Re: [Ace] Artart last call review of draft-ietf-ace-aif-05
Carsten Bormann <cabo@tzi.org> Thu, 03 March 2022 12:02 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id AF14E3A0063;
Thu, 3 Mar 2022 04:02:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PFXFLGoCh35z; Thu, 3 Mar 2022 04:02:36 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de
[IPv6:2001:638:708:32::15])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 118A83A040B;
Thu, 3 Mar 2022 04:02:30 -0800 (PST)
Received: from [192.168.217.118] (p5089ad4f.dip0.t-ipconnect.de
[80.137.173.79])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4K8V3Q4jh0zDChX;
Thu, 3 Mar 2022 13:02:26 +0100 (CET)
Content-Type: text/plain;
charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <164555618912.17476.10903961003636458894@ietfa.amsl.com>
Date: Thu, 3 Mar 2022 13:02:26 +0100
Cc: art@ietf.org, ace@ietf.org, draft-ietf-ace-aif.all@ietf.org,
last-call@ietf.org
X-Mao-Original-Outgoing-Id: 668001746.276696-5f39263f4bb7f2e29ce21dfd133e765f
Content-Transfer-Encoding: quoted-printable
Message-Id: <1CE3BCD4-DD4B-4ECB-86F0-23CCBF6B72E6@tzi.org>
References: <164555618912.17476.10903961003636458894@ietfa.amsl.com>
To: Marco Tiloca <marco.tiloca@ri.se>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/mIG4LAn_6-mdM-KbJR-oULikSy0>
Subject: Re: [Ace] Artart last call review of draft-ietf-ace-aif-05
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments
\(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>,
<mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>,
<mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 12:02:40 -0000
Hi Marco, thank you for this very actionable review! Changes are in https://github.com/cabo/ace-aif/pull/7 (and in https://github.com/cabo/ace-aif/pull/5, see below). I plan to wait for comments on these PRs and then to submit an updated I-D. On 2022-02-22, at 19:56, Marco Tiloca via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Marco Tiloca > Review result: Ready with Nits > > Thanks for this good document! Please, find below a few minor comments. > > Best, > /Marco > > [Section 2.2] > > * The first paragraph has the only occurrence of "AIF object". I suppose that's > what you call "list of pairs" in Section 2, right before Figure 1. > > If so, it may help to define "AIF object" there in Section 2, or to rather > replace it with something like "list of (Toid, Tperm) pairs" here in Section > 2.2. Indeed, the term “AIF Object” may be confusing to people used to the JSON terminology, where “Object” refers to a map. Replaced it with “AIF data item”, as already used in two other places. > * In the second paragraph, an access is possibly subject to conditions, not > dictating them. Thus, shouldn't the right word be "conditionalized" rather than > "conditionalizing" ? > > [Section 3] Well, it is the information model that further conditionalizes here. Simplified this to >> This simple information model also does not allow expressing >> conditionalized access based on state outside the identification of >> objects (e.g., "opening a door is allowed if that is not locked"). > > * s/e.g., 35 for Dynamic-DELETE/e.g., 35 would be the number for Dynamic-DELETE Well, 35 actually *is* the number for Dynamic-DELETE. Now: been for X, plus a Dynamic-Offset chosen as 32 (e.g., 35 is the number for Dynamic-DELETE as the number for DELETE is 3). > [Sections 4, 5.1 and 5.2] > > * In Section 4 and later on when registering the two media-types in Section > 5.1, "local-uri" is used as default value for the Toid parameter. > > However, the new sub-registry defined in Section 5.2 (and where Toid values > have to be taken from) is populated with an entry with value "local-part". > Shouldn't they all indicate the same value? Yes, Klaus Hartke noticed this, too, PR #5. > Also, perhaps it is better to name it "URI-local-part". Good idea, added to PR #5. > > [Section 5.2] > > * Suggested rephrasing: > > For both media-types application/aif+cbor and application/aif+json, IANA is > requested to create a sub-registry within [IANA.media-type-sub-parameters] > for the two media-type parameters Toid and Tperm, populated with: s/both/the/, otherwise changed as proposed > > [Section 6] > > * The first bullet point has the only occurrence of "AIF information". Perhaps > this is another name for what you called "AIF object" in Section 2.2? (see > previous comment for similar considerations) Went to “AIF data item” again. > * The second bullet point says: "and that all parties understand Toid/Tperm > pairs to signify the same operations." > > Suggested rephrasing: "and that all parties have the same understanding of > each Toid/Tperm pair in terms of specified resources and operations on those" Nice! Changed. I changed “resources” to “objects (resources)”, because the objects of the access control matrix don’t actually need to be resources. > [Nits] > > * Section 1.1 > --- s/This memo uses terms from [RFC7252]/This specification uses terms from > CoAP [RFC7252] Good idea. I also expanded the Internet Security Glossary. > > * Section 2.2 > --- s/, however,/. However, > > * Section 6 > --- s/and provides (2) any/and (2) provides any > Thank you! Grüße, Carsten
- [Ace] Artart last call review of draft-ietf-ace-a… Marco Tiloca via Datatracker
- Re: [Ace] Artart last call review of draft-ietf-a… Carsten Bormann
- Re: [Ace] Artart last call review of draft-ietf-a… Marco Tiloca