RFC 2265 (rfc2265) - Page 2 of 36


View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)



Alternative Format: Original Text Document



RFC 2265                    VACM for SNMPv3                 January 1998


   5.  Intellectual Property                                   26
   6.  Acknowledgements                                        27
   7.  Security Considerations                                 28
   7.1.  Recommended Practices                                 28
   7.2.  Defining Groups                                       29
   7.3.  Conformance                                           29
   8.  References                                              29
   9.  Editors' Addresses                                      30
   A.1.  Installation Parameters                               31
   B.  Full Copyright Statement                                36

1.  Introduction

   The Architecture for describing Internet Management Frameworks
   [RFC 2261] describes that an SNMP engine is composed of:

     1) a Dispatcher
     2) a Message Processing Subsystem,
     3) a Security Subsystem, and
     4) an Access Control Subsystem.

   Applications make use of the services of these subsystems.

   It is important to understand the SNMP architecture and its
   terminology to understand where the View-based Access Control Model
   described in this document fits into the architecture and interacts
   with other subsystems within the architecture.  The reader is
   expected to have read and understood the description and terminology
   of the SNMP architecture, as defined in [RFC 2261].

   The Access Control Subsystem of an SNMP engine has the responsibility
   for checking whether a specific type of access (read, write, notify)
   to a particular object (instance) is allowed.

   It is the purpose of this document to define a specific model of the
   Access Control Subsystem, designated the View-based Access Control
   Model. Note that this is not necessarily the only Access Control
   Model.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC 2119].

1.2.  Access Control

   Access Control occurs (either implicitly or explicitly) in an SNMP
   entity when processing SNMP retrieval or modification request
   messages from an SNMP entity.  For example a Command Responder



Wijnen, et. al.             Standards Track