Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?

"M. Ranganathan" <mranga@gmail.com> Fri, 03 November 2017 17:03 UTC

Return-Path: <mranga@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 598D513FEFA for <netmod@ietfa.amsl.com>; Fri, 3 Nov 2017 10:03:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACkjcHlGz4Mf for <netmod@ietfa.amsl.com>; Fri, 3 Nov 2017 10:03:53 -0700 (PDT)
Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA3AD13FAED for <netmod@ietf.org>; Fri, 3 Nov 2017 10:03:52 -0700 (PDT)
Received: by mail-ot0-x233.google.com with SMTP id h37so3180873otd.3 for <netmod@ietf.org>; Fri, 03 Nov 2017 10:03:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VAjuImoD1OxKN69TV5PXGmE66jw+dccNg/F9bxnY4+Y=; b=h9mVtXumuThjTGJIjInoYjNwKvb+8W3mFx1cF1pRjFM5YbxqCzNFOyV5wYqy1sm9sj C4gkKZPvCJjL6MVHqREFZel7g8x+NmlWz6w5Z4xCWKsFQktfscOBrJfH0KYx9JBu2vHo LmKpbA1WvjSYEbAp/fcYL1b/vDyXO/fn/F4msHv523YVkEZetPyQ+0PX6xVdIJlRYb59 4iZED2G77VgwWpft+X9r9I6O1ha8X5C8a9CPNrOvvA56CNA9+KP85ruX1PYnFHEkz3nh 2znjdL5/Ax+9Y/F8hPFMM9tbnpt1F+NpHE1dEOZ8rpWxX6Rd4iDtBeM+3oQi0R960xdv iKTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VAjuImoD1OxKN69TV5PXGmE66jw+dccNg/F9bxnY4+Y=; b=KVsuYNfZYRtrJZ5g2P6vpGexz3Jfii4zjQCc+wBmeIwmNREDxxE0qyQlItMaSZ1Zt1 9lUrKd3QdOIVLu1TqwoXQuh6jnQS8XcEO0Elg4FCKEFMt2YjZVjfb8IYjviNvHXix/qm fCJyuhrZqN3ppTq/LTtCshUq4ZBOKqp4mAUJAbJ7Tf9Ioh4n9L8BpR8OAPKDVqik/HMe G1FQovmo9ZRM9GCp9XUutXOPtpZNjQtjNU7Jxd1ByMzogLw+BjFpWPHJicp7OY9iqXJF dHsHlLNGQ362OUWQlSeBy99vbvpgoJoS+WKDfI/S5Q28+q7liwHsNtGg6zqd5uMHHap/ mMCw==
X-Gm-Message-State: AJaThX42I494HA1EwWDI7GlcG/FGMJCE72TGBPG/bTdI+sibhDuNd5ri Aa1xcj5udtrdKNAQC4hsVCMJxdnQcwu/HTUa1TU=
X-Google-Smtp-Source: ABhQp+QJVvGKlF1dFllbCNBcf0j6yx6JohhTU/QYAB+S64CrUhw9eYZnp7dIhb7h3HcX2B2Q42Jv4sDbsTJliI1PSmU=
X-Received: by 10.157.33.79 with SMTP id l15mr5697299otd.124.1509728631996; Fri, 03 Nov 2017 10:03:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.7.133 with HTTP; Fri, 3 Nov 2017 10:03:11 -0700 (PDT)
In-Reply-To: <AA1B1076-E9E7-4A80-834B-05E01B386E1D@gmail.com>
References: <CAHiu4JPKNE6eL=P6TSb1NCMGpFvcX4BxTWFRcDR+BDQN9kWj2Q@mail.gmail.com> <6B80D720-C62B-444E-A0D0-E4839F5483D2@gmail.com> <CAHiu4JP2RTamZnfvwimPMAo+03vVn9y2gO+5z=R0DxUzwMOEHg@mail.gmail.com> <a5f545bf-1f1e-188b-be03-eed1fb321e03@cisco.com> <CAHiu4JPAAmBybnjaKO8AGnHaW4nwVXy2Q3QYn0QJSatmPVK=mQ@mail.gmail.com> <AA1B1076-E9E7-4A80-834B-05E01B386E1D@gmail.com>
From: "M. Ranganathan" <mranga@gmail.com>
Date: Fri, 3 Nov 2017 13:03:11 -0400
Message-ID: <CAHiu4JMTnz4LiC9Lmzv5LYPNqWPuGxB7TXDGFg5V97KbhE_mWA@mail.gmail.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
Cc: Robert Wilton <rwilton@cisco.com>, netmod@ietf.org
Content-Type: multipart/alternative; boundary="001a11428ea4d14680055d17162b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/OEFOI2567luuSSw0h8TSAWo2oQo>
Subject: Re: [netmod] ietf-access-control-list@2017-10-03.yang : Can access-lists use a grouping?
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 17:03:55 -0000

Hello Mahesh,

On Thu, Nov 2, 2017 at 11:36 PM, Mahesh Jethanandani <
mjethanandani@gmail.com> wrote:

>
> On Nov 2, 2017, at 11:34 PM, M. Ranganathan <mranga@gmail.com> wrote:
>
> Hi Rob, Mahesh,
>
> Thanks for reading.
>
> On Thu, Nov 2, 2017 at 11:00 AM, Robert Wilton <rwilton@cisco.com> wrote:
>
>> Hi Ranga,
>>
>> Presumably another choice would to keep ACLs defined in one place (i.e.
>> no grouping required), augment with ACL model with your extra MUD + other
>> mgmt data, and then have a reference to that ACL from your model.
>>
>> Thanks,
>> Rob
>>
>
>  In the case of MUD ( which is just a use case driving this need ), there
> are local references from MUD to the ACL. MUD itself augments the ACL
> model.
>
> Augmentation would make (logical and design) sense if you were adding
> nodes that are in some way related to the ACL itself.
>
> If I wanted to Augment ACL with something that is not directly ACL
> relevant then Augmentation makes less sense to me from a design perspective
> (lets say I wanted to define a new YANG model that includes the ACL with
> some other system-relavant meta-data that has nothing to do with ACLs but
> is needed by the system in order to install an ACL).
>
>
> Can you give an example? Would you be for example using the match
> container(s) in the ACL draft, but not use the actions container?
>
>
>

I would need to be able to use all of the containers.

For example, I want to define a YANG model  and auto-generate code in
opendaylight that will accept a JSON structure such as the following

{
 "extension-info" : {
      "auxiliary-information" : "https://some.domain.com/foo";
     "ietf-access-control-list:access-lists": {

          "acl-name": "some-acl-name",
           "acl-type": "ipv4-acl",
           .....

       }

     }
}

Ideally, I don't want to modify the ACL model for this purpose.

Thanks,

Regards,

Ranga.


>
>> _______________________________________________
>> netmod mailing listnetmod@ietf.orghttps://www.ietf.org/mailman/listinfo/netmod
>>
>>
> Mahesh Jethanandani
> mjethanandani@gmail.com
>
>


-- 
M. Ranganathan