RFC 1351 (rfc1351) - Page 2 of 35
SNMP Administrative Model
Alternative Format: Original Text Document
RFC 1351 SNMP Administrative Model July 1992
5. Compatibility . . . . . . . . . . . . . . . . . . . . . . . 33
6. Security Considerations . . . . . . . . . . . . . . . . . . 33
7. References . . . . . . . . . . . . . . . . . . . . . . . .
8. Authors' Addresses . . . . . . . . . . . . . . . . . . . . 34
1. Abstract
This memo presents an elaboration of the SNMP administrative model
set forth in [1]. This model provides a unified conceptual basis for
administering SNMP protocol entities to support
o authentication and integrity,
o privacy,
o access control, and
o the cooperation of multiple protocol entities.
Please send comments to the SNMP Security Developers mailing list
().
2. Introduction
This memo presents an elaboration of the SNMP administrative model
set forth in [1]. It describes how the elaborated administrative
model is applied to realize effective network management in a variety
of configurations and environments.
The model described here entails the use of distinct identities for
peers that exchange SNMP messages. Thus, it represents a departure
from the community-based administrative model set forth in [1]. By
unambiguously identifying the source and intended recipient of each
SNMP message, this new strategy improves upon the historical
community scheme both by supporting a more convenient access control
model and allowing for effective use of asymmetric (public key)
security protocols in the future.
3. Elements of the Model
3.1 SNMP Party
A SNMP party is a conceptual, virtual execution context whose
operation is restricted (for security or other purposes) to an
administratively defined subset of all possible operations of a
particular SNMP protocol entity (see Section 3.2). Whenever a SNMP
protocol entity processes a SNMP message, it does so by acting as a
SNMP party and is thereby restricted to the set of operations defined
Davin, Galvin, & McCloghrie
