IETF Logo Mail Archive

Re: [Netconf] WG LC for draft-ietf-netconf-rfc6536bis

Mahesh Jethanandani <mjethanandani@gmail.com> Tue, 16 May 2017 21:06 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 065E612ECAB for <netconf@ietfa.amsl.com>; Tue, 16 May 2017 14:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJp2Sl6Y5bHd for <netconf@ietfa.amsl.com>; Tue, 16 May 2017 14:06:54 -0700 (PDT)
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFD9612EB70 for <netconf@ietf.org>; Tue, 16 May 2017 14:02:05 -0700 (PDT)
Received: by mail-oi0-x232.google.com with SMTP id h4so41310032oib.3 for <netconf@ietf.org>; Tue, 16 May 2017 14:02:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1lhtwL2M5D8FnXiROHe2J4tR/codmyBdn6Cgvmnbp38=; b=blBqiYpQKgG6LJQjCfj31KPHpJXKtciDZXhNCM9kVxQ8MDPH5zNhWE3E16uD7zOIqL acy4tYIFdwZE52Tx3Z1CciGXH2RMMCk368MdKykuu3yKqs/UhzGO6SNyqfcGOmN6c3sk gtA0gPG8LD5LIT3K1PT3mbcGkY9fIQ5o4cHHmtVIDagFyAddLH/l82R91wxZFJptGD7L UGgBxUjdPszfz5HhYGdQ69IKID6sy+l1Wl7wEpOQXWUY5xUrpqd/stWKo/GpB9oOH1g6 s8Igr3L9qkEfhqsndCowdwqPa5/FAoMatOyi3TyRetMZS477khtPLtzkc1DloC0yEt+j COfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1lhtwL2M5D8FnXiROHe2J4tR/codmyBdn6Cgvmnbp38=; b=Ia7qENABpOG+j49gDXXFs+9EvDqu52Ujo8tfmavA+M+yAQUzDEMmJFR149fFhgiQJh D4xGvaE6B0/BTd6217JlkQld/2XSbC6EhJcyU70RbTKY3NvQJfPsMJpjfORxtGZ4KJDB XkY534Nd4jkcPCBCqvaaK4oP2RPiX2h9v1yACMvjmOmLOOCYb90glbfgMTCnh+IuDxvm M75iPBtn5jdl7+hSOSxhq2fLt3YKEoxuJhgAJy1OEWtyY0lkNGeD63iG6Nox1Re2DgLp 25iqoqENxJoz8JNcJrZqErh3nM/hhnUxfaqD4aaeESrJYU2NTnZYdsp5GNdCOHpzudw+ BK7Q==
X-Gm-Message-State: AODbwcA6pYUKzAMq7Lm0lK3+s1dP7R04Rmcmn9W1b9S2KbbExVZu163g JcDhSkUO6lYf9SZI0yw=
X-Received: by 10.202.52.214 with SMTP id b205mr3363234oia.133.1494968525172; Tue, 16 May 2017 14:02:05 -0700 (PDT)
Received: from ?IPv6:2001:420:30d:1320:506f:9f6c:a55d:4752? ([2001:420:30d:1320:506f:9f6c:a55d:4752]) by smtp.gmail.com with ESMTPSA id z74sm202765oia.2.2017.05.16.14.02.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 16 May 2017 14:02:03 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Mahesh Jethanandani <mjethanandani@gmail.com>
In-Reply-To: <20170510064608.GA14838@elstar.local>
Date: Tue, 16 May 2017 14:02:04 -0700
Cc: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Netconf <netconf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <04623446-36C5-4ABE-81C3-9E6B1F0BC39A@gmail.com>
References: <CABCOCHT9fNKHn=qgFsQ0mznByArCpqsAz4m4jjjPE7M243UjeA@mail.gmail.com> <644DA50AFA8C314EA9BDDAC83BD38A2E0DF9584C@SJCEML701-CHM.china.huawei.com> <CABCOCHRgaTpxXJ0nOgbHx4Hbz6FgfTahN3T2OedfC6gnbnAN0A@mail.gmail.com> <20170509.145030.58029732242199759.mbj@tail-f.com> <20170510064608.GA14838@elstar.local>
To: Martin Bjorklund <mbj@tail-f.com>, Andy Bierman <andy@yumaworks.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/wv0P1YSVpXWQF0apE6vG7fBwSq0>
Subject: Re: [Netconf] WG LC for draft-ietf-netconf-rfc6536bis
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 21:06:57 -0000

Having reviewed all the e-mails, I believe that there are few issues that need to be resolved before we send the draft for publication. We need to agree on the language, even if we do have the exact text in the draft.

To begin with, do the authors have a response to the suggestions from Juergen prompted by the question from Alex? Are we leaving the NACM definition of any future datastores to the datastore draft, or are we saying NACM applies to all datastores?

To the point that Andy raised earlier, we need to have texts around datastores that provide more than CRUDX capabilities, including any protocol operations, e.g. priority, as something that is out of scope of this document.

NETCONF WG has moved to redefine its charter beyond NETCONF and RESTCONF. Therefore there is a real possibility of another protocol being discussed in the WG. Is there something in the NACM draft that restricts it to NETCONF/RESTCONF that other protocols cannot adopt? If so, can they be called out?

Thanks.

> On May 9, 2017, at 11:46 PM, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> 
> On Tue, May 09, 2017 at 02:50:30PM +0200, Martin Bjorklund wrote:
>> Andy Bierman <andy@yumaworks.com> wrote:
>>> On Thu, May 4, 2017 at 11:21 AM, Alexander Clemm <alexander.clemm@huawei.com
>>>> wrote:
>>> 
>>>> As mentioned in my message, I don’t think specific access control will be
>>>> needed (I am not aware of specific use cases), but specifically with the
>>>> revised datastore architecture about to the be introduced, its impact or
>>>> nonimpact and interrelation with NACM should be discussed.  This can be as
>>>> simple as a small paragraph or subsection “Revised Datastore
>>>> Considerations”.
>>>> 
>>>> 
>>>> 
>>> 
>>> there is no text about candidate vs. running vs. startup.
>>> The NACM rules apply to all of them the same.
>>> I could add text that says there is no consideration for specific
>>> datastores.
>> 
>> Actually, the document already says:
>> 
>> 3.2.  Datastore Access
>> 
>>   The same access control rules apply to all datastores, for example,
>>   the candidate configuration datastore or the running configuration
>>   datastore.
>> 
>>   Only the standard NETCONF datastores (candidate, running, and
>>   startup) are controlled by NACM.
>> 
>> 
>> Somehow this needs to be updated when the revised datastore work is
>> done.  E.g., I expect read access to intended to follow the same NACM
>> rules.
>> 
> 
> Yes. NACM likely also applies to the <operational/> datastore (but
> this follows already from the text that talks about 'state data').
> 
> My question, however, was about other future yet to be defined
> 'dynamic' datastores - does NACM make a statement of the form 'once an
> implementation announces NACM, NACM applies to all datastores - no
> exceptions' or do we leave it to the definition of future datastores
> to declare whether NACM applies to it. There may be three possible
> solutions:
> 
> a) Once an implementation supports NACM, NACM applies to all
>   datastores (including any datastores defined in the future).
> 
> b) Once an implementation supports NACM, NACM applies to all
>   conventional datastores and the operational state datastore.  Other
>   datastores must define whether NACM applies to them.
> 
>   (This means, whenever a new datastore is introduced, the question
>   whether NACM applies has to answered for the new datastore.)
> 
> c) Once an implementation supports NACM, NACM applies to all current
>   and future datastore unless explicitely stated or signaled that
>   NACM does not apply to a certain future datastore.
> 
>   (This is essentially b) but with a default that NACM applies unless
>   things are explicitly regulated to be different.)
> 
> I just thought it is worth to take a moment to think about this
> question.
> 
> /js
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> 
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf

Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email