Define how authentication is performed

netconf-wg / restconf

9 stars 4 forks source link

Define how authentication is performed #9

Closed kwatsen closed 9 years ago

kwatsen commented 10 years ago

BasicAuth required? What about token-based schemes? Does TLS help?

abierman commented 10 years ago

Update after RESTCONF Virtual Interim meetings:

Details to support secure operation over TLS are needed

Status: closed

Security considerations need to be written

Status: closed

Can call-home for RESTCONF be supported

Update -02:

Status: closed-pending; Callhome will not support RESTCONF at this time. The exact requirements for extracting user identity and session information from TLS is still TBD. (Issue #9 on the issue tracker)

kwatsen commented 10 years ago

Andy,

Call-home for RESTCONF is completely transparent to the protocol. If we support it at all, we should support it via the call-home draft (or some future version of it). This issue is tracked by https://github.com/netconf-wg/call-home/issues/3

Regarding this issue, it seems like client-certs like NETCONF is the front-runner choice. Juergen mentioned this on the call and it sounds right to me as well. I think we should write it up - you want me to do that?

abierman commented 10 years ago

Kent,

Yes, update the draft for -03 release

kwatsen commented 9 years ago

Updated agreement with co-authors:

Server Auth
- Server MUST use TLS (HTTPS)
Client Auth
- Server MUST support BasicAuth
- Server MAY support other auth schemes
- how conformance is advertised is TBD

abierman commented 9 years ago

resolved in -04 release