[Ace] Review of draft-bormann-core-ace-aif-08
Jim Schaad <ietf@augustcellars.com> Wed, 24 June 2020 02:49 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E3E83A0112; Tue, 23 Jun 2020 19:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OEjILb7N6qtz; Tue, 23 Jun 2020 19:49:37 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA45A3A011B; Tue, 23 Jun 2020 19:49:36 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 23 Jun 2020 19:49:29 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-bormann-core-ace-aif@ietf.org
CC: 'Ace Wg' <ace@ietf.org>
Date: Tue, 23 Jun 2020 19:49:28 -0700
Message-ID: <013701d649d2$16105fe0$42311fa0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
thread-index: AdZJg4vX2cf40W+ES0yFIolQeLHTHg==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/F9HlgnBL5gFughEihnCl8QawicA>
Subject: [Ace] Review of draft-bormann-core-ace-aif-08
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 02:49:38 -0000
This is a clean review so the last one most likely still applies. * From my review of the group comm document. There needs to be an easy way to talk about a single entry in the array of all permissions. Some times you only want to ask for one thing and not deal with permissions for any other Toid. Perhaps also define an AIF-Generic-One<> * Section 3 - I think you might want to highlight that the first bullet implies that once a Toid is found, then there is no need to continue searching. The array allows this because it is an ordered list. Optional to toss the authorization set if a duplicate Toid is found. (And no, I don't want to switch to a map.) * Section 3 - the previous statement is correct for this data model. Should it be a requirement for all data models encoded with this? (I think yes) * Section 3 - I am happy that you are pushing the JSON encoding as a text string!!! * Section 2.1 - I think it would be better to use one of the URI naming parts than using local-part as the identifier assigned here. My problem is that local-part is a term I associate with email addresses. Perhaps "path-query" with or without a leading uri would be a better name. * Section 2.2 - Some of the implementations might be avoided by making a single operation into a series of steps which can then be checked. Thus "opening an unlocked door" becomes two steps "unlock a door" and "open a door" with different permissions set for each. * Section ?? - We should probably say something about the use of "0" for permissions in this model. Is this legal and means nothing else? Jim