Re: [Ace] Murray Kucherawy's No Objection on draft-ietf-ace-aif-06: (with COMMENT)

Carsten Bormann <cabo@tzi.org> Thu, 10 March 2022 09:39 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BD643A137C; Thu, 10 Mar 2022 01:39:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LoHLVWemC25R; Thu, 10 Mar 2022 01:39:06 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A36163A1381; Thu, 10 Mar 2022 01:39:03 -0800 (PST)
Received: from [192.168.217.118] (p5089ad4f.dip0.t-ipconnect.de [80.137.173.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4KDkXg4222zDChX; Thu, 10 Mar 2022 10:38:59 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <164688568088.27232.4089968005470600699@ietfa.amsl.com>
Date: Thu, 10 Mar 2022 10:38:59 +0100
Cc: The IESG <iesg@ietf.org>, Loganaden Velvindron <loganaden@gmail.com>, ace-chairs@ietf.org, draft-ietf-ace-aif@ietf.org, ace@ietf.org
X-Mao-Original-Outgoing-Id: 668597938.9828531-3e804c5ee79514ffe1bb6660c8bfdf65
Content-Transfer-Encoding: quoted-printable
Message-Id: <0382818A-C756-4084-B033-A1F99FA91277@tzi.org>
References: <164688568088.27232.4089968005470600699@ietfa.amsl.com>
To: Murray Kucherawy <superuser@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/iiXawVY73jFN2RitOlN_bndUZss>
Subject: Re: [Ace] Murray Kucherawy's No Objection on draft-ietf-ace-aif-06: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 09:39:11 -0000

Hi Murray,

thank you for this review.

I’m currently collecting updates into https://github.com/cabo/ace-aif until the ID submission opens again.


> On 2022-03-10, at 05:14, Murray Kucherawy via Datatracker <noreply@ietf.org> wrote:
> 
> Murray Kucherawy has entered the following ballot position for
> draft-ietf-ace-aif-06: No Objection
[…]
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> The shepherd writeup […]

I’ll leave that part to shepherd and AD.

(As an author, I always wonder how active my role in generating this writeup should be.
Clearly, it is more useful if it has a strictly independent perspective.
But that is maybe a different discussion.)

> The Abstract seems to suggest very broad application.  Should there be a
> sentence in there that indicates the context of the work (specifically, ACE)?

I don’t think the areas of application of this format are limited to the ACE protocols.

(The intention, of course, also isn’t to push out all other authorization models in the IETF…
I was hoping that should be obvious, but that is also why the title is 
“**An** Authorization Information Format (AIF) for ACE”.)

> In Section 5.1, "Required Parameters" shouldn't be "none", but rather "N/A";
> see Section 5.6 of RFC 6838 for more information.

Fixed in https://github.com/cabo/ace-aif/commit/0f53118

> The second paragraph of Section 6 (about default-deny) strikes me as something
> that should really be up in Section 2 or Section 3; it's something fundamental
> and ought to be called out up front.

That is indeed the more correct way of doing this.

I put a copy of that paragraph right as the second paragraph of Section 2 (Information Model).
I’m not quite sure whether the redundancy of saying that again in Section 6 would be worse than not saying it again would be; I removed the copy in Section 6 though.

Fixed in https://github.com/cabo/ace-aif/commit/21f3afe

Grüße, Carsten