IETF Logo Mail Archive

Re: [lmap] AD evaluation: draft-ietf-lmap-information-model-16

Alissa Cooper <alissa@cooperw.in> Wed, 25 January 2017 15:52 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: lmap@ietfa.amsl.com
Delivered-To: lmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 002441299B9 for <lmap@ietfa.amsl.com>; Wed, 25 Jan 2017 07:52:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=w5/ytcfF; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=YP79UrS1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KwI4BeI0QGvD for <lmap@ietfa.amsl.com>; Wed, 25 Jan 2017 07:52:11 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F7FC12984C for <lmap@ietf.org>; Wed, 25 Jan 2017 07:52:11 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id AB7E92098E; Wed, 25 Jan 2017 10:52:09 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 25 Jan 2017 10:52:09 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=JcAgmFat8DwVyVlsZhik5G8U470=; b=w5/ytc fFk0q6UHy0zeUkX+krf/9MwDJ+UPWiQtRMs7BOdyVdLBkooO9SMOaXzoGDVwqJb1 /ST1dtMtMpMA/bjM0gpawRE2QN3AYmKC81i69TFmtUAfAqw1IaJfW2E/juMvisnt A8P85M62qWM/t36YBMxdH1sXLAu9k1UBnKS68=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=smtpout; bh=JcAgmFat8DwVyV lsZhik5G8U470=; b=YP79UrS1DRJ5Kf7zTcFFJxY4wqcKcZsh6c68VALIvjOg7W NpDgMwVQl/HY7ZpytE72DU+JVVK4UJJor+8o6LxgSR+Nxmc8+z9ilSg1+jYxS1vT 7xzDIwUVzhC2tHmZq6FytdA1N9CzixRRgZDeAF0fu05Hd5j0NHBhDA8ZaS+JE=
X-ME-Sender: <xms:qcmIWNqcxAYNBoHGeEjO2ERPZtqNnwBLEM3hEKI4ScBr5wJ1jtr5jw>
X-Sasl-enc: 6owyE2ANE4b6anbXJCrS3ZTrBclOAqEeVyuTkRAcw4nC 1485359529
Received: from dhcp-10-150-9-181.cisco.com (unknown [173.38.117.80]) by mail.messagingengine.com (Postfix) with ESMTPA id 35ADE7E2B0; Wed, 25 Jan 2017 10:52:09 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_04E6EF42-AEC1-472F-B7A4-D5BEAE0C5C4C"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <20170124160720.GB36955@elstar.local>
Date: Wed, 25 Jan 2017 10:52:08 -0500
Message-Id: <31441568-4107-4D08-9D7C-99C6A71F0FE0@cooperw.in>
References: <2CB94EA6-A5F9-4770-9E76-0C7E8676E9CF@cooperw.in> <20170124160720.GB36955@elstar.local>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lmap/KSZJerQEwAEK9-682Y_43WtDExA>
Cc: lmap@ietf.org
Subject: Re: [lmap] AD evaluation: draft-ietf-lmap-information-model-16
X-BeenThere: lmap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Large Scale Measurement of Access network Performance <lmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lmap>, <mailto:lmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lmap/>
List-Post: <mailto:lmap@ietf.org>
List-Help: <mailto:lmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lmap>, <mailto:lmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2017 15:52:14 -0000

Hi Juergen,

Responses below. I trimmed out areas that don’t need a response.

> On Jan 24, 2017, at 11:07 AM, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> 
> Alissa,
> 
> thanks for your review - much appreciated. Some of the questions
> indeed touch on the question 'what needs to be dealt with in an
> information model and what can be left out', which I think has no
> clear answer. Please see my response inline...
> 
> On Mon, Jan 23, 2017 at 02:22:25PM -0500, Alissa Cooper wrote:
> 
>> = Section 3.2 =
>> 
>> I think it would be good to provide some guidance about how NOT to construct a group ID. E.g., I would assume putting sensitive information like "low-income neighborhood" or similar in the group ID would be ill-advised, because even within the single administrative domain where MAs are communicating with Controllers and Collectors, there may be people who are authorized to process the measurement data but not know that level of detail about which kind of group a device/connection belongs to. In that kind of case a mapping between an opaque identifier in the group ID and more contextual information on the Controller/Collector back-end would be wise. I think the draft would benefit from some explanation of that here or in Section 6 with a cross-reference back to here.
> 
> I agree. And I think this is not only relevant for group IDs but equally
> applies to tags or other names that can be freely choosen. What about this
> at the end of the Security Considerations:
> 
>   [...] In addition, users of this Information Model are
>   advised to choose identifiers for Group IDs, tags or names of
>   information model objects (e.g., configured tasks, schedules or
>   actions) that do not reveal any sensitive information to people
>   authorized to process measurement results but who are not authorized
>   to know details about the Measurement Agents that were used to
>   perform the measurement.

Sounds good. 

> 
>> = Section 3.5.2 =
>> 
>> What would be the cause for defining different versions of the same task? Also, since the two different versions would have the same name (presumably), I think you need to state of the expected scope of uniqueness of the task name.
>> 
> 
> Names of objects are generally assumed to be unique within an MA.

I think it’s worth saying that explicitly.

> 
> The version here is essentially used to be able to distinguish
> different versions of an implementation of a given metric. I might
> have MAs with an old version of a metric implementation with specific
> bugs and I might have MAs with a new version of a metric
> implementation with different kind of bugs.

Is there a reason that level of detail is needed on a metric-by-metric basis, as opposed to just using a software version number for the implementation as a whole?

> 
>> = Section 3.5.3 =
>> 
>> Why does this object need both an agent ID and a device ID? Is the device ID here expected to be the same as the one that gets pre-configured on the device? What is an MA supposed to put in the device-id field defined here if there was no device ID pre-configured (since in pre-configuration it's an optional field)?
> 
> We could make the ma-status-device-id optional to be consistent.

That sounds better but I still think you need to justify it being there, even as optional. Up to this point I thought the device ID was used potentially to generate an agent ID during configuration, but after that it seems to create unnecessary risk to include it in status reports.

> 
> 
>> = Section 3.9 and 3.9.1 =
>> 
>> "Both measurement and non-measurement
>>   Tasks have registry entries to enable the MA to uniquely identify the
>>   Task it should execute and retrieve the schema for any parameters
>>   that may be passed to the Task.
>>   ...
>> A configured task can be referenced by its name and it
>>   contains a set of URIs to link to registry entries or a local
>>   specification of the task.
>>   ...
>> ma-task-functions:        A possibly empty unordered set of registry
>>                             entries identifying the functions of the
>>                             configured task."
>> 
>> I have a couple of questions about this:
>> 
>> (1) Are there any registries being defined for non-measurement tasks, or is this just indicating that such registries could be created? I think it would help to clarify since there is obviously the metrics registry for measurement tasks.
> 
> Creating an LMAP task registry was briefly discussed on the mailing
> list but so far no concrete proposal has been written. I think the
> definition in section 3.9 is actually fine since it does not refer
> explicitely to the IPPM metrics registry.

I think it would help if it said "Both measurement and non-measurement Tasks may have registry entries …."


> 
>> (2) I don't understand "or a local specification of the task." Is that local specification supposed to be represented with a local URI, the same as other registry objects? Or if not, is ma-task-functions not properly defined, since it's possible to reference something other than a registry entry there?
> 
> The set of referenced regristry entry entries can be empty. The phrase
> 'or a local specification of the task' is indeed confusing. What is
> meant here is a task that is essentially well-known by its name. For
> example, there is a task called 'traceroute' or 'iperf' and I expect
> it to do a traceroute or to run iperf measurements. Perhaps the text
> should be changed to read:
> 
>   A configured task can be referenced by its name and it
>   contains a possibly empty set of URIs to link to registry entries.

That would help, yes.

> 
>> = Section 3.10.1 =
>> 
>> I don't understand why ma-registry-role is defined here. In draft-ietf-ippm-metric-registry, the role is part of the registry entry, so by specifying the URI, one should know which role is the appropriate one for that entry. 
>> 
> 
> An entry in the metrics registry may define multiple roles. The
> ma-registry-role selects which of these roles are instantiated.

Got it, ok.

> 
>> Nits and minor comments:
> 
>> = Section 3 =
>> 
>> (1) s/(from a measurement to reporting or communicating with the Controller)/(including measurements or reporting or communicating with the Controller)/
> 
> fixed
> 
>> (2) It seems a bit odd that Action first appears in Figure 1 but is not included in the enumerated list of objects above it.
> 
> I agree - Actions came in later and it still shows. I will see what I
> can do to reword this. What about this:
> 
>> (3) "Every Action contained in a Schedule is defined as a Task. ... Tasks can implement a variety of different types of Actions." I think this will be confusing to readers because it's circular. It sounds like all Actions are Tasks but Tasks are comprised of Actions; I think the abstraction needs to be explained better, and made consistent. See also sections 3.3 and 3.7: "An Action is a Task with additional specific parameters." I think it would be better to define what an Action is once at its earliest use.
> 
> What about this (right below Figure 1):
> 
>   The primary function of an MA is to execute Schedules.  A Schedule,
>   which is triggered by an Event, executes a number of Actions.  An
>   Action refers to a Configured Task and it may feed results to a
>   Destination Schedule.  Both, Actions and Configured Tasks can provide
>   parameters, represented as Action Options and Task Options.

Some minor tweaks:

The primary function of an MA is to execute Schedules.  A Schedule,
  which is triggered by an Event, executes a number of Actions.  An
  Action is a Configured Task and it may feed results to a
  Destination Schedule.  Both Actions and Configured Tasks can provide
  parameters, represented as Action Options and Task Options.

> 
>> = Section 3.6.2 =
>> 
>> I think it would be good to provide a short explanation in the text as to why RFC 3339 format is not being used for ma-report-result-cycle-number.
> 
> The point is that the cycle-number is a fixed-point _number_.

Ok, fair enough.

> 
> To address the questions (above) concerning the semantics of several
> base types we have used, I think it makes sense to add the following
> to section 2:
> 
>   The object definitions use a couple of base types that are defined as
>   follows:
> 
>   int         A type representing signed or unsigned integer numbers.
>               This information model does not define a precision nor
>               does it make a distinction between signed and unsigned
>               number ranges.  This type is also used to represent
>               enumerations.
> 
>   boolean     A type representing a boolean value.
> 
>   string      A type representing a human-readable strings consisting
>               of a (possibly restricted) subset of Unicode and ISO/IEC
> 	       10646 [ISO.10646] characters.

s/strings/string/

> 
>   datetime    A type representing a date and time using the Gregorian
>               calendar.  The datetime format MUST conform to RFC 3339
>               [RFC3339].
> 
>   uuid        A type representing Universally Unique IDentifier (UUID(
>               as defined in RFC 4122 [RFC4122].  The UUID values are
>               expected to be unique within an installation of a large-
>               scale measurement system.
> 
>   uri         A type representing a Uniform Resource Identifier as
>               defined in STD 66 [RFC3986].
> 
>   ip-address  A type representing an IP address.  This type supports
>               both IPv4 and IPv6 addresses.
> 
>   counter     A non-negative integer that monotonically increases.
> 	       Counters may have discontinuities and they are not
> 	       expected to persist across restarts.
> 
>   credentials An opaque type representing credentials needed by a
>               cryptographic mechanism to security communication.  

s/security/secure/

Thanks,
Alissa

v2.23.0 | Report a Bug | By Email