RE: iSCSI MIB last call

["KRUEGER,MARJORIE (HP-Roseville,ex1)" <marjorie.krueger@hp.com>]

I don't think that sort of function should be provided at the SCSI transport
layer since it's not something that's defined by SCSI as a feature of it's
transport.  It would be a wart on the iSCSI transport (IMO).  Read/write
access should be controlled by the SCSI or file system layer.

Marj

> -----Original Message-----
> From: Mark Bakke [mailto:mbakke@cisco.com] 
> Sent: Tuesday, October 22, 2002 2:10 PM
> To: IPS
> Subject: IPS: iSCSI MIB last call
> 
> 
> 
> Since I haven't seen any other last call comments on the
> iSCSI MIB yet, I have one (technical) comment:
> 
> The iscsiTgtAuthAttributesTable is used to match up iSCSI 
> targets with lists of identities in the Auth MIB to which the 
> target will allow access.  Currently, any identity in the 
> list for a target will be authorized to have presumable full 
> access to the iSCSI target, other than anything that may be 
> enforced at higher layers (SCSI).  One thing we might want to 
> consider is to allow these entries to specify whether the 
> identity will be given read-only or read-write access to the 
> target, perhaps something like:
> 
> iscsiTgtAuthReadWrite OBJECT-TYPE
>     SYNTAX        TruthValue
>     MAX-ACCESS    read-write
>     STATUS        current
>     DESCRIPTION
>         "A truth value that specifies whether the referenced
>         AuthIdentity will be allowed write access to the target.
>         False (=No) indicates that only read operations may be
>         performed.  True (=Yes) indicates that all access is
>         allowed."
>     DEFVAL        { true }
> ::= { iscsiNodeAttributesEntry 13 }
> 
> Thoughts?
> 
> -- 
> Mark A. Bakke
> Cisco Systems
> mbakke@cisco.com
> 763.398.1054
>