gnoi icon indicating copy to clipboard operation
gnoi copied to clipboard
verified publisher icon openconfig

Initial discussion template for gnoi.authzn.

Open robshakir opened this issue 5 years ago • 1 comments 

 * (A) auth/authzn.proto
  - Initial proposal for a local authorization and authentication
    service for network elements.

@aashaikh @danielywong @johnwestbrook -- PTAL.

robshakir avatar Nov 25 '20 00:11 robshakir

From our meeting on 7th January 2021:

  • We will split out the RPCs so that we can have per-service authorisation on an RPC-level.
  • Must users already be created before they can have their access control changed?
    • We consider that adduser or another user management tool (e.g., gNMI OpenConfig system/aaa model) would give us the way to be able to add new users.
  • Is the complete set to be sent, or should partial configurations be permissible?
  • We need to specify both the authorised users (certificates), and authorised keys (public keys). We need to be able to specify both with each system user (account).

robshakir avatar Jan 07 '21 18:01 robshakir