[Jmap] Orie Steele's Discuss on draft-ietf-jmap-sharing-07: (with DISCUSS and COMMENT)
Orie Steele via Datatracker <noreply@ietf.org> Mon, 08 April 2024 23:15 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: jmap@ietf.org
Delivered-To: jmap@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A4F18C14F605; Mon, 8 Apr 2024 16:15:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Orie Steele via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-jmap-sharing@ietf.org, jmap-chairs@ietf.org, jmap@ietf.org, brong@fastmailteam.com, arnt.gulbrandsen@icann.org, arnt.gulbrandsen@icann.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.9.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Orie Steele <orie@transmute.industries>
Message-ID: <171261811964.2420.13803806575481214175@ietfa.amsl.com>
Date: Mon, 08 Apr 2024 16:15:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/Anyag342ifsZKh9UiJ5M7TxoGFI>
Subject: [Jmap] Orie Steele's Discuss on draft-ietf-jmap-sharing-07: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.39
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 23:15:19 -0000
Orie Steele has entered the following ballot position for draft-ietf-jmap-sharing-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-jmap-sharing/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- # Orie Steele, ART AD, comments for draft-ietf-jmap-sharing-07 CC @OR13 https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-jmap-sharing-07.txt&submitcheck=True Thanks to the authors for this document, and to Arnt Gulbrandsen for the shepherd write up. ## Discuss ``` 243 * *id*: Id (immutable; server-set) 244 The id of the principal. 245 * *type*: String 246 This MUST be one of the following values: 247 - individual: This represents a single person. 248 - group: This represents a group of people. 249 - resource: This represents some resource, e.g., a projector. 250 - location: This represents a location. 251 - other: This represents some other undefined principal. 252 * *name*: String ``` The repeated '*' make this section difficult to read, I initially assumed this syntax indicated the field is not optional. After reviewing RFC8620, it seems to simply be a "bolding" / "emphasis" effect. This section (and similar ones) contain many instances of "String" which is defined in https://datatracker.ietf.org/doc/html/rfc8620#section-1.1 As has been discussed on the list regarding a related document: https://mailarchive.ietf.org/arch/msg/jmap/nEumbk7DKcV6AOg6q-7yD_qetU0/ Unicode / i18n processing of these fields is possibly non trivial... The document would be greatly improved by a section commenting on what kinds of JSON Strings / UTF-8 strings must remain supported. Examples in an appendix demonstrating interesting edge cases / unicode characters might help. ``` 310 * *accountIds*: String[] 311 A list of account ids. The Principal matches if any of the ids in 312 this list are keys in the Principal's "accounts" property (i.e., 313 if any of the account ids belong to the principal). ``` Should this not be Id[] ? Is full UTF-8 equality check expected here? ``` 354 The server MAY limit the maximum number of notifications it will 355 store for a user. When the limit is reached, any new notification 356 will cause the previously oldest notification to be automatically 357 deleted. ``` Why not SHOULD or MUST? What happens if there is no limit? ``` 359 The server MAY coalesce notifications if appropriate, or remove 360 notifications that it deems are no longer relevant or after a certain 361 period of time. The server SHOULD automatically destroy a 362 notification about an object if the user subscribes to that object. ``` Why not MUST? Should 362 say "unsubscribes" ? ``` 439 * *objectAccountId*: String 440 The objectAccountId value must be identical to the given value to 441 match the condition. ``` Should this be `*objectAccountId*: Id` ? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ## Comments ``` 173 The server MAY reject the user's attempt to subscribe to some 174 resources even if they have permission to access them, e.g., a 175 calendar representing a location. ``` Can this be strengthened to a SHOULD with clear conditions for when the server MUST allow subscription? ``` 177 A user may query the set of Principals they have access to with 178 "Principal/query" (see Section 2.4). The Principal object may then 179 provide Account objects if the user has permission to access data for 180 that principal, even if they are not yet subscribed. ``` Can this be strengthened with normative language? For example: The Principle object MUST contain / provide when... The Principle object MUST NOT contain / provide when... ``` 295 However, the server may reject this change, and probably will reject 296 any other change, with a forbidden SetError. Managing principals is 297 likely tied to a directory service or some other vendor-specific 298 solution, and may occur out-of-band, or via an additional capability 299 defined elsewhere. ``` Can this language be strengthened? For example: When the server rejects updates it MUST use a SetError of type forbidden as described in Section 5.3 of RFC8620. ``` 314 * *email*: String 315 Looks for the text in the email property. ``` I suggest a stronger reference for IDNA compatible email identifiers. There are many combinations of unicode characters that will not result in a valid email address. Consider: https://datatracker.ietf.org/doc/html/rfc6531 If this field is not required to be a well formed email (possibly one build of an IDNA), perhaps note that directly. ``` 318 * *text* String 319 Looks for the text in the name, email, and description properties. ``` The use of the word text is slightly misleading here without inclusion of the charset, since strictly speaking this is filtering on octets (encoding some UTF-8 string), correct? Thanks to Yaron Sheffer for his comments to this effect in the SEC DIR review. ``` 347 The server SHOULD create a ShareNotification whenever the user's 348 permissions change on an object. It SHOULD NOT create a notification 349 for permission changes to a group principal, even if the user is in 350 the group. ``` Why not MUST? The way this is written, an implementation could easily decide to reverse these recommendations. ``` 614 5. Security Considerations ``` Please consider adding security considerations regarding deceptive use of unicode characters, perhaps drawing from previous work, for example from: https://datatracker.ietf.org/doc/html/rfc5894#section-1.4 """ The introduction of the larger repertoire of characters potentially makes the set of misspellings larger, especially given that in some cases the same appearance, for example on a business card, might visually match several Unicode code points or several sequences of code points. """ ``` 639 The set of principals within a shared environment SHOULD be strictly 640 controlled. If adding a new principal is open to the public, risks 641 include: ``` Why not MUST? Is consent from existing principles required or recommended when adding new principles? ## Nits ``` 536 "u12345678": { 537 "name": "jane.doe@example.com" 538 "isPersonal": true 539 "isReadOnly": false 540 "accountCapabilities": { 541 "urn:com.example:jmap:todo": {}, 542 "urn:ietf:params:jmap:principals:owner": { 543 accountIdForPrincipal: "u33084183", 544 principalId: "P105aga511jaa" 545 } 546 } 547 } ``` This example is malformed JSON. accountIdForPrincipal and principalId are missing quotes, and the there is no indication of elision, consider starting with { ... "u12345678": ... } Its also strange that "name" is an email in this example, consider an interesting unicode example like: "Voß" or some user chosen string that includes emojis (just make sure they are black or white).
- [Jmap] Orie Steele's Discuss on draft-ietf-jmap-s… Orie Steele via Datatracker
- Re: [Jmap] Orie Steele's Discuss on draft-ietf-jm… Neil Jenkins
- Re: [Jmap] Orie Steele's Discuss on draft-ietf-jm… Orie Steele
- Re: [Jmap] Orie Steele's Discuss on draft-ietf-jm… Neil Jenkins