri:level="1"><country xml:lang="fr">Suède</country><wicri:regionArea>Axiomatics AB, Electrum 223, 16440, Kista</wicri:regionArea><wicri:noRegion>Kista</wicri:noRegion></affiliation><affiliation wicri:level="1"><country wicri:rule="url">Suède</country></affiliation></author></analytic><monogr></monogr><series><title level="j">Journal of Network and Systems Management</title><title level="j" type="abbrev">J Netw Syst Manage</title><idno type="ISSN">1064-7570</idno><idno type="eISSN">1573-7705</idno><imprint><publisher>Springer US; http://www.springer-ny.com</publisher><pubPlace>Boston</pubPlace><date type="published" when="2008-09-01">2008-09-01</date><biblScope unit="volume">16</biblScope><biblScope unit="issue">3</biblScope><biblScope unit="page" from="303">303</biblScope><biblScope unit="page" to="316">316</biblScope></imprint><idno type="ISSN">1064-7570</idno></series></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">1064-7570</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>NETCONF</term><term>XACML</term><term>XPath</term></keywords></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: Configuration management is of great importance for network operators and service providers today. Sharing of resources between business parties with conflicting interests is a reality and raises many issues with respect to configuration management. One issue is access control to configuration data. A network operator or service provider needs appropriate tools, not only to control its networked resources, but also to specify how this control should be exercised. We propose an access control model for the IETF NETCONF network configuration protocol, based on the OASIS XACML access control standard, which allows a flexible and fine-grained control for NETCONF commands. Our approach does not require any additions to the NETCONF protocol and is independent of the configuration’s data-model. Furthermore our approach can easily be extended to cover new NETCONF functionality.</div></front></TEI><affiliations><list><country><li>Suède</li></country></list><tree><country name="Suède"><noRegion><name sortKey="Seitz, Ludwig" sort="Seitz, Ludwig" uniqKey="Seitz L" first="Ludwig" last="Seitz">Ludwig Seitz</name></noRegion><name sortKey="Ling, Cao" sort="Ling, Cao" uniqKey="Ling C" first="Cao" last="Ling">Cao Ling</name><name sortKey="Ling, Cao" sort="Ling, Cao" uniqKey="Ling C" first="Cao" last="Ling">Cao Ling</name><name sortKey="Rissanen, Erik" sort="Rissanen, Erik" uniqKey="Rissanen E" first="Erik" last="Rissanen">Erik Rissanen</name><name sortKey="Sadighi, Babak" sort="Sadighi, Babak" uniqKey="Sadighi B" first="Babak" last="Sadighi">Babak Sadighi</name><name sortKey="Sadighi, Babak" sort="Sadighi, Babak" uniqKey="Sadighi B" first="Babak" last="Sadighi">Babak Sadighi</name><name sortKey="Sadighi, Babak" sort="Sadighi, Babak" uniqKey="Sadighi B" first="Babak" last="Sadighi">Babak Sadighi</name><name sortKey="Seitz, Ludwig" sort="Seitz, Ludwig" uniqKey="Seitz L" first="Ludwig" last="Seitz">Ludwig Seitz</name><name sortKey="Selander, Goran" sort="Selander, Goran" uniqKey="Selander G" first="Göran" last="Selander">Göran Selander</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 004402 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 004402 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= Main
|étape= Exploration
|type= RBID
|clé= ISTEX:09F5DBE931FD77808870AF1D301BA822630FE230
|texte= Decentralized Access Control Management for Network Configuration
}}
| This area was generated with Dilib version V0.6.33. |  |