SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: IPS: iSCSI MIB last call



    On Tue, 22 Oct 2002, Mark Bakke wrote:
    
    > Since I haven't seen any other last call comments on the
    > iSCSI MIB yet, I have one (technical) comment:
    >
    > The iscsiTgtAuthAttributesTable is used to match up iSCSI
    > targets with lists of identities in the Auth MIB to which
    > the target will allow access.  Currently, any identity in
    > the list for a target will be authorized to have presumable
    > full access to the iSCSI target, other than anything that
    > may be enforced at higher layers (SCSI).  One thing we might
    > want to consider is to allow these entries to specify
    > whether the identity will be given read-only or read-write
    > access to the target, perhaps something like:
    >
    > iscsiTgtAuthReadWrite OBJECT-TYPE
    >     SYNTAX        TruthValue
    >     MAX-ACCESS    read-write
    >     STATUS        current
    >     DESCRIPTION
    >         "A truth value that specifies whether the referenced
    >         AuthIdentity will be allowed write access to the target.
    >         False (=No) indicates that only read operations may be
    >         performed.  True (=Yes) indicates that all access is
    >         allowed."
    >     DEFVAL        { true }
    > ::= { iscsiNodeAttributesEntry 13 }
    >
    > Thoughts?
    
    Sounds interesting.
    
    Another thought I had was to add a session-type field. It would be
    Normal-Only, Discovery-Only, or Both.
    
    This feature is designed to permit having "closed" targets (where the
    target isn't seen in discovery, like closed 802.11 networks), and also to
    permit anyone to do discovery (ipsAuthMethodNone is in the auth entry)  &
    find the target, but not let everyone access the target.
    
    Take care,
    
    Bill
    
    


Home

Last updated: Wed Oct 23 16:19:00 2002
11972 messages in chronological order