SNMP-VACM-AAA-MIB DEFINITIONS ::= BEGIN

IMPORTS
	MODULE-COMPLIANCE,
	OBJECT-GROUP
		FROM SNMPv2-CONF
	MODULE-IDENTITY,
	OBJECT-TYPE,
	mib-2,
	Unsigned32
		FROM SNMPv2-SMI
	SnmpAdminString,
	SnmpSecurityModel
		FROM SNMP-FRAMEWORK-MIB;

vacmAaaMIB MODULE-IDENTITY
	LAST-UPDATED "201012090000Z"	-- Dec 9, 2010 12:00:00 AM
	ORGANIZATION "ISMS Working Group"
	CONTACT-INFO
		"WG-email:   isms@ietf.org"
	DESCRIPTION
		"The management and local datastore information
		definitions for the AAA-Enabled View-based Access
		Control Model for SNMP.

		Copyright (c) 2010 IETF Trust and the persons
		identified as the document authors.  All rights
		reserved.

		Redistribution and use in source and binary forms,
		with or without modification, is permitted pursuant
		to, and subject to the license terms contained in,
		the Simplified BSD License set forth in Section
		4.c of the IETF Trust's Legal Provisions Relating
		to IETF Documents
		(http://trustee.ietf.org/license-info).

		This version of this MIB module is part of RFC 6065;
		see the RFC itself for full legal notices."
	REVISION "201012090000Z"	-- Dec 9, 2010 12:00:00 AM
	DESCRIPTION
		"Initial version, published as RFC 6065."
	-- 1.3.6.1.2.1.199
	::= { mib-2 199 }


vacmAaaMIBObjects OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.199.1
	::= { vacmAaaMIB 1 }

vacmAaaMIBConformance OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.199.2
	::= { vacmAaaMIB 2 }

vacmAaaSecurityToGroupTable OBJECT-TYPE
	SYNTAX  SEQUENCE OF VacmAaaSecurityToGroupEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"This table provides a listing of all currently active
		sessions for which a mapping of the combination of
		SnmpSecurityModel and securityName into the name of
		a VACM group has been provided by an AAA service.
		The group name (in VACM) in turn identifies an access
		control policy to be used for the corresponding
		principals."
	REFERENCE
		"RFC 3411, Section 3.2.2, defines securityName."
	-- 1.3.6.1.2.1.199.1.1
	::= { vacmAaaMIBObjects 1 }


vacmAaaSecurityToGroupEntry OBJECT-TYPE
	SYNTAX  VacmAaaSecurityToGroupEntry
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An entry in this table maps the combination of a
		SnmpSecurityModel and securityName into the name
		of a VACM group defining the access control policy
		that is to govern a particular session.

		Each entry corresponds to a session.

		Entries do not persist across reboots.

		An entry is created whenever an indication occurs
		that a new session has been established that would
		not have the same index values as an existing entry.

		When a session is torn down, disconnected, timed out
		(e.g., following the RADIUS Session-Timeout Attribute),
		or otherwise terminated for any reason, the
		corresponding vacmAaaSecurityToGroupEntry is deleted."
	REFERENCE
		"RFC 3411, Section 3.2.2, defines securityName."
	INDEX {
		vacmAaaSecurityModel,
		vacmAaaSecurityName,
		vacmAaaSessionID }
	-- 1.3.6.1.2.1.199.1.1.1
	::= { vacmAaaSecurityToGroupTable 1 }


VacmAaaSecurityToGroupEntry ::= SEQUENCE {

	vacmAaaSecurityModel SnmpSecurityModel,
	vacmAaaSecurityName  SnmpAdminString,
	vacmAaaSessionID     Unsigned32,
	vacmAaaGroupName     SnmpAdminString }


vacmAaaSecurityModel OBJECT-TYPE
	SYNTAX  SnmpSecurityModel (1..2147483647)
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The security model associated with the AAA binding
		represented by this entry.

		This object cannot take the 'any' (0) value."
	-- 1.3.6.1.2.1.199.1.1.1.1
	::= { vacmAaaSecurityToGroupEntry 1 }


vacmAaaSecurityName OBJECT-TYPE
	SYNTAX  SnmpAdminString (SIZE (1..32))
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"The securityName of the principal associated with the
		AAA binding represented by this entry.  In RADIUS
		environments, this corresponds to the User-Name
		Attribute."
	REFERENCE
		"RFC 3411, Section 3.2.2, defines securityName, and
		RFC 2865, Section 5.1, defines User-Name."
	-- 1.3.6.1.2.1.199.1.1.1.2
	::= { vacmAaaSecurityToGroupEntry 2 }


vacmAaaSessionID OBJECT-TYPE
	SYNTAX  Unsigned32
	MAX-ACCESS not-accessible
	STATUS  current
	DESCRIPTION
		"An implementation-dependent identifier of the session.

		This value MUST be unique among all currently open
		sessions of all of this SNMP engine's transport models.
		The value has no particular significance other than to
		distinguish sessions.

		Implementations in which tmSessionID has a compatible
		syntax and is unique across all transport models MAY
		use that value."
	REFERENCE
		"The Abstract Service Interface parameter tmSessionID
		is defined in RFC 5590, Section 5.2.4."
	-- 1.3.6.1.2.1.199.1.1.1.3
	::= { vacmAaaSecurityToGroupEntry 3 }


vacmAaaGroupName OBJECT-TYPE
	SYNTAX  SnmpAdminString (SIZE (1..32))
	MAX-ACCESS read-only
	STATUS  current
	DESCRIPTION
		"The name of the group to which this entry is to belong.
		In RADIUS environments, this comes from the RADIUS
		Management-Policy-Id Attribute.

		When the appropriate conditions are met,
		the value of this object is applied the vacmGroupName
		in the corresponding vacmSecurityToGroupEntry."
	REFERENCE
		"RFC 3415"
	-- 1.3.6.1.2.1.199.1.1.1.4
	::= { vacmAaaSecurityToGroupEntry 4 }


-- Conformance information ******************************************

vacmAaaMIBCompliances OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.199.2.1
	::= { vacmAaaMIBConformance 1 }

vacmAaaMIBGroups OBJECT IDENTIFIER 
	-- 1.3.6.1.2.1.199.2.2
	::= { vacmAaaMIBConformance 2 }


-- compliance statements

vacmAaaMIBBasicCompliance MODULE-COMPLIANCE
	STATUS  current
	DESCRIPTION
		"The compliance statement for SNMP engines implementing
		the AAA-Enabled View-based Access Control Model for
		SNMP."

	MODULE 
	MANDATORY-GROUPS {
			vacmAaaGroup }

	-- 1.3.6.1.2.1.199.2.1.1
	::= { vacmAaaMIBCompliances 1 }

-- units of conformance

vacmAaaGroup OBJECT-GROUP
	OBJECTS {
		vacmAaaGroupName }
	STATUS  current
	DESCRIPTION
		"A collection of objects for supporting the use of AAA
		services to provide user-to-group mappings for VACM."
	-- 1.3.6.1.2.1.199.2.2.1
	::= { vacmAaaMIBGroups 1 }

END
