Specifications
CHAPTER
8-91
Cisco CRS-1 Series Carrier Routing System XML API Guide
OL-4596-02
8
Cisco CRS-1 Series XML Security
Specific security privileges are required for a client application requesting information from the
Cisco CRS-1 Series Carrier Routing System (Cisco CRS-1 Series) router.
Note The extensible markup language (XML) application programming interface (API) code is available for use
on any Cisco platform that runs Cisco IOS XR software.
This chapter contains the following sections:
• Authentication, page 8-91
• Authorization, page 8-91
• Retrieving Task Permissions, page 8-92
• Task Privileges, page 8-93
• Task Names, page 8-93
• Authorization Failure, page 8-94
Authentication
User authentication through authentication, authorization, and accounting (AAA) is handled on the
router by the transport-specific XML agent and is not exposed through the XML interface.
Authorization
Every operation request by a client application is authorized. If the client is not authorized to perform an
operation, the operation is not performed by the Cisco CRS-1 Series router and an error is returned.
Authorization of client requests is handled through the standard AAA “task permissions” mechanism.
The XML agent caches the AAA user credentials obtained from the user authentication process, and then
each client provides these to the XML infrastructure on the Cisco CRS-1 Series router. As a result, no
AAA information needs to be passed in the XML request from the client application.
Each object class in the schema has a task ID associated with it. A client application’s capabilities and
privileges in terms of task IDs are exposed by AAA through a show command. A client application can
use the XML interface to retrieve the capabilities prior to sending configuration requests to the router.