2.1. User-based Security Model Users

The User-based Security Model makes use of the traditional concept of a user to associate security information. A user is identified by a userName, which is a human-readable name representing a principal on whose behalf services are provided or processing takes place.

A user is uniquely identified by the combination of:

userName: An OCTET STRING representing the user's name.
securityName: A human-readable name representing a principal.

Users are associated with two types of information:

Authentication Information

Authentication Protocol: The protocol used to authenticate messages.
Authentication Key: The key used by the authentication protocol. This key is localized to a specific SNMP engine.

Privacy Information

Privacy Protocol: The protocol used to protect message confidentiality.
Privacy Key: The key used by the privacy protocol. This key is localized to a specific SNMP engine.

A user's authentication and privacy keys are localized to specific SNMP engines using a key localization algorithm. This ensures that a user's keys are different for different SNMP engines, which limits the potential damage if a key is compromised.

Users are defined locally at each SNMP engine. The set of users known to a particular SNMP engine is maintained in the usmUserTable, which is defined in section 5 of this document.