Chapter 8 Cisco Crs-1 Series Xml Security; Authentication; Authorization - Cisco CRS-1 - Carrier Routing System Router Api Manual

Cisco CRS-1 Series XML Security
Specific security privileges are required for a client application requesting information from the
Cisco CRS-1 Series Carrier Routing System (Cisco CRS-1 Series) router.
The XML API code is available for use on any Cisco platform that runs Cisco IOS XR software.
Note
This chapter contains the following sections:
•
•
•
•
•
•

Authentication

User authentication through authentication, authorization, and accounting (AAA) is handled on the
router by the transport-specific extensible markup language (XML) agent and is not exposed through the
XML interface.

Authorization

Every operation request by a client application is authorized. If the client is not authorized to perform an
operation, the operation is not performed by the Cisco CRS-1 Series router and an error is returned.
Authorization of client requests is handled through the standard AAA "task permissions" mechanism.
The XML agent will cache the AAA user credentials obtained from the user authentication process, and
then for each client provide these to the XML infrastructure on the Cisco CRS-1 Series router. As a
result, no AAA information needs to be passed in the XML request from the client application.
Each object class in the schema will have a task ID associated with it. A client application's capabilities
and privileges in terms of task IDs will be exposed by AAA through a show command. A client
application can use the XML interface to retrieve the capabilities prior to sending configuration requests
to the router.
OL-4596-01
"Authentication"
"Authorization"
"Retrieving Task Permissions"
"Task Privileges"
"Task Names"
"Authorization Failure"
C H A P T E R
Cisco CRS-1 Series Carrier Routing System XML API Guide
8
8-87