Re: [Ace] WGLC for draft-ietf-ace-aif
Daniel Migault <mglt.ietf@gmail.com> Fri, 12 February 2021 14:53 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 351B73A170E; Fri, 12 Feb 2021 06:53:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zef-f8fbHkp3; Fri, 12 Feb 2021 06:53:32 -0800 (PST)
Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37C233A170D; Fri, 12 Feb 2021 06:53:32 -0800 (PST)
Received: by mail-vs1-xe33.google.com with SMTP id d24so4927763vso.6; Fri, 12 Feb 2021 06:53:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=q/9dRhtZ3kw3cwZCdW90jueXT7X2GRY4vl4dyKZrbJk=; b=ALN/PLlXJudF/susWRf9ZhMdzkja3eNT6GdjhCZhDllWe9bEFl623KvRGalOrNLx+D Gj89PNpfBD+MM2P64tlcLMFKuAAESinq0WHZkSqiwYeAHdk20OLG7+DfCwea5qFaEXbe Wg3T9C4y+g2S8V5mKTTgs7HHwSc/wtG6K5CFC7igqu6vmkAvHYFMHwBWX9maW6xLYrA8 di1+H8+N9SMQ1lVon91l7ueyNTFSZikbYC0x0rv5wSbL823fNJfsKWCGks3iESs/5G4S tbgeL1wFO9DgmJ3iA9pfEmnLjlsfF6kMRwUKlrS7nipgTNkXryrVmlkHWLhY1I6YldPp mZIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=q/9dRhtZ3kw3cwZCdW90jueXT7X2GRY4vl4dyKZrbJk=; b=syoFWZzrXDhshrKKc2Oc68P79NuHIV4867EJUzXYDYjnGPrM+EBskGZ2db4BUcjkN/ QT57Lj7sYg4+W9LJIGu3eVguIduYNBnroGz4k6n5h9b7WoS5agcodSmcWs9vdsU6xXV9 LHE8s93dO5kizWw7KrPd7rmK3OuttNgWYfBTaKOzs6oQmtzs6clUxKUO3Q4M8FB9YC8R we4Kzd7wr7icFhMm8e5C7cpCQzVw1D8AL4gZy2i80HRGkWMEQ86LAoRk5V3l/ZCNWM8b XPnbVy8/erHdocjPMUIOQE88Jlsf6ZyNxEWdprnhSW1ONB6ClWg8gKljwwzbb+NbgJKk QARg==
X-Gm-Message-State: AOAM530Mita6wwWdP9xijsE8blux68c8GCwhEBHpCmLOH6jUuAcql7R7 Zg1P66Cc8f3gHmrVLh0w1QIa1Bq3AWWuotizutg=
X-Google-Smtp-Source: ABdhPJyou9G4CJ+pJ6vlB83mlAVVRLR5gpo+2BHiDrUOaLi3guYbhGGa//9N/+j5a6fqHGTM5QFG+uIutPpphqIqoDk=
X-Received: by 2002:a67:e095:: with SMTP id f21mr1779523vsl.20.1613141610291; Fri, 12 Feb 2021 06:53:30 -0800 (PST)
MIME-Version: 1.0
References: <CADZyTknQ97R+vR-tDcA6ZqCVA5qT-PMmPF44DzhLFzHhj8BU2w@mail.gmail.com> <87k0rdslku.fsf@wangari>
In-Reply-To: <87k0rdslku.fsf@wangari>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Fri, 12 Feb 2021 09:53:19 -0500
Message-ID: <CADZyTkmCBKuKg+TjZHF01dG8bTABaM_U9oAwWs+avN9F-VsH4Q@mail.gmail.com>
To: Olaf Bergmann <bergmann@tzi.org>
Cc: Ace Wg <ace@ietf.org>, draft-ietf-ace-aif@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a7670d05bb24ccb8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/U3v-jjgKHbrfHJeXWZb77Arcl5w>
Subject: Re: [Ace] WGLC for draft-ietf-ace-aif
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 14:53:35 -0000
Thanks for the review Olaf. Yours, Daniel On Fri, Feb 12, 2021 at 4:05 AM Olaf Bergmann <bergmann@tzi.org> wrote: > Hi all, hi Carsten, > > here is my review for draft-ietf-ace-aif-01. > > The document is well-written and straight forward. I have only a few > minor comments (see below). > > Grüße > Olaf > > # Abstract/1. Introduction > > "To transfer detailed authorization information from an > authorization manager (such as an ACE-OAuth Authorization Server) to > a device, a representation format is needed." > > Maybe add "compact" before "representation format is needed" to > indicate that suitability for constrained devices is an important > design goal here. > > ## 1.1. Terminology > > Mention that CDDL is used as a formal syntax? > > # 2. Information Model > > "For the purposes of this specification, the underlying access > control model will be that of an access matrix, which gives a set of > permissions for each possible combination of a subject and an > object. We do not concern the AIF format with the subject for which > the AIF object is issued, focusing the AIF object [...]" > > Here, the different use of "object" might be confusing (first as one > dimension of the access matrix, then as "AIF object", i.e., the > serialization of permission+object; in the next paragraph it is again > the first meaning of object). Maybe this can be solved by > unfolding the abbreviation: > > "[...] We do not concern the AIF format with the subject for which > the Authorization Information is issued, focusing the Authorization > Information [...]" > > Alternatively, these terms could be explained in the terminology > section. > > Also, "AIF format" would double as "Authorization Information Format > format". I would not bother, though. > > In the same sentence: > > "We do not concern the AIF format with the subject for which the AIF > object is issued, focusing the AIF object on a single row [...]" > > I am not sure if "[...] focusing the AIF object [...]" is really meant > here. Another, also valid statement would be "[...] focusing on the AIF > object [...]"? > > ## 2.1 REST-specific model > > Heading: s/model/Model/ (also for 2.3 Extended REST-specific Model) > > The first paragraph refers to CoAP which has not been introduced (and > motivated). It might be good to note that CoAP is used as an > explanatory example here which is motivated by the target devices' > constraints. > > Table 1: To readers who are not familiar with the notion of the "/s" > and "/a" prefixes, it might be surprising that the light (sensor) > should allow GET only. Maybe "/s/temp" would be more intuitive? > (also in Figure 3 and Figure 5) > > ## 2.2. Limitations > > In the first sentence: s/e.g. URIs/e.g., URIs/ > > Second paragraph: s/doesn't/does not/ > > Last paragraph: s/specific to a subject, e.g. that/specific to a subject, > e.g., that/ > > ## 2.3 Extended REST-specific model > > First paragraph: s/in a CoAP result/in a CoAP response/ > > s/rfc5661/RFC5661/ > > Table 2 is missing a reference in the text. > > The question that may arise here is how a receiver of an AIF object is > supposed to react when it does not support the extended model? Is it > safe to simply ignore the Dynamic-* part? (cf. Security Considerations > below). > > # 3. Data Model > > OLD: > > "In CDDL [...] a specification of the data model [...] is:" > > NEW: > > "In CDDL [...] a specification of the data model [...] is shown in Figure > 4." > > ## 5.2. Registries > > Table 4 names the reference to the AIF RFC "[RFCthis]" whereas it is > "RFC XXXX" in the other subsections of Section 5 (including the note > to the RFC Editor). > > # 6. Security Considerations > > I think that the question how to deal with AIF that is not understood > warrants a short discussion here, e.g., motivating the usual > "everything is denied until it is explicitly allowed" should hold here > as well. > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > -- Daniel Migault Ericsson
- [Ace] WGLC for draft-ietf-ace-aif Daniel Migault
- Re: [Ace] WGLC for draft-ietf-ace-aif Olaf Bergmann
- Re: [Ace] WGLC for draft-ietf-ace-aif Daniel Migault
- Re: [Ace] WGLC for draft-ietf-ace-aif Marco Tiloca
- Re: [Ace] WGLC for draft-ietf-ace-aif Carsten Bormann
- Re: [Ace] WGLC for draft-ietf-ace-aif Marco Tiloca