tech-invite   World Map
3GPP     Specs     Glossaries     UICC       IETF     RFCs     Groups     SIP     ABNFs       T+       Search     Home

RFC 2273

 
 
 

SNMPv3 Applications

Part 3 of 3, p. 41 to 70
Prev RFC Part

 


prevText      Top      Up      ToC       Page 41 
4.2.  The Notification MIB Module

   The SNMP-NOTIFICATION-MIB module contains objects for the remote
   configuration of the parameters used by an SNMP entity for the
   generation of notifications.  It consists of three tables and
   conformance/compliance statements.  The first table, the
   snmpNotifyTable, contains entries which select which entries in the
   snmpTargetAddrTable should be used for generating notifications, and
   the type of notifications to be generated.

   The second table sparsely augments the snmpTargetAddrTable with an
   object which is used to associate a set of filters with a particular
   management target.

   The third table defines filters which are used to limit the number of
   notifications which are generated using particular management
   targets.

Top      Up      ToC       Page 42 
4.2.1.  Definitions

   SNMP-NOTIFICATION-MIB DEFINITIONS ::= BEGIN

   IMPORTS
       MODULE-IDENTITY,
       OBJECT-TYPE,
       snmpModules
           FROM SNMPv2-SMI

       RowStatus,
       StorageType
           FROM SNMPv2-TC

       SnmpAdminString
           FROM SNMP-FRAMEWORK-MIB

       SnmpTagValue,
       snmpTargetParamsName
           FROM SNMP-TARGET-MIB

       MODULE-COMPLIANCE,
       OBJECT-GROUP
           FROM SNMPv2-CONF;

   snmpNotificationMIB MODULE-IDENTITY
       LAST-UPDATED "9711210000Z"
       ORGANIZATION "IETF SNMPv3 Working Group"
       CONTACT-INFO
           "WG-email:   snmpv3@tis.com
            Subscribe:  majordomo@tis.com
                        In message body:  subscribe snmpv3

            Chair:      Russ Mundy
                        Trusted Information Systems
            Postal:     3060 Washington Rd
                        Glenwood MD 21738
                        USA
            Email:      mundy@tis.com
            Phone:      +1-301-854-6889

            Co-editor:  David B. Levi
                        SNMP Research, Inc.
            Postal:     3001 Kimberlin Heights Road
                        Knoxville, TN 37920-9716
            E-mail:     levi@snmp.com
            Phone:      +1 423 573 1434

Top      Up      ToC       Page 43 
            Co-editor:  Paul Meyer
                        Secure Computing Corporation
            Postal:     2675 Long Lake Road
                        Roseville, MN 55113
            E-mail:     paul_meyer@securecomputing.com
            Phone:      +1 612 628 1592

            Co-editor:  Bob Stewart
                        Cisco Systems, Inc.
            Postal:     170 West Tasman Drive
                        San Jose, CA 95134-1706
            E-mail:     bstewart@cisco.com
            Phone:      +1 603 654 6923"
       DESCRIPTION
           "This MIB module defines MIB objects which provide
            mechanisms to remotely configure the parameters
            used by an SNMP entity for the generation of
            notifications."
       REVISION    "9707140000Z"
       DESCRIPTION
           "The initial revision."
       ::= { snmpModules 13 }

   snmpNotifyObjects       OBJECT IDENTIFIER ::=
                                             { snmpNotificationMIB 1 }
   snmpNotifyConformance   OBJECT IDENTIFIER ::=
                                             { snmpNotificationMIB 3 }


   --
   --
   -- The snmpNotifyObjects group
   --
   --

   snmpNotifyTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF SnmpNotifyEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table is used to select management targets which should
            receive notifications, as well as the type of notification
            which should be sent to each selected management target."
       ::= { snmpNotifyObjects 1 }

   snmpNotifyEntry OBJECT-TYPE
       SYNTAX      SnmpNotifyEntry
       MAX-ACCESS  not-accessible

Top      Up      ToC       Page 44 
       STATUS      current
       DESCRIPTION
           "An entry in this table selects a set of management targets
            which should receive notifications, as well as the type of
            notification which should be sent to each selected
            management target.

            Entries in the snmpNotifyTable are created and
            deleted using the snmpNotifyRowStatus object."
       INDEX { IMPLIED snmpNotifyName }
       ::= { snmpNotifyTable 1 }

   SnmpNotifyEntry ::= SEQUENCE {
       snmpNotifyName         SnmpAdminString,
       snmpNotifyTag          SnmpTagValue,
       snmpNotifyType         INTEGER,
       snmpNotifyStorageType  StorageType,
       snmpNotifyRowStatus    RowStatus
   }

   snmpNotifyName OBJECT-TYPE
       SYNTAX      SnmpAdminString (SIZE(1..32))
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The locally arbitrary, but unique identifier associated
            with this snmpNotifyEntry."
       ::= { snmpNotifyEntry 1 }

   snmpNotifyTag OBJECT-TYPE
       SYNTAX      SnmpTagValue
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object contains a single tag value which is used
            to select entries in the snmpTargetAddrTable.  Any entry
            in the snmpTargetAddrTable which contains a tag value
            which is equal to the value of an instance of this
            object is selected.  If this object contains a value
            of zero length, no entries are selected."
       ::= { snmpNotifyEntry 2 }

   snmpNotifyType OBJECT-TYPE
       SYNTAX      INTEGER {
                       trap(1),
                       inform(2)
                   }
       MAX-ACCESS  read-create

Top      Up      ToC       Page 45 
       STATUS      current
       DESCRIPTION
           "This object determines the type of notification to
            be generated for entries in the snmpTargetAddrTable
            selected by the corresponding instance of
            snmpNotifyTag.

            If the value of this object is trap(1), then any
            messages generated for selected rows will contain
            SNMPv2-Trap PDUs.

            If the value of this object is inform(2), then any
            messages generated for selected rows will contain
            Inform PDUs.

            Note that if an SNMP entity only supports
            generation of traps (and not informs), then this
            object may be read-only."
       DEFVAL { trap }
       ::= { snmpNotifyEntry 3 }

   snmpNotifyStorageType OBJECT-TYPE
       SYNTAX      StorageType
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The storage type for this conceptual row."
       ::= { snmpNotifyEntry 4 }

   snmpNotifyRowStatus OBJECT-TYPE
       SYNTAX      RowStatus
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The status of this conceptual row.

            To create a row in this table, a manager must
            set this object to either createAndGo(4) or
            createAndWait(5).

            Until instances of all corresponding columns are
            appropriately configured, the value of the
            corresponding instance of the snmpNotifyRowStatus
            column is 'notReady'.

            In particular, a newly created row cannot be made
            active until the corresponding snmpNotifyTag has
            been set."

Top      Up      ToC       Page 46 
       ::= { snmpNotifyEntry 5 }

   snmpNotifyFilterProfileTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF SnmpNotifyFilterProfileEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table is used to associate a notification filter
            profile with a particular set of target parameters."
       ::= { snmpNotifyObjects 2 }

   snmpNotifyFilterProfileEntry OBJECT-TYPE
       SYNTAX      SnmpNotifyFilterProfileEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "An entry in this table indicates the name of the filter
            profile to be used when generating notifications using
            the corresponding entry in the snmpTargetParamsTable.

            Entries in the snmpNotifyFilterProfileTable are created
            and deleted using the snmpNotifyFilterProfileRowStatus
            object."
       INDEX { IMPLIED snmpTargetParamsName }
       ::= { snmpNotifyFilterProfileTable 1 }

   SnmpNotifyFilterProfileEntry ::= SEQUENCE {
       snmpNotifyFilterProfileName         SnmpAdminString,
       snmpNotifyFilterProfileStorType     StorageType,
       snmpNotifyFilterProfileRowStatus    RowStatus
   }

   snmpNotifyFilterProfileName OBJECT-TYPE
       SYNTAX      SnmpAdminString (SIZE(1..32))
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The name of the filter profile to be used when generating
            notifications using the corresponding entry in the
            snmpTargetAddrTable."
       ::= { snmpNotifyFilterProfileEntry 1 }

   snmpNotifyFilterProfileStorType OBJECT-TYPE
       SYNTAX      StorageType
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The storage type of this conceptual row."

Top      Up      ToC       Page 47 
       ::= { snmpNotifyFilterProfileEntry 2 }

   snmpNotifyFilterProfileRowStatus OBJECT-TYPE
       SYNTAX      RowStatus
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The status of this conceptual row.

            To create a row in this table, a manager must
            set this object to either createAndGo(4) or
            createAndWait(5)."
       ::= { snmpNotifyFilterProfileEntry 3 }

   snmpNotifyFilterTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF SnmpNotifyFilterEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The table of filter profiles.  Filter profiles are used
            to determine whether particular management targets should
            receive particular notifications.

            When a notification is generated, it must be compared
            with the filters associated with each management target
            which is configured to receive notifications.  If the
            notification is matched by a filter, it is not sent to
            the management target with which the filter is
            associated."
       ::= { snmpNotifyObjects 3 }

   snmpNotifyFilterEntry OBJECT-TYPE
       SYNTAX      SnmpNotifyFilterEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "An element of a filter profile.

            Entries in the snmpNotifyFilterTable are created and
            deleted using the snmpNotifyFilterRowStatus object."
       INDEX {         snmpNotifyFilterProfileName,
               IMPLIED snmpNotifyFilterSubtree }
       ::= { snmpNotifyFilterTable 1 }

   SnmpNotifyFilterEntry ::= SEQUENCE {
       snmpNotifyFilterSubtree           OBJECT IDENTIFIER,
       snmpNotifyFilterMask              OCTET STRING,
       snmpNotifyFilterType              INTEGER,

Top      Up      ToC       Page 48 
       snmpNotifyFilterStorageType       StorageType,
       snmpNotifyFilterRowStatus         RowStatus
   }

   snmpNotifyFilterSubtree OBJECT-TYPE
       SYNTAX      OBJECT IDENTIFIER
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The MIB subtree which, when combined with the corresponding
            instance of snmpNotifyFilterMask, defines a family of
            subtrees which are included in or excluded from the
            filter profile."
       ::= { snmpNotifyFilterEntry 1 }

   snmpNotifyFilterMask OBJECT-TYPE
       SYNTAX      OCTET STRING (SIZE(0..16))
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The bit mask which, in combination with the corresponding
            instance of snmpNotifyFilterSubtree, defines a family of
            subtrees which are included in or excluded from the
            filter profile.

            Each bit of this bit mask corresponds to a
            sub-identifier of snmpNotifyFilterSubtree, with the
            most significant bit of the i-th octet of this octet
            string value (extended if necessary, see below)
            corresponding to the (8*i - 7)-th sub-identifier, and
            the least significant bit of the i-th octet of this
            octet string corresponding to the (8*i)-th
            sub-identifier, where i is in the range 1 through 16.

            Each bit of this bit mask specifies whether or not
            the corresponding sub-identifiers must match when
            determining if an OBJECT IDENTIFIER matches this
            family of filter subtrees; a '1' indicates that an
            exact match must occur; a '0' indicates 'wild card',
            i.e., any sub-identifier value matches.

            Thus, the OBJECT IDENTIFIER X of an object instance
            is contained in a family of filter subtrees if, for
            each sub-identifier of the value of
            snmpNotifyFilterSubtree, either:

              the i-th bit of snmpNotifyFilterMask is 0, or

Top      Up      ToC       Page 49 
              the i-th sub-identifier of X is equal to the i-th
              sub-identifier of the value of
              snmpNotifyFilterSubtree.

            If the value of this bit mask is M bits long and
            there are more than M sub-identifiers in the
            corresponding instance of snmpNotifyFilterSubtree,
            then the bit mask is extended with 1's to be the
            required length.

            Note that when the value of this object is the
            zero-length string, this extension rule results in
            a mask of all-1's being used (i.e., no 'wild card'),
            and the family of filter subtrees is the one
            subtree uniquely identified by the corresponding
            instance of snmpNotifyFilterSubtree."
       DEFVAL { ''H }
       ::= { snmpNotifyFilterEntry 2 }

   snmpNotifyFilterType OBJECT-TYPE
       SYNTAX      INTEGER {
                       included(1),
                       excluded(2)
                   }
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object indicates whether the family of filter subtrees
            defined by this entry are included in or excluded from a
            filter."
       DEFVAL { included }
       ::= { snmpNotifyFilterEntry 3 }

   snmpNotifyFilterStorageType OBJECT-TYPE
       SYNTAX      StorageType
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The storage type of this conceptual row."
       ::= { snmpNotifyFilterEntry 4 }

   snmpNotifyFilterRowStatus OBJECT-TYPE
       SYNTAX      RowStatus
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The status of this conceptual row.

Top      Up      ToC       Page 50 
            To create a row in this table, a manager must
            set this object to either createAndGo(4) or
            createAndWait(5)."
       ::= { snmpNotifyFilterEntry 5 }

   --
   --
   -- Conformance information
   --
   --

   snmpNotifyCompliances OBJECT IDENTIFIER ::=
                                           { snmpNotifyConformance 1 }
   snmpNotifyGroups      OBJECT IDENTIFIER ::=
                                           { snmpNotifyConformance 2 }

   --
   --
   -- Compliance statements
   --
   --

   snmpNotifyBasicCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
           "The compliance statement for minimal SNMP entities which
            implement only SNMP Traps and read-create operations on
            only the snmpTargetAddrTable."
       MODULE SNMP-TARGET-MIB
           MANDATORY-GROUPS { snmpTargetBasicGroup }

           OBJECT snmpTargetParamsMPModel
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access is not required."

           OBJECT snmpTargetParamsSecurityModel
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access is not required."

           OBJECT snmpTargetParamsSecurityName
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access is not required."

           OBJECT snmpTargetParamsSecurityLevel
           MIN-ACCESS    read-only

Top      Up      ToC       Page 51 
           DESCRIPTION
               "Create/delete/modify access is not required."

           OBJECT snmpTargetParamsStorageType
           SYNTAX INTEGER {
               readOnly(5)
           }
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access is not required.
                Support of the values other(1), volatile(2),
                nonVolatile(3), and permanent(4) is not required."

           OBJECT snmpTargetParamsRowStatus
           SYNTAX INTEGER {
               active(1)
           }
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access to the
                snmpTargetParamsTable is not required.
                Support of the values notInService(2), notReady(3),
                createAndGo(4), createAndWait(5), and destroy(6) is
                not required."

       MODULE -- This Module
           MANDATORY-GROUPS { snmpNotifyGroup }

           OBJECT snmpNotifyTag
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access is not required."

           OBJECT snmpNotifyType
           SYNTAX INTEGER {
               trap(1)
           }
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access is not required.
                Support of the value notify(2) is not required."

           OBJECT snmpNotifyStorageType
           SYNTAX INTEGER {
               readOnly(5)
           }
           MIN-ACCESS    read-only
           DESCRIPTION

Top      Up      ToC       Page 52 
               "Create/delete/modify access is not required.
                Support of the values other(1), volatile(2),
                nonVolatile(3), and permanent(4) is not required."

           OBJECT snmpNotifyRowStatus
           SYNTAX INTEGER {
               active(1)
           }
           MIN-ACCESS    read-only
           DESCRIPTION
               "Create/delete/modify access to the
                snmpNotifyTable is not required.
                Support of the values notInService(2), notReady(3),
                createAndGo(4), createAndWait(5), and destroy(6) is
                not required."

       ::= { snmpNotifyCompliances 1 }

   snmpNotifyBasicFiltersCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
           "The compliance statement for SNMP entities which implement
            SNMP Traps with filtering, and read-create operations on
            all related tables."
       MODULE SNMP-TARGET-MIB
           MANDATORY-GROUPS { snmpTargetBasicGroup }
       MODULE -- This Module
           MANDATORY-GROUPS { snmpNotifyGroup,
                              snmpNotifyFilterGroup }
       ::= { snmpNotifyCompliances 2 }

   snmpNotifyFullCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
           "The compliance statement for SNMP entities which either
            implement only SNMP Informs, or both SNMP Traps and SNMP
            Informs, plus filtering and read-create operations on
            all related tables."
       MODULE SNMP-TARGET-MIB
           MANDATORY-GROUPS { snmpTargetBasicGroup,
                              snmpTargetResponseGroup }
       MODULE -- This Module
           MANDATORY-GROUPS { snmpNotifyGroup,
                              snmpNotifyFilterGroup }
       ::= { snmpNotifyCompliances 3 }

   snmpNotifyGroup OBJECT-GROUP
       OBJECTS {

Top      Up      ToC       Page 53 
           snmpNotifyTag,
           snmpNotifyType,
           snmpNotifyStorageType,
           snmpNotifyRowStatus
       }
       STATUS      current
       DESCRIPTION
           "A collection of objects for selecting which management
            targets are used for generating notifications, and the
            type of notification to be generated for each selected
            management target."
       ::= { snmpNotifyGroups 1 }

   snmpNotifyFilterGroup OBJECT-GROUP
       OBJECTS {
           snmpNotifyFilterProfileName,
           snmpNotifyFilterProfileStorType,
           snmpNotifyFilterProfileRowStatus,
           snmpNotifyFilterMask,
           snmpNotifyFilterType,
           snmpNotifyFilterStorageType,
           snmpNotifyFilterRowStatus
       }
       STATUS      current
       DESCRIPTION
           "A collection of objects providing remote configuration
            of notification filters."
       ::= { snmpNotifyGroups 2 }

   END

4.3.  The Proxy MIB Module

   The SNMP-PROXY-MIB module, which defines MIB objects that provide
   mechanisms to remotely configure the parameters used by an SNMP
   entity for proxy forwarding operations, contains a single table.
   This table, snmpProxyTable, is used to define translations between
   management targets for use when forwarding messages.

4.3.1.  Definitions

   SNMP-PROXY-MIB DEFINITIONS ::= BEGIN

   IMPORTS
       MODULE-IDENTITY,
       OBJECT-TYPE,
       snmpModules
           FROM SNMPv2-SMI

Top      Up      ToC       Page 54 
       RowStatus,
       StorageType
           FROM SNMPv2-TC

       SnmpEngineID,
       SnmpAdminString
           FROM SNMP-FRAMEWORK-MIB

       SnmpTagValue,
           FROM SNMP-TARGET-MIB

       MODULE-COMPLIANCE,
       OBJECT-GROUP
           FROM SNMPv2-CONF;

   snmpProxyMIB MODULE-IDENTITY
       LAST-UPDATED "9711210000Z"
       ORGANIZATION "IETF SNMPv3 Working Group"
       CONTACT-INFO
           "WG-email:   snmpv3@tis.com
            Subscribe:  majordomo@tis.com
                        In message body:  subscribe snmpv3

            Chair:      Russ Mundy
                        Trusted Information Systems
            Postal:     3060 Washington Rd
                        Glenwood MD 21738
                        USA
            Email:      mundy@tis.com
            Phone:      +1-301-854-6889

            Co-editor:  David B. Levi
                        SNMP Research, Inc.
            Postal:     3001 Kimberlin Heights Road
                        Knoxville, TN 37920-9716
            E-mail:     levi@snmp.com
            Phone:      +1 423 573 1434

            Co-editor:  Paul Meyer
                        Secure Computing Corporation
            Postal:     2675 Long Lake Road
                        Roseville, MN 55113
            E-mail:     paul_meyer@securecomputing.com
            Phone:      +1 612 628 1592

            Co-editor:  Bob Stewart
                        Cisco Systems, Inc.
            Postal:     170 West Tasman Drive

Top      Up      ToC       Page 55 
                        San Jose, CA 95134-1706
            E-mail:     bstewart@cisco.com
            Phone:      +1 603 654 6923"
       DESCRIPTION
           "This MIB module defines MIB objects which provide
            mechanisms to remotely configure the parameters
            used by a proxy forwarding application."
       REVISION    "9707140000Z"
       DESCRIPTION
           "The initial revision."
       ::= { snmpModules 14 }

   snmpProxyObjects        OBJECT IDENTIFIER ::= { snmpProxyMIB 1 }
   snmpProxyConformance    OBJECT IDENTIFIER ::= { snmpProxyMIB 3 }

   --
   --
   -- The snmpProxyObjects group
   --
   --

   snmpProxyTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF SnmpProxyEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The table of translation parameters used by proxy forwarder
            applications for forwarding SNMP messages."
       ::= { snmpProxyObjects 2 }

   snmpProxyEntry OBJECT-TYPE
       SYNTAX      SnmpProxyEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "A set of translation parameters used by a proxy forwarder
            application for forwarding SNMP messages.

            Entries in the snmpProxyTable are created and deleted
            using the snmpProxyRowStatus object."
       INDEX { IMPLIED snmpProxyName }
       ::= { snmpProxyTable 1 }

   SnmpProxyEntry ::= SEQUENCE {
       snmpProxyName               SnmpAdminString,
       snmpProxyType               INTEGER,
       snmpProxyContextEngineID    SnmpEngineID,
       snmpProxyContextName        SnmpAdminString,

Top      Up      ToC       Page 56 
       snmpProxyTargetParamsIn     SnmpAdminString,
       snmpProxySingleTargetOut    SnmpAdminString,
       snmpProxyMultipleTargetOut  SnmpTagValue,
       snmpProxyStorageType        StorageType,
       snmpProxyRowStatus          RowStatus
   }

   snmpProxyName OBJECT-TYPE
       SYNTAX      SnmpAdminString (SIZE(1..32))
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The locally arbitrary, but unique identifier associated
            with this snmpProxyEntry."
       ::= { snmpProxyEntry 1 }

   snmpProxyType OBJECT-TYPE
       SYNTAX      INTEGER {
                       read(1),
                       write(2),
                       trap(3),
                       inform(4)
                   }
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The type of message that may be forwarded using
            the translation parameters defined by this entry."
       ::= { snmpProxyEntry 2 }

   snmpProxyContextEngineID OBJECT-TYPE
       SYNTAX      SnmpEngineID
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The contextEngineID contained in messages that
            may be forwarded using the translation parameters
            defined by this entry."
       ::= { snmpProxyEntry 3 }

   snmpProxyContextName OBJECT-TYPE
       SYNTAX      SnmpAdminString
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The contextName contained in messages that may be
            forwarded using the translation parameters defined
            by this entry.

Top      Up      ToC       Page 57 
            This object is optional, and if not supported, the
            contextName contained in a message is ignored when
            selecting an entry in the snmpProxyTable."
       ::= { snmpProxyEntry 4 }

   snmpProxyTargetParamsIn OBJECT-TYPE
       SYNTAX      SnmpAdminString
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object selects an entry in the snmpTargetParamsTable.
            The selected entry is used to determine which row of the
            snmpProxyTable to use for forwarding received messages."
       ::= { snmpProxyEntry 5 }

   snmpProxySingleTargetOut OBJECT-TYPE
       SYNTAX      SnmpAdminString
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object selects a management target defined in the
            snmpTargetAddrTable (in the SNMP-TARGET-MIB).  The
            selected target is defined by an entry in the
            snmpTargetAddrTable whose index value (snmpTargetAddrName)
            is equal to this object.

            This object is only used when selection of a single
            target is required (i.e. when forwarding an incoming
            read or write request)."
       ::= { snmpProxyEntry 6 }

   snmpProxyMultipleTargetOut OBJECT-TYPE
       SYNTAX      SnmpTagValue
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "This object selects a set of management targets defined
            in the snmpTargetAddrTable (in the SNMP-TARGET-MIB).

            This object is only used when selection of multiple
            targets is required (i.e. when forwarding an incoming
            notification)."
       ::= { snmpProxyEntry 7 }

   snmpProxyStorageType OBJECT-TYPE
       SYNTAX      StorageType
       MAX-ACCESS  read-create
       STATUS      current

Top      Up      ToC       Page 58 
       DESCRIPTION
           "The storage type of this conceptual row."
       ::= { snmpProxyEntry 8 }

   snmpProxyRowStatus OBJECT-TYPE
       SYNTAX      RowStatus
       MAX-ACCESS  read-create
       STATUS      current
       DESCRIPTION
           "The status of this conceptual row.

            To create a row in this table, a manager must
            set this object to either createAndGo(4) or
            createAndWait(5).

            The following objects may not be modified while the
            value of this object is active(1):
                - snmpProxyType
                - snmpProxyContextEngineID
                - snmpProxyContextName
                - snmpProxyTargetParamsIn
                - snmpProxySingleTargetOut
                - snmpProxyMultipleTargetOut"

       ::= { snmpProxyEntry 9 }

   --
   --
   -- Conformance information
   --
   --

   snmpProxyCompliances OBJECT IDENTIFIER ::=
                                            { snmpProxyConformance 1 }
   snmpProxyGroups      OBJECT IDENTIFIER ::=
                                            { snmpProxyConformance 2 }

   --
   --
   -- Compliance statements
   --
   --

   snmpProxyCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
           "The compliance statement for SNMP entities which include
            a proxy forwarding application."

Top      Up      ToC       Page 59 
       MODULE SNMP-TARGET-MIB
           MANDATORY-GROUPS { snmpTargetBasicGroup,
                              snmpTargetResponseGroup }
       MODULE -- This Module
           MANDATORY-GROUPS { snmpProxyGroup }
       ::= { snmpProxyCompliances 1 }

   snmpProxyGroup OBJECT-GROUP
       OBJECTS {
           snmpProxyType,
           snmpProxyContextEngineID,
           snmpProxyContextName,
           snmpProxyTargetParamsIn,
           snmpProxySingleTargetOut,
           snmpProxyMultipleTargetOut,
           snmpProxyStorageType,
           snmpProxyRowStatus
       }
       STATUS      current
       DESCRIPTION
           "A collection of objects providing remote configuration of
            management target translation parameters for use by
            proxy forwarder applications."

       ::= { snmpProxyGroups 3 }

   END

5.  Identification of Management Targets in Notification Originators

   This section describes the mechanisms used by a notification
   originator application when using the MIB module described in this
   document to determine the set of management targets to be used when
   generating a notification.

   A notification originator uses the snmpNotifyTable to find the
   management targets to be used for generating notifications.  Each
   active entry in this table identifies zero or more entries in the
   snmpTargetAddrTable.  Any entry in the snmpTargetAddrTable whose
   snmpTargetAddrTagList object contains a tag value which is equal to a
   value of snmpNotifyTag is selected by the snmpNotifyEntry which
   contains that instance of snmpNotifyTag.  Note that a particular
   snmpTargetAddrEntry may be selected by multiple entries in the
   snmpNotifyTable, resulting in multiple notifications being generated
   using that snmpTargetAddrEntry.

Top      Up      ToC       Page 60 
   Each snmpTargetAddrEntry contains a pointer to the
   snmpTargetParamsTable (snmpTargetAddrParams).  This pointer selects a
   set of SNMP parameters to be used for generating notifications.  If
   the selected entry in the snmpTargetParamsTable does not exist, the
   management target is not used to generate notifications.

   The decision as to whether a notification should contain an SNMPv2-
   Trap or Inform PDU is determined by the value of the snmpNotifyType
   object.  If the value of this object is trap(1), the notification
   should contain an SNMPv2-Trap PDU.  If the value of this object is
   inform(2), then the notification should contain an Inform PDU, and
   the timeout time and number of retries for the Inform are the value
   of snmpTargetAddrTimeout and snmpTargetAddrRetryCount.  Note that the
   exception to these rules is when the snmpTargetParamsMPModel object
   indicates SNMPv1.  In this case, the notification is sent as a Trap
   if the value of snmpNotifyTargetType is either trap(1) or inform(2).

6.  Notification Filtering

   This section describes the mechanisms used by a notification
   originator application when using the MIB module described in this
   document to filter generation of notifications.

   A notification originator uses the snmpNotifyFilterTable to filter
   notifications.  A notification filter profile may be associated with
   a particular entry in the snmpTargetParamsTable.  The associated
   filter profile is identified by an entry in the
   snmpNotifyFilterProfileTable whose index is equal to the index of the
   entry in the snmpTargetParamsTable.  If no such entry exists in the
   snmpNotifyFilterProfileTable, no filtering is performed for that
   management target.

   If such an entry does exist, the value of snmpNotifyFilterProfileName
   of the entry is compared with the corresponding portion of the index
   of all active entries in the snmpNotifyFilterTable.  All such entries
   for which this comparison results in an exact match are used for
   filtering a notification generated using the associated
   snmpTargetParamsEntry.  If no such entries exist, no filtering is
   performed, and a notification may be sent to the management target.

   Otherwise, if matching entries do exist, a notification may be sent
   if the NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this
   is the value of the element of the variable bindings whose name is
   snmpTrapOID.0, i.e., the second variable binding), and all of the
   object instances to be included in the variable-bindings of the
   notification, are not specifically excluded by the matching entries.

Top      Up      ToC       Page 61 
   Each set of snmpNotifyFilterTable entries is divided into two
   collections of filter subtrees:  the included filter subtrees, and
   the excluded filter subtrees.  The snmpNotifyFilterType object
   defines the collection to which each matching entry belongs.

   To determine whether a particular notification name or object
   instance is excluded by the set of matching entries, compare the
   notification name's or object instance's OBJECT IDENTIFIER with each
   of the matching entries.  If none match, then the notification name
   or object instance is considered excluded, and the notification
   should not be sent to this management target.  If one or more match,
   then the notification name or object instance is included or
   excluded, according to the value of snmpNotifyFilterType in the entry
   whose value of snmpNotifyFilterSubtree has the most sub-identifiers.
   If multiple entries match and have the same number of sub-
   identifiers, then the lexicographically greatest instance of
   snmpNotifyFilterType among those which match determines the inclusion
   or exclusion.

   A notification name's or object instance's OBJECT IDENTIFIER X
   matches an entry in the snmpNotifyFilterTable when the number of
   sub-identifiers in X is at least as many as in the value of
   snmpNotifyFilterSubtree for the entry, and each sub-identifier in the
   value of snmpNotifyFilterSubtree matches its corresponding sub-
   identifier in X.  Two sub-identifiers match either if the
   corresponding bit of snmpNotifyFilterMask is zero (the 'wild card'
   value), or if the two sub-identifiers are equal.

7.  Management Target Translation in Proxy Forwarder Applications

   This section describes the mechanisms used by a proxy forwarder
   application when using the MIB module described in this document to
   translate incoming management target information into outgoing
   management target information for the purpose of forwarding messages.
   There are actually two mechanisms a proxy forwarder may use, one for
   forwarding request messages, and one for forwarding notification
   messages.

7.1.  Management Target Translation for Request Forwarding

   When forwarding request messages, the proxy forwarder will select a
   single entry in the snmpProxyTable.  To select this entry, it will
   perform the following comparisons:

       -  The snmpProxyType must be read(1) if the request is a Get,
          GetNext, or GetBulk request.  The snmpProxyType must be
          write(2) if the request is a Set request.

Top      Up      ToC       Page 62 
       -  The contextEngineId must equal the snmpProxyContextEngineID
          object.

       -  If the snmpProxyContextName object is supported, it must equal
          the contextName.

       -  The snmpProxyTargetParamsIn object identifies an entry in the
          snmpTargetParamsTable.  The messageProcessingModel,
          securityLevel, security model, and securityName must match the
          values of snmpTargetParamsMPModel,
          snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName,
          and snmpTargetParamsSecurityLevel of the identified entry in
          the snmpTargetParamsTable.

   There may be multiple entries in the snmpProxyTable for which these
   comparisons succeed.  The entry whose snmpProxyName has the
   lexicographically smallest value and for which the comparisons
   succeed will be selected by the proxy forwarder.

   The outgoing management target information is identified by the value
   of the snmpProxySingleTargetOut object of the selected entry.  This
   object identifies an entry in the snmpTargetAddrTable.  The
   identified entry in the snmpTargetAddrTable also contains a reference
   to the snmpTargetParamsTable (snmpTargetAddrParams).  If either the
   identified entry in the snmpTargetAddrTable does not exist, or the
   identified entry in the snmpTargetParamsTable does not exist, then
   this snmpProxyEntry does not identify valid forwarding information,
   and the proxy forwarder should attempt to identify another row.

   If there is no entry in the snmpProxyTable for which all of the
   conditions above may be met, then there is no appropriate forwarding
   information, and the proxy forwarder should take appropriate actions.

   Otherwise, The snmpTargetAddrTDomain, snmpTargetAddrTAddress,
   snmpTargetAddrTimeout, and snmpTargetRetryCount of the identified
   snmpTargetAddrEntry, and the snmpTargetParamsMPModel,
   snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, and
   snmpTargetParamsSecurityLevel of the identified snmpTargetParamsEntry
   are used as the destination management target.

7.2.  Management Target Translation for Notification Forwarding

   When forwarding notification messages, the proxy forwarder will
   select multiple entries in the snmpProxyTable.  To select these
   entries, it will perform the following comparisons:

Top      Up      ToC       Page 63 
       -  The snmpProxyType must be trap(3) if the notification is a
          Trap.  The snmpProxyType must be inform(4) if the request is
          an Inform.

       -  The contextEngineId must equal the snmpProxyContextEngineID
          object.

       -  If the snmpProxyContextName object is supported, it must equal
          the contextName.

       -  The snmpProxyTargetParamsIn object identifies an entry in the
          snmpTargetParamsTable.  The messageProcessingModel,
          securityLevel, security model, and securityName must match the
          values of snmpTargetParamsMPModel,
          snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName,
          and snmpTargetParamsSecurityLevel of the identified entry in
          the snmpTargetParamsTable.

   All entries for which these conditions are met are selected.  The
   snmpProxyMultipleTargetOut object of each such entry is used to
   select a set of entries in the snmpTargetAddrTable.  Any
   snmpTargetAddrEntry whose snmpTargetAddrTagList object contains a tag
   value equal to the value of snmpProxyMultipleTargetOut, and whose
   snmpTargetAddrParams object references an existing entry in the
   snmpTargetParamsTable, is selected as a destination for the forwarded
   notification.

8.  Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.

Top      Up      ToC       Page 64 
9.  Acknowledgments

   This document is the result of the efforts of the SNMPv3 Working
   Group.  Some special thanks are in order to the following SNMPv3 WG
   members:

      Dave Battle (SNMP Research, Inc.)
      Uri Blumenthal (IBM T.J. Watson Research Center)
      Jeff Case (SNMP Research, Inc.)
      John Curran (BBN)
      T. Max Devlin (Hi-TECH Connections)
      John Flick (Hewlett Packard)
      David Harrington (Cabletron Systems Inc.)
      N.C. Hien (IBM T.J. Watson Research Center)
      Dave Levi (SNMP Research, Inc.)
      Louis A Mamakos (UUNET Technologies Inc.)
      Paul Meyer (Secure Computing Corporation)
      Keith McCloghrie (Cisco Systems)
      Russ Mundy (Trusted Information Systems, Inc.)
      Bob Natale (ACE*COMM Corporation)
      Mike O'Dell (UUNET Technologies Inc.)
      Dave Perkins (DeskTalk)
      Peter Polkinghorne (Brunel University)
      Randy Presuhn (BMC Software, Inc.)
      David Reid (SNMP Research, Inc.)
      Shawn Routhier (Epilogue)
      Juergen Schoenwaelder (TU Braunschweig)
      Bob Stewart (Cisco Systems)
      Bert Wijnen (IBM T.J. Watson Research Center)

   The document is based on recommendations of the IETF Security and
   Administrative Framework Evolution for SNMP Advisory Team. Members of
   that Advisory Team were:

      David Harrington (Cabletron Systems Inc.)
      Jeff Johnson (Cisco Systems)
      David Levi (SNMP Research Inc.)
      John Linn (Openvision)
      Russ Mundy (Trusted Information Systems) chair
      Shawn Routhier (Epilogue)
      Glenn Waters (Nortel)
      Bert Wijnen (IBM T. J. Watson Research Center)

   As recommended by the Advisory Team and the SNMPv3 Working Group
   Charter, the design incorporates as much as practical from previous
   RFCs and drafts. As a result, special thanks are due to the authors
   of previous designs known as SNMPv2u and SNMPv2*:

Top      Up      ToC       Page 65 
      Jeff Case (SNMP Research, Inc.)
      David Harrington (Cabletron Systems Inc.)
      David Levi (SNMP Research, Inc.)
      Keith McCloghrie (Cisco Systems)
      Brian O'Keefe (Hewlett Packard)
      Marshall T. Rose (Dover Beach Consulting)
      Jon Saperia (BGS Systems Inc.)
      Steve Waldbusser (International Network Services)
      Glenn W. Waters (Bell-Northern Research Ltd.)

10.  Security Considerations

   The SNMP applications described in this document typically have
   direct access to MIB instrumentation.  Thus, it is very important
   that these applications be strict in their application of access
   control as described in this document.

   In addition, there may be some types of notification generator
   applications which, rather than accessing MIB instrumentation using
   access control, will obtain MIB information through other means (such
   as from a command line).  The implementors and users of such
   applications must be responsible for not divulging MIB information
   that normally would be inaccessible due to access control.

11.  References

   [RFC1157]
     Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network
     Management Protocol", RFC 1157, May 1990.

   [RFC1213]
     McCloghrie, K. and M. Rose, Editors, "Management Information Base
     for Network Management of TCP/IP-based internets: MIB-II", STD 17,
     RFC 1213, March 1991.

   [RFC1902]
     Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Structure of
     Management Information for Version 2 of the Simple Network
     Management Protocol (SNMPv2)", RFC 1902, January 1996.

   [RFC1903]
     Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Textual
     Conventions for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1903, January 1996.

Top      Up      ToC       Page 66 
   [RFC1905]
     SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
     Waldbusser, "Protocol Operations for Version 2 of the Simple
     Network Management Protocol (SNMPv2)", RFC 1905, January 1996.

   [RFC1907]
     SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
     Waldbusser, "Management Information Base for Version 2 of the
     Simple Network Management Protocol (SNMPv2)", RFC 1907, January
     1996.

   [RFC1908]
     SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
     Waldbusser, "Coexistence between Version 1 and Version 2 of the
     Internet-standard Network Management Framework", RFC 1908, January
     1996.

   [RFC2271]
     Harrington, D., and B. Wijnen, "An Architecture for Describing SNMP
     Management Frameworks", RFC 2271, January 1998.

   [RFC2272]
     Case, J., Harrington, D., and B. Wijnen, "Message Processing and
     Dispatching for the Simple Network Management Protocol (SNMP)", RFC
     2272, January 1998.

   [RFC2275]
     Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access
     Control Model for the Simple Network Management Protocol (SNMP)",
     RFC 2275, January 1998.

Top      Up      ToC       Page 67 
12.  Editors' Addresses

   David B. Levi
   SNMP Research, Inc.
   3001 Kimberlin Heights Road
   Knoxville, TN 37920-9716
   U.S.A.

   Phone: +1 423 573 1434
   EMail: levi@snmp.com


   Paul Meyer
   Secure Computing Corporation
   2675 Long Lake Road
   Roseville, MN 55113
   U.S.A.

   Phone: +1 612 628 1592
   EMail: paul_meyer@securecomputing.com


   Bob Stewart
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA 95134-1706
   U.S.A.

   Phone: +1 603 654 6923
   EMail: bstewart@cisco.com

Top      Up      ToC       Page 68 
APPENDIX A - Trap Configuration Example

   This section describes an example configuration for a Notification
   Generator application which implements the snmpNotifyBasicCompliance
   level.  The example configuration specifies that the Notification
   Generator should send notifications to 3 separate managers, using
   authentication and no privacy for the first 2 managers, and using
   both authentication and privacy for the third manager.

   The configuration consists of three rows in the snmpTargetAddrTable,
   and two rows in the snmpTargetTable.

          snmpTargetAddrName         SnmpAdminString,
          snmpTargetAddrTDomain      TDomain,
          snmpTargetAddrTAddress     TAddress,
          snmpTargetAddrTimeout      TimeInterval,
          snmpTargetAddrRetryCount   Integer32,
          snmpTargetAddrTagList      SnmpAdminString,
          snmpTargetAddrParams       SnmpAdminString,
          snmpTargetAddrStorageType  StorageType,
          snmpTargetAddrRowStatus    RowStatus

        * snmpTargetAddrName        = "addr1"
          snmpTargetAddrTDomain     = snmpUDPDomain
          snmpTargetAddrTAddress    = 128.1.2.3:162
          snmpTargetAddrTagList     = "group1"
          snmpTargetAddrParams      = "AuthNoPriv joe"
          snmpTargetAddrStorageType = readOnly(5)
          snmpTargetAddrRowStatus   = active(1)

        * snmpTargetAddrName        = "addr2"
          snmpTargetAddrTDomain     = snmpUDPDomain
          snmpTargetAddrTAddress    = 128.2.4.6:162
          snmpTargetAddrTagList     = "group1"
          snmpTargetAddrParams      = "AuthNoPriv-joe"
          snmpTargetAddrStorageType = readOnly(5)
          snmpTargetAddrRowStatus   = active(1)

        * snmpTargetAddrName        = "addr3"
          snmpTargetAddrTDomain     = snmpUDPDomain
          snmpTargetAddrTAddress    = 128.1.2.3:162
          snmpTargetAddrTagList     = "group2"
          snmpTargetAddrParams      = "AuthPriv-bob"
          snmpTargetAddrStorageType = readOnly(5)
          snmpTargetAddrRowStatus   = active(1)

        * snmpTargetParamsName                   = "AuthNoPriv-joe"
          snmpTargetParamsMPModel                = 3

Top      Up      ToC       Page 69 
          snmpTargetParamsSecurityModel          = 3 (USM)
          snmpTargetParamsSecurityName           = "joe"
          snmpTargetParamsSecurityLevel          = authNoPriv(2)
          snmpTargetParamsStorageType            = readOnly(5)
          snmpTargetParamsRowStatus              = active(1)

        * snmpTargetParamsName                   = "AuthPriv-bob"
          snmpTargetParamsMPModel                = 3
          snmpTargetParamsSecurityModel          = 3 (USM)
          snmpTargetParamsSecurityName           = "bob"
          snmpTargetParamsSecurityLevel          = authPriv(3)
          snmpTargetParamsStorageType            = readOnly(5)
          snmpTargetParamsRowStatus              = active(1)

        * snmpNotifyName         = "group1"
          snmpNotifyTag          = "group1"
          snmpNotifyType         = trap(1)
          snmpNotifyStorageType  = readOnly(5)
          snmpNotifyRowStatus    = active(1)

        * snmpNotifyName         = "group2"
          snmpNotifyTag          = "group2"
          snmpNotifyType         = trap(1)
          snmpNotifyStorageType  = readOnly(5)
          snmpNotifyRowStatus    = active(1)

   These entries define two groups of management targets.  The first
   group contains two management targets:

                                first target      second target
                                ------------      -------------
       messageProcessingModel   SNMPv3            SNMPv3
                securityModel   3 (USM)           3 (USM)
                 securityName   "joe"             "joe"
                securityLevel   authNoPriv(2)     authNoPriv(2)
              transportDomain   snmpUDPDomain     snmpUDPDomain
             transportAddress   128.1.2.3:162     128.2.4.6:162

   And the second group contains a single management target:

       messageProcessingModel   SNMPv3
                securityLevel   authPriv(3)
                securityModel   3 (USM)
                 securityName   "bob"
              transportDomain   snmpUDPDomain
             transportAddress   128.1.5.9:162

Top      Up      ToC       Page 70 
B.  Full Copyright Statement

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the  purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.