Decentralized Access Control Management for Network Configuration

Configuration management is of great importance for network operators and service providers today. Sharing of resources between business parties with conflicting interests is a reality and raises many issues with respect to configuration management. One issue is access control to configuration data. A network operator or service provider needs appropriate tools, not only to control its networked resources, but also to specify how this control should be exercised. We propose an access control model for the IETF NETCONF network configuration protocol, based on the OASIS XACML access control standard, which allows a flexible and fine-grained control for NETCONF commands. Our approach does not require any additions to the NETCONF protocol and is independent of the configuration’s datamodel. Furthermore our approach can easily be extended to cover new NETCONF functionality.