RFC 2265 (rfc2265) - Page 2 of 36
View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
Alternative Format: Original Text Document
RFC 2265 VACM for SNMPv3 January 1998
5. Intellectual Property 26
6. Acknowledgements 27
7. Security Considerations 28
7.1. Recommended Practices 28
7.2. Defining Groups 29
7.3. Conformance 29
8. References 29
9. Editors' Addresses 30
A.1. Installation Parameters 31
B. Full Copyright Statement 36
1. Introduction
The Architecture for describing Internet Management Frameworks
[RFC 2261] describes that an SNMP engine is composed of:
1) a Dispatcher
2) a Message Processing Subsystem,
3) a Security Subsystem, and
4) an Access Control Subsystem.
Applications make use of the services of these subsystems.
It is important to understand the SNMP architecture and its
terminology to understand where the View-based Access Control Model
described in this document fits into the architecture and interacts
with other subsystems within the architecture. The reader is
expected to have read and understood the description and terminology
of the SNMP architecture, as defined in [RFC 2261].
The Access Control Subsystem of an SNMP engine has the responsibility
for checking whether a specific type of access (read, write, notify)
to a particular object (instance) is allowed.
It is the purpose of this document to define a specific model of the
Access Control Subsystem, designated the View-based Access Control
Model. Note that this is not necessarily the only Access Control
Model.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].
1.2. Access Control
Access Control occurs (either implicitly or explicitly) in an SNMP
entity when processing SNMP retrieval or modification request
messages from an SNMP entity. For example a Command Responder
Wijnen, et. al. Standards Track