RFC 3415 (rfc3415) - Page 2 of 39

View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)

Alternative Format: Original Text Document
< Previous
Next >
RFC 3415                   VACM for the SNMP               December 2002


Table of Contents

   1.  Introduction .................................................  2
   1.2.  Access Control .............................................  3
   1.3.  Local Configuration Datastore ..............................  3
   2.  Elements of the Model ........................................  4
   2.1.  Groups .....................................................  4
   2.2.  securityLevel ..............................................  4
   2.3.  Contexts ...................................................  4
   2.4.  MIB Views and View Families ................................  5
   2.4.1.  View Subtree .............................................  5
   2.4.2.  ViewTreeFamily ...........................................  6
   2.5.  Access Policy ..............................................  6
   3.  Elements of Procedure ........................................  7
   3.1.  Overview  of isAccessAllowed Process .......................  8
   3.2.  Processing the isAccessAllowed Service Request .............  9
   4.  Definitions .................................................. 11
   5.  Intellectual Property ........................................ 28
   6.  Acknowledgements ............................................. 28
   7.  Security Considerations ...................................... 30
   7.1.  Recommended Practices ...................................... 30
   7.2.  Defining Groups ............................................ 30
   7.3.  Conformance ................................................ 31
   7.4.  Access to the SNMP-VIEW-BASED-ACM-MIB ...................... 31
   8.  References ................................................... 31
   A.  Installation ................................................. 33
   B.  Change Log ................................................... 36
   Editors' Addresses ............................................... 38
   Full Copyright Statement ......................................... 39

1.  Introduction

   The Architecture for describing Internet Management Frameworks
   [RFC 3411] describes that an SNMP engine is composed of:

      1) a Dispatcher
      2) a Message Processing Subsystem,
      3) a Security Subsystem, and
      4) an Access Control Subsystem.

   Applications make use of the services of these subsystems.

   It is important to understand the SNMP architecture and its
   terminology to understand where the View-based Access Control Model
   described in this document fits into the architecture and interacts
   with other subsystems within the architecture.  The reader is
   expected to have read and understood the description and terminology
   of the SNMP architecture, as defined in [RFC 3411].



Wijnen, et al.              Standards Track
< Previous
Next >