A YANG Data Model for Terminal Access Controller Access-Control System Plus (TACACS+)
draft-ietf-opsawg-tacacs-yang-12

[Ballot comment]
As anticipated, I am clearing my DISCUSS (below) following the discussion the IESG has had regarding the intended track of YANG documents, and having the document followed all correct process.

Francesca

========== Original Ballot - 2021-04-21 ==============

Thank you for the work on this document.
This is a discuss DISCUSS - while reading this document and considering the normative downref to RFC 8907 TACACS+, which is informational, I agree with Elliot [1] that to me this document would make more sense as informational. I have followed the mail thread and saw the authors' responses, which quoted RFC 3967 :

  o  A standards document may need to refer to a proprietary protocol,
      and the IETF normally documents proprietary protocols using
      informational RFCs.

I am not convinced that this is one of the cases that this bullet was supposed to cover.
Additionally, I could not find in meeting minutes that this was ever discussed in the wg, as was suggested in the mail thread [2]. I'd like to know if the resp AD is aware of any related discussion after this point was raised.

Another point the authors made in favor of keeping this std track was that they haven't seen any YANG data model published as informational. Again, I am not convinced that this is reason enough to progress this as std track.

I note that this was reported in the shepherd write up [3] and in the last call [4], so won't block progress after a discussion, but I do think it is worth talking about. Please let me know if I missed anything.

Thanks,
Francesca

[1] https://mailarchive.ietf.org/arch/msg/opsawg/2mRkaXy5M9XCPp4_wXNpQd9GLdk/
[2] https://mailarchive.ietf.org/arch/msg/opsawg/MOnCfYBS3j4wBnZWDjl_YQHfvzg/
[3] https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/shepherdwriteup/
[4] https://mailarchive.ietf.org/arch/msg/opsawg/FJmtUtB0x8tV0MUdO9Uhvc2e1p0/

[Ballot comment]
Thank you to Yaron Sheffer for the SECDIR review, and for the changes in response.

Thanks for addressing my DISCUSS around compatibility with RFC8907 and the COMMENT feedback.

Per my DISCUSS on publishing this document as a proposed standard and characterizing it as new functionality that standardizes an API to an insecure protocol (that is itself has informational status), I will clear per the discussion had in the IESG and subsequent document updates:

-- With the updates in -11 and -12, the YANG module is now feature equivalent to RFC8907 (so there isn't any new functionality).

-- As to the API mechanism being new functionality, I believe that it is.  Unlike RFC8907, publication of this document doesn't seem like it would be the inform the design of a successor protocol. Nevertheless, there are operational realities of how widely TACACS+ is already deployed that necessitates an improved ability (this document) to manage the as-is infrastructure while an improved protocol is defined.

-- As to the issue of the underlying protocol having a “lower” status (information for RFC8907) than the associated YANG module (PS for this document), I leave that to the convention of OPS area.

[Ballot comment]
Thank you to Yaron Sheffer for the SECDIR review, and for the changes in response.

Thanks for addressing my DISCUSS around compatibility with RFC8907 and the COMMENT feedback.

Per my DISCUSS on publishing this document as a proposed standard and characterizing it as new functionality that standardizes an API to an insecure protocol (that is itself has informational status), I will clear per the discussion had in the IESG:

-- I’m persuaded that with -11, the YANG module is feature equivalent to RFC8907 (so there isn't any new functionality).  Surprisingly, despite this module being focused on RFC8907, it now foreshadows future changes in Section 4 of the "choice security" with "... a future encryption mechanism will result in a non-backwards-compatible change" which suggests that this YANG module isn't tied solely to RFC8907.

-- As to the API mechanism being new functionality, I question the value of making it easier to manage a fundamentally insecure protocol with this new capability and whether publication of this document (unlike RFC8907) does provide the basis for future improvements.  Nevertheless, there are operational realities of how widely TACACS+ is already deployed that necessitate improvement management of the as-is infrastructure while an improved protocol is built.

-- As to the issue of the underlying protocol having a “lower” status (information for RFC8907) than the associated YANG module (PS for this document), I leave that to the convention of OPS area.

[Ballot comment]
I have very little to add that was not already mentioned by my
colleagues (but I agree with Roman and Francesca that a compelling case
for standards-track has not been visibly made).  These are basically
nit-level comments.

Section 3

  authorization, and accounting servers.  Authentication is used to
  validate a user's username and password, authorization allows the
  user to access and execute commands at various command levels

I think that RFC 8907 uses the term "privilege level" for what is being
referred to as "command level" here.

Section 4

        leaf timeout {
          type uint16 {
            range "1..300";
          }

How was the maximum of 300 seconds chosen?

[Ballot discuss]
Thank you for the work on this document.
This is a discuss DISCUSS - while reading this document and considering the normative downref to RFC 8907 TACACS+, which is informational, I agree with Elliot [1] that to me this document would make more sense as informational. I have followed the mail thread and saw the authors' responses, which quoted RFC 3967 :

  o  A standards document may need to refer to a proprietary protocol,
      and the IETF normally documents proprietary protocols using
      informational RFCs.

I am not convinced that this is one of the cases that this bullet was supposed to cover.
Additionally, I could not find in meeting minutes that this was ever discussed in the wg, as was suggested in the mail thread [2]. I'd like to know if the resp AD is aware of any related discussion after this point was raised.

Another point the authors made in favor of keeping this std track was that they haven't seen any YANG data model published as informational. Again, I am not convinced that this is reason enough to progress this as std track.

I note that this was reported in the shepherd write up [3] and in the last call [4], so won't block progress after a discussion, but I do think it is worth talking about. Please let me know if I missed anything.

Thanks,
Francesca

[1] https://mailarchive.ietf.org/arch/msg/opsawg/2mRkaXy5M9XCPp4_wXNpQd9GLdk/
[2] https://mailarchive.ietf.org/arch/msg/opsawg/MOnCfYBS3j4wBnZWDjl_YQHfvzg/
[3] https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/shepherdwriteup/
[4] https://mailarchive.ietf.org/arch/msg/opsawg/FJmtUtB0x8tV0MUdO9Uhvc2e1p0/

[Ballot comment]
Below I've provided some small editorial suggestions in the form of a diff against the plain text version of the draft. You may choose to incorporate them in some way, or ignore them as you see fit. There is no need to let me know what you did with these suggestions.

--- draft-ietf-opsawg-tacacs-yang-10.txt 2021-04-20 21:02:05.000000000 -0400
+++ draft-ietf-opsawg-tacacs-yang-10-jgs.txt 2021-04-20 21:04:01.000000000 -0400
@@ -151,7 +151,7 @@

3.  Design of the TACACS+ Data Model

-  This module is used to configure TACACS+ client on a device to
+  This module is used to configure a TACACS+ client on a device to
    support deployment scenarios with centralized authentication,
    authorization, and accounting servers.  Authentication is used to
    validate a user's username and password, authorization allows the
@@ -160,7 +160,7 @@
    user who has accessed the device.

    The ietf-system-tacacs-plus module augments the "/sys:system" path
-  defined in the ietf-system module with the contents of the"tacacs-
+  defined in the ietf-system module with the contents of the "tacacs-
    plus" grouping.  Therefore, a device can use local, RADIUS, or


@@ -416,7 +416,7 @@
        type yang:counter64;
        description
          "Number of aborted connections to the server. These do
-          not include connections that are close gracefully.";
+          not include connections that are closed gracefully.";
      }
      leaf connection-failures {
        type yang:counter64;
@@ -528,7 +528,7 @@
              description
                "The shared secret, which is known to both the
                  TACACS+ client and server. TACACS+ server
-                administrators should configure shared secret of
+                administrators should configure a shared secret of
                  minimum 16 characters length.
                  It is highly recommended that this shared secret is
                  at least 32 characters long and sufficiently complex
@@ -644,13 +644,13 @@

    /system/tacacsplus/server:  This list contains the data nodes used to
      control the TACACS+ servers used by the device.  Unauthorized
-      access to this list could cause a complete control over the device
+      access to this list could enable an attacker to assume complete control over the device
      by pointing to a compromised TACACS+ server.

    /system/tacacsplus/server/shared-secret:  This leaf controls the key
      known to both the TACACS+ client and server.  Unauthorized access
      to this leaf could make the device vulnerable to attacks,
-      therefore has been restricted using the "default-deny-all" access
+      therefore it has been restricted using the "default-deny-all" access
      control defined in [RFC8341].  When setting, it is highly
      recommended that the leaf is at least 32 characters long and
      sufficiently complex with a mix of different character types i.e.

[Ballot discuss]
** RFC8907 was published with informational status and it contained substantial caution in its security considerations that the protocol was fundamentally insecure and would not “meet modern-day requirements.”  This measured approach was taken to provide a stable description of a widely deployed protocol and to serve as the basis for future improvements.

The context for this follow-on, seemingly related work does not track the situation around RFC8907 (as I remember it).  Specifically:

-- this functionality is new, and is not documenting the “as is” deployed state

-- this functionality is advocating for supporting an insecure approach with proposed standard (rather than informational) status

** Is this document intentionally breaking backward compatibility on the “shared-secret” size specified in RFC8907?

(a) Section 4.
          case shared-secret {
            leaf shared-secret {
              type string {
                length "16..max";
              }

(b) Section 10.5.1 of RFC8907 says “TACACS+ server administrators SHOULD configure secret keys of a minimum of 16 characters in length.”

As (b) is not a MUST (a “secret key” shorter than 16 is possible), it would appear that (a) breaks compatibility.

[Ballot comment]
Thank you to Yaron Sheffer for the SECDIR review, and for the changes in response.

** Section 1.  Per “The System Management Model is augmented with TACACS+ YANG module … as an alternative to … local user configuration”, is “local user configuration” that same as  the “user authentication model” noted earlier in the text?  If so, it would be helpful to make that clearer.

** Section 4.  choice encryption. Per the name of this YANG item and the description (“Encryption mechanism between TACACS+ client and server”), please follow the convention of Section 4.5 of RFC8907 of calling this “obfuscation”.

** Section 5. 
/system/tacacsplus/server:  This list contains the data nodes used to
      control the TACACS+ servers used by the device.  Unauthorized
      access to this list could cause a complete control over the device
      by pointing to a compromised TACACS+ server.

Additional, outcomes also seem to be that modification of the counters could be used to hide attacks against the client

** Additional nits:
-- Section 4. Nit. s/TACAS server is providing/TACAS+ server is providing/

-- Section 5.  Wrong Section.  s/see Section 9 of TACACS+ Protocol [RFC8907]/ see Section 10 of TACACS+ Protocol [RFC8907]/

[Ballot comment]
Thank you for the work put into this document.

Please find below some non-blocking COMMENT points (but replies would be appreciated), and one nit.

I hope that this helps to improve the document,

Regards,

-éric

== COMMENTS ==

I like to be able to specify the VRF via vrf-instance as well as the source-interface, which is not the case of RFC 7317 (if not mistaken).

-- Section 4 --
Should the leaf "server-type" also be mandatory ?

== NITS ==

-- Section 2.1 --
s/Tree diagrams used/The tree diagram used/ as there is a single tree ;-)

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-opsawg-tacacs-yang-09. If any part of this review is inaccurate, please let us know.

The IANA Services Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the ns registry on the IETF XML Registry page located at:

https://www.iana.org/assignments/xml-registry/

a new namespace will be registered as follows:

ID: yang:ietf-system-tacacs-plus
URI: urn:ietf:params:xml:ns:yang:ietf-system-tacacs-plus
Filename: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

As this document requests registrations in a Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request.  This review must be completed before the document's IANA state can be changed to "IANA OK."

Second, in the YANG Module Names registry on the YANG Parameters registry page located at:

https://www.iana.org/assignments/yang-parameters/

a new YANG module will be registered as follows:

Name: ietf-system-tacacs-plus
File: [ TBD-at-Registration ]
Maintained by IANA? N
Namespace: urn:ietf:params:xml:ns:yang:ietf-system-tacacs-plus
Prefix: sys-tcs-plus
Module:
Reference: [ RFC-to-be ]

While the YANG module name will be registered after the IESG approves the document, the YANG module file will be posted after the RFC Editor notifies us that the document has been published.

The IANA Services Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2021-03-29):

From: The IESG
To: IETF-Announce
CC: Joe Clarke , draft-ietf-opsawg-tacacs-yang@ietf.org, jclarke@cisco.com, opsawg-chairs@ietf.org, opsawg@ietf.org, rwilton@cisco.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (YANG Data Model for TACACS+) to Proposed Standard


The IESG has received a request from the Operations and Management Area
Working Group WG (opsawg) to consider the following document: - 'YANG Data
Model for TACACS+'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2021-03-29. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document defines a TACACS+ client YANG module, that augments the
  System Management data model, defined in RFC 7317, to allow devices
  to make use of TACACS+ servers for centralized Authentication,
  Authorization and Accounting.

  The YANG module in this document conforms to the Network Management
  Datastore Architecture (NMDA) defined in RFC 8342.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc8907: The Terminal Access Controller Access-Control System Plus (TACACS+) Protocol (Informational - Internent Engineering Task Force (IETF))

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

This document defines a YANG module for configuring and basic monitoring of the TACACS+ protocol.  It is intended as a Standards Track document.  This is clearly indicated in the document and fits with other such documents that define similar configuration and monitoring modules (i.e., RFC7317, which this module augments).

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

This document defines a YANG module that augments the System Nanagement data model with nodes to configure client-sided TACACS+ (akin to the RADIUS config already in the system module).  Additionally, the module provides some read-only objects for monitoring the state of the TACACS+ client.

Working Group Summary:

The contention over TACACS+ in general carried over a bit in the initial development of this document and its module.  To alleviate that, the scope was reduced to avoid an overall AAA module and instead focus on configuring the client-side of the TACACS+ protocol specifically.  Towards the end, there was good feedback on YANG structure, terminology and providing an example to make the module use clearer.

That said, the ietf-system currently only defines authentication and not authorization and accounting.  So, while the TACACS+ module allows to specify a TACACS+ server that can do both authorization and accounting, the configuration nodes for that are not yet in the ietf-system module.  The intent, as I understand, is to propose new work to handle those methods in a more general approach outside the restricted scope of this TACACS+ document.

Document Quality:

The document has undergone various expert-level reviews besides the WG review.  In particular YANG Doctors and SECDIR have reviewed and said it was ready.  The comments that arose from those reviews have been addressed in revision -05 of the document.  Huawei has also implemented this draft in their devices.

The shepherd noticed some other issues in -05 (stemming from the evolution of the document), and a -06 was published to address them.

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

Joe Clarke is the Document Shepherd and Rob Wilton is the responsible Area Director.

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

This document has been reviewed by the WG, the shepherd, Yang Doctors, and SECDIR.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

The shepherd does not have any concerns.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

Not at this point.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

A call for IPR was done on July 7, 2019 and the authors acknowledged that no known IPR exists.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

N/A

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

Consensus is believed to be strong on this with no vocal dissension.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

There is one current downref in the document on the Informational draft-ietf-opsawg-tacacs document.  The history of that document requires it to be Informational as the intent was to define the TACACS+ protocol as it exists today.  That said, the desire for this document was to be standards track to coincide with similar documents that define configuration mechanisms for system authentication.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

The YANG Doctor review found some nits which were discussed on list and corrected in revision -05 of the document.

(13) Have all references within this document been identified as either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

The draft-ietf-ospawg-tacacs document is currently in the final stages of review, and all other references are already published.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

Yes.  See item #11 above.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

As with other YANG modules, IANA is asked to register the namespace for the TACACS+ YANG module.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

There are no new registries, just new entries to existing registries.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

This document has undergone IDNITS checks as well as the automated YANG syntax checks in DataTracker.  All pass.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

Yes.  It has been checked, and there are no issues.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

This document defines a YANG module for configuring and basic monitoring of the TACACS+ protocol.  It is intended as a Standards Track document.  This is clearly indicated in the document and fits with other such documents that define similar configuration and monitoring modules (i.e., RFC7317, which this module augments).

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

This document defines a YANG module that augments the System Nanagement data model with nodes to configure client-sided TACACS+ (akin to the RADIUS config already in the system module).  Additionally, the module provides some read-only objects for monitoring the state of the TACACS+ client.

Working Group Summary:

The contention over TACACS+ in general carried over a bit in the initial development of this document and its module.  To alleviate that, the scope was reduced to avoid an overall AAA module and instead focus on configuring the client-side of the TACACS+ protocol specifically.  Towards the end, there was good feedback on YANG structure, terminology and providing an example to make the module use clearer.

That said, the ietf-system currently only defines authentication and not authorization and accounting.  So, while the TACACS+ module allows to specify a TACACS+ server that can do both authorization and accounting, the configuration nodes for that are not yet in the ietf-system module.  The intent, as I understand, is to propose new work to handle those methods in a more general approach outside the restricted scope of this TACACS+ document.

Document Quality:

The document has undergone various expert-level reviews besides the WG review.  In particular YANG Doctors and SECDIR have reviewed and said it was ready.  The comments that arose from those reviews have been addressed in revision -05 of the document.  Huawei has also implemented this draft in their devices.

The shepherd noticed some other issues in -05 (stemming from the evolution of the document), and a -06 was published to address them.

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

Joe Clarke is the Document Shepherd and Rob Wilton is the responsible Area Director.

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

This document has been reviewed by the WG, the shepherd, Yang Doctors, and SECDIR.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

The shepherd does not have any concerns.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

Not at this point.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

A call for IPR was done on July 7, 2019 and the authors acknowledged that no known IPR exists.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

N/A

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

Consensus is believed to be strong on this with no vocal dissension.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

There is one current downref in the document on the Informational draft-ietf-opsawg-tacacs document.  The history of that document requires it to be Informational as the intent was to define the TACACS+ protocol as it exists today.  That said, the desire for this document was to be standards track to coincide with similar documents that define configuration mechanisms for system authentication.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

The YANG Doctor review found some nits which were discussed on list and corrected in revision -05 of the document.

(13) Have all references within this document been identified as either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

The draft-ietf-ospawg-tacacs document is currently in the final stages of review, and all other references are already published.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

Yes.  See item #11 above.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

As with other YANG modules, IANA is asked to register the namespace for the TACACS+ YANG module.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

There are no new registries, just new entries to existing registries.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

This document has undergone IDNITS checks as well as the automated YANG syntax checks in DataTracker.  All pass.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

Yes.  It has been checked, and there are no issues.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

This document defines a YANG module for configuring and basic monitoring of the TACACS+ protocol.  It is intended as a Standards Track document.  This is clearly indicated in the document and fits with other such documents that define similar configuration and monitoring modules (i.e., RFC7317, which this module augments).

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

This document defines a YANG module that augments the System Nanagement data model with nodes to configure client-sided TACACS+ (akin to the RADIUS config already in the system module).  Additionally, the module provides some read-only objects for monitoring the state of the TACACS+ client.

Working Group Summary:

The contention over TACACS+ in general carried over a bit in the initial development of this document and its module.  To alleviate that, the scope was reduced to avoid an overall AAA module and instead focus on configuring the client-side of the TACACS+ protocol specifically.  Towards the end, there was good feedback on YANG structure, terminology and providing an example to make the module use clearer.

That said, the ietf-system currently only defines authentication and not authorization and accounting.  So, while the TACACS+ module allows to specify a TACACS+ server that can do both authorization and accounting, the configuration nodes for that are not yet in the ietf-system module.  The intent, as I understand, is to propose new work to handle those methods in a more general approach outside the restricted scope of this TACACS+ document.

Document Quality:

The document has undergone various expert-level reviews besides the WG review.  In particular YANG Doctors and SECDIR have reviewed and said it was ready.  The comments that arose from those reviews have been addressed in revision -05 of the document.  Huawei has also implemented this draft in their devices(???).

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

Joe Clarke is the Document Shepherd and Rob Wilton is the responsible Area Director.

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

This document has been reviewed by the WG, the shepherd, Yang Doctors, and SECDIR.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

The shepherd does not have any concerns.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

Not at this point.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

A call for IPR was done on July 7, 2019 and the authors acknowledged that no known IPR exists.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

N/A

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

Consensus is believed to be strong on this with no vocal dissension.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

There is one current downref in the document on the Informational draft-ietf-opsawg-tacacs document.  The history of that document requires it to be Informational as the intent was to define the TACACS+ protocol as it exists today.  That said, the desire for this document was to be standards track to coincide with similar documents that define configuration mechanisms for system authentication.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

The YANG Doctor review found some nits which were discussed on list and corrected in revision -05 of the document.

(13) Have all references within this document been identified as either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

The draft-ietf-ospawg-tacacs document is currently in the final stages of review, and all other references are already published.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

Yes.  See item #11 above.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

As with other YANG modules, IANA is asked to register the namespace for the TACACS+ YANG module.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

There are no new registries, just new entries to existing registries.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

This document has undergone IDNITS checks as well as the automated YANG syntax checks in DataTracker.  All pass.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

Yes.  It has been checked, and there are no issues.