IETF Logo Mail Archive

Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00

Kent Watsen <kent+ietf@watsen.net> Wed, 23 March 2022 22:07 UTC

Return-Path: <0100017fb8d1d211-e9934d83-7ace-4521-ab9f-a73f67a33b8f-000000@amazonses.watsen.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 185FA3A07B2 for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 15:07:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V_yP9B8CSrVk for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 15:07:14 -0700 (PDT)
Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D2013A07AE for <netmod@ietf.org>; Wed, 23 Mar 2022 15:07:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1648073233; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=GPdIHQMYVvIQRRqWPFhSVq72P/1nHeHxho4h2LkSuUw=; b=QILUkkcqyCbwXjE8UE3tazReQGboCUxjlCgVlywoh6YUkkdqmm5sH3FONlZo0Mc5 SiQYQJ2hDOY4sTWlxCULKmpE3aA1LVVbPGvyrQ3lWMaIRzqA47aqq/oqa3xFkp0H3h9 NNDvzZ89Z8i9MR+V85tni9/0RFGg5o/Krtskyock=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100017fb8d1d211-e9934d83-7ace-4521-ab9f-a73f67a33b8f-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C9FF96C1-882A-484A-B251-EF79598580FE"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
Date: Wed, 23 Mar 2022 22:07:13 +0000
In-Reply-To: <CABCOCHRqZgCfH0j5XnEt0aK0fwVCaxe_aSHCAZn3jb0QLrDuKw@mail.gmail.com>
Cc: "netmod@ietf.org" <netmod@ietf.org>
To: Andy Bierman <andy@yumaworks.com>
References: <CABCOCHRqZgCfH0j5XnEt0aK0fwVCaxe_aSHCAZn3jb0QLrDuKw@mail.gmail.com>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2022.03.23-54.240.8.96
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/VaYIgEbKnWD_GL3BOMSRMS6iz8U>
Subject: Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 22:07:19 -0000

Hi Andy,

The draft allows individual data instance nodes (e.g., in a list) to be flagged as immutable:


   The following terms are defined in this document:

   immutable:  A metadata annotation indicating the immutability of a
      data node.  An immutable data node is read-only to clients.  Note
      that "immutable" is used to annotate instances of YANG data nodes
      rather than schema nodes.  For instance, a "list" data node may
      exist in multiple instances in the data tree, "immutable" can
      annotate some of the instances as read-only, while others are not.


If it were not for that, then an access-control refinement seems appropriate, because then it would have to be user-specific, whereas this draft enables user-independant immutability.

As for *why* this draft enables individual data instance nodes to be flagged as immutable (a question asked in other recent review comments), please note that this work came out of the "with-system" work after a number of folks (myself included) noted that the concept was independent of a <system> datastore.  For instance, I defined a similar mechanism in a past life to handle objects published from a host-system to logical-systems (LNEs).  

The most common example for such a need is with interfaces, e.g., the host-system publishes "eth-3.1.2" to a logical-system, where it is unable to delete it (whereas it is deletable in the host-system's config).  That said (playing devil's advocate), I wonder if, in this example, the interfaces, when published to a logical-system, should be published to the <system> datastore (because they're effectively a system-defined resource then, from the LNE's POV) and hence pickup their immutability that way.

Kent // contributor


> On Mar 23, 2022, at 4:09 PM, Andy Bierman <andy@yumaworks.com> wrote:
> 
> Hi,
> 
> IMO the problem should be viewed as a refinement to the
> access control policy of the device.  A standard mechanism
> such as a YANG extension would be better than a growing
> mix of proprietary solutions.
> 
> We have such a YANG extension called "user-write" that is widely deployed.
> A simple boolean is not fine enough granularity, so a bits type is
> needed instead to allow control of create, update, and delete access operations.
> 
> 
> https://www.yumaworks.com/pub/latest/yangauto/yumapro-yangauto-guide.html#ncx-user-write <https://www.yumaworks.com/pub/latest/yangauto/yumapro-yangauto-guide.html#ncx-user-write>
> 
> 
> Andy
> 
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

v2.8.7 | Report a Bug | By Email