IETF Logo Mail Archive

Re: [netmod] update on "rdns" URN for enterprise YANG models

"Ing-Wher (Helen) Chen" <ichen@kuatrotech.com> Tue, 19 April 2016 16:24 UTC

Return-Path: <ichen@kuatrotech.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB21612DC75 for <netmod@ietfa.amsl.com>; Tue, 19 Apr 2016 09:24:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kuatrotechnology.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwoXPhcZgiZE for <netmod@ietfa.amsl.com>; Tue, 19 Apr 2016 09:24:14 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0688.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe04::688]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70D2412DB22 for <netmod@ietf.org>; Tue, 19 Apr 2016 09:24:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kuatrotechnology.onmicrosoft.com; s=selector1-kuatrotech-com; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FHxaanEfNNJjpl4Nqnf4IdrzJPOTecKrK6X8A8dqnMQ=; b=gckMM2qf9TEM3c5HHNzm/kSLuC2VlqEvj2XYJKJHEGQe55u9uJQnfcr8lomloE4UcMQsbDQzTrrAvMCogZGm0q1HtK8iJqZQrE34grm7rx2P7KRFyEtAoaeUSxYmIhzKPPhDfbXYri5B1fOYcJYZ7gwk7XzYYXgzQGF6oYdx39E=
Received: from DB5PR06MB0950.eurprd06.prod.outlook.com (10.162.158.140) by DB5PR06MB0950.eurprd06.prod.outlook.com (10.162.158.140) with Microsoft SMTP Server (TLS) id 15.1.466.19; Tue, 19 Apr 2016 16:23:52 +0000
Received: from DB5PR06MB0950.eurprd06.prod.outlook.com ([10.162.158.140]) by DB5PR06MB0950.eurprd06.prod.outlook.com ([10.162.158.140]) with mapi id 15.01.0466.022; Tue, 19 Apr 2016 16:23:52 +0000
From: "Ing-Wher (Helen) Chen" <ichen@kuatrotech.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Thread-Topic: [netmod] update on "rdns" URN for enterprise YANG models
Thread-Index: AdGXJqT2atwqDO1sS7m+/GLgZx0D2AABBcaAAAASVyAAEV4yAAC5VLVA
Date: Tue, 19 Apr 2016 16:23:51 +0000
Message-ID: <DB5PR06MB0950D0118D54BCBBF10BEE64D06C0@DB5PR06MB0950.eurprd06.prod.outlook.com>
References: <DB5PR06MB095051F32B9B7264669E6263D0680@DB5PR06MB0950.eurprd06.prod.outlook.com> <20160415152317.GB95324@elstar.local> <DB5PR06MB095009600454D4236CBDED94D0680@DB5PR06MB0950.eurprd06.prod.outlook.com> <20160415234236.GC95761@elstar.local>
In-Reply-To: <20160415234236.GC95761@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: jacobs-university.de; dkim=none (message not signed) header.d=none;jacobs-university.de; dmarc=none action=none header.from=kuatrotech.com;
x-originating-ip: [98.191.72.170]
x-ms-office365-filtering-correlation-id: ab8194a9-b10a-48d1-35ea-08d3686efed0
x-microsoft-exchange-diagnostics: 1; DB5PR06MB0950; 5:nRj0neeI/0N/EUgDccK/b3IaeyD8nAZC7KVspCq7GG/ecbHbBMckdcbKTHQAfoLEvpQQF0w3y0r7MJ0ZSaFdv0Xn4q8ldsTr22ZEBxMoUpcCryXwnnlVcbPnK8BFOtEx4CoHyN/14UgmVA5y5O2wMsPw8JneWiNqP9JsLZlSmfhuQecNOehgHZ0wsIH68WFh; 24:IyPQIJF9U5gF/ip8OWeNl4NGtjwxsnZjMJMucXk+2WlpxhCR63fjvshd/ZNdVjF5Gf1b5OoVhm44YeglsEhgmLvKBfbub6GtMPj8RRMvCmg=; 7:ER0DfdM5EX8nSFC9wuO7vdeP/erIgCmzgeED/xhtx5gxGgUCHZGO585Hp90CEbE7LktxIKL9Gp7m7nCarNzjW/8ZddPSipmpdqrLyd4Rwlg83k1Zwm8pPDQXyXkYyHhY3+RK8lxKApnUm27oGbST0WQuVJ+ifKja45T/XXCPDZZsIS/4jj0jvBihSWYS2e5qPnZW/HIfr/ZGc1JegYZ+siXCtyTiDiQ3MFuVWCAGIro=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR06MB0950;
x-microsoft-antispam-prvs: <DB5PR06MB09508CC3F8DE35A3B88F67D4D06C0@DB5PR06MB0950.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521026)(6040130)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041046)(6043046); SRVR:DB5PR06MB0950; BCL:0; PCL:0; RULEID:; SRVR:DB5PR06MB0950;
x-forefront-prvs: 0917DFAC67
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(24454002)(13464003)(377454003)(3660700001)(81166005)(86362001)(5002640100001)(4326007)(2906002)(3280700002)(74316001)(10400500002)(9686002)(93886004)(2950100001)(10710500007)(7110500001)(189998001)(110136002)(2420400007)(6116002)(66066001)(586003)(5003600100002)(1096002)(33656002)(5004730100002)(15975445007)(122556002)(5008740100001)(92566002)(76176999)(15650500001)(2900100001)(19580395003)(102836003)(1220700001)(54356999)(50986999)(1720100001)(76576001)(11100500001)(77096005)(19580405001)(87936001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR06MB0950; H:DB5PR06MB0950.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: kuatrotech.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2016 16:23:51.9027 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 99314f4e-50ab-4d4e-a9c6-b21b0c887384
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR06MB0950
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/_D4nGuSXXpSpt0pceYRI9fgUULc>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] update on "rdns" URN for enterprise YANG models
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2016 16:24:17 -0000

I'm not an expert on XML namespaces and I'm a little confused by some of
the questions, so I apologize if my response below does not quite answer the
questions.  I'd like to point out that the request for "rdns" URN is not to prevent
the use of URLs. The request for "rdns" URN is to allow an enterprise to easily
create a URN namespace, if the enterprise happens to prefer to use URN as a
YANG module namespace.  I also think that the problems that arise when a
YANG module uses a URN based on an enterprise's domain name are the same
problems that arise when a YANG module uses a URL based on an enterprise's
domain name.  (Of course, this is not an excuse to fix the problems that should
be fixed.)

> -----Original Message-----
> From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-
> university.de]
> Sent: Friday, April 15, 2016 7:43 PM
> To: Ing-Wher (Helen) Chen <ichen@kuatrotech.com>
> Cc: netmod@ietf.org
> Subject: Re: [netmod] update on "rdns" URN for enterprise YANG models
> 
> On Fri, Apr 15, 2016 at 03:53:04PM +0000, Ing-Wher (Helen) Chen wrote:
> 
> > Section 4 of the draft
> > <https://tools.ietf.org/html/draft-chen-rdns-urn-06#section-4>
> > documents why a URN is better than  URL as a namespace.  While a URL
> > is globally unique, a URL is also a resource locator, providing access
> > information.  For an enterprise that does not wish to publish the
> > access information of its YANG models, a URN is a better choice.
> 
> Continuing as devil's advocate...
> 
> The YANG specifications (both 1.0 and 1.1) has a normative reference to
> 
>   https://www.w3.org/TR/2009/REC-xml-names-20091208/
> 
> which states in section 3:
> 
>   [...] The namespace name, to serve its intended purpose, SHOULD
>   have the characteristics of uniqueness and persistence. It is not a
>   goal that it be directly usable for retrieval of a schema (if any
>   exists). Uniform Resource Names [RFC2141] is an example of a syntax
>   that is designed with these goals in mind. However, it should be
>   noted that ordinary URLs can be managed in such a way as to achieve
>   these same goals.
> 
> Do we have evidence that managing ordinary URLs in such a way as to
> achieve these same goals (of uniqueness and persistence) is a problem?
> If so, why does this only apply to YANG modules (only one of many uses of
> XML namespaces)?

I found some XML namespaces that are URLs,
e.g. http://www.w3.org/1999/XSL/Transform , that look like they're centrally
managed and should have uniqueness and persistence characteristics.  There
are also examples of URLs that do not have a centralized authority to manage
URLs and results in URLs not being persistence, e.g. confluence wiki pages create
URLs based on web page titles and so the wiki page URLs can change at random,
even though the page contents don't change.  (However, confluence wiki pages'
URLs are not used as XML namespaces, and so the lack of persistence is not an
issue.)  So, it seems that it's all about how URLs are managed---in particular,
centrally managed URLs can have uniqueness and persistence characteristics.
I think that this type of centralized management might be problematic for
enterprise YANG modules, which have no centralized authority.

> 
> > As required by RFC 3406, Section 3 of the draft, at the bottom of page
> > 5 <https://tools.ietf.org/html/draft-chen-rdns-urn-06#page-5> under
> > "Identifier Persistence Considerations", addresses the question of
> > identifier persistence.  The main concern for "identifier persistence" is in
> the case where an identifier is used for global resolution.
> > Because YANG model namespaces do not provide global resolutions
> > (actually YANG model namespaces are only used to uniquely identify a
> > model within a device), the identifier persistence consideration is
> > not as crucial.  (Please see RFC 3406 top of page 13
> > <https://tools.ietf.org/html/rfc3406#page-13> for the identifier
> > persistence discussion.)
> 
> I am not sure I agree that the scope of a YANG namespace is limited to a
> device. There is nothing that prevents some random device to implement
> some random YANG model. If the org currently owning bar.foo publishes a
> module using urn:rdns:com:foo:bar as a namespace then other orgs can
> implement this module as well if they think this is a good idea.

I'd like to flesh out this example to illustrate what I had in mind when I wrote
that YANG model namespaces are only used to uniquely identify a model within
a device.

Assume that device "R" currently implements/installs YANG module "ospf"
from company "A" which, at time T, owns domain "bar.foo", i.e. company "A's"
"ospf" YANG module's namespace is "urn:rdns:foo:bar:ospf".  At time T+delta,
company "A" gives up "bar.foo" and company B buys "bar.foo".  For whatever
reason, company "B" creates some other module "ospf", i.e. company "B's"
new "ospf" YANG module's namespace is also assigned "urn:rdns:foo:bar:ospf",
though this module presumably has contents different from company "A's"
"ospf" YANG modules.  If device "R" decides to implement module "ospf" from
company "A" and module "ospf" from company "B", then there is a collision on
this device "R".  When a NETCONF client attempts to manage device "R" and uses
"urn:rdns:foo:bar:ospf" to identify an "ospf" module, there is a problem, because
device "R" doesn't know which "urn:rdns:foo:bar:ospf" the client is referring to.
If some other device "Q" only implements one single "ospf" module (regardless
of whether the "ospf" module is from company "A" or from company "B"), then
the namespace "urn:rdns:foo:bar:ospf" identifies the one "ospf" module installed
on device "Q", and there are no ambiguities in the event that a NETCONF client
attempts to reference the module identified by "urn:rdns:foo:bar:ospf" on device "Q".
So, the problem of non-unique YANG module namespaces only manifests within
a device.

> 
> I read:
> 
>      In practice, an administrator consciously installs YANG modules in
>      a device.  Thus, in the unlikely event that there is a collision
>      due to changing domain names, the administrator can detect the
>      collision and rectify the situation by requesting that the
>      offending organization republish its YANG modules with the correct
>      "rdns" URNs.
> 
> Who is the 'administrator' that consciously installs YANG modules in a device
> here? Administrator of what - the namespace or the device? In case you
> mean the administrator of the namespace then what happens in the case
> where this role changes because some other org took over the domain
> name?
> 
> If a module uses urn:rdns:com:foo:bar and I later buy the domain bar.foo
> than do I get change control of the YANG module using this particular
> namespace as a side effect?

By "administrator", I meant the administrator of the device.

Using the example I fleshed out above, where company "A" initially owns
domain "bar.foo" and creates module "ospf" with namespace
"urn:rdns:foo:bar:ospf", but company "B" later purchases domain "bar.foo"
and also creates its own module "ospf" and gives it namespace
"urn:rdns:foo:bar:ospf". 

While it's true that <https://datatracker.ietf.org/doc/draft-chen-rdns-urn/>
allows this situation to occur, this situation only results in a problem in the
case of device "R" above, after device "R" implements both company "A's" "ospf"
module with namespace "urn:rdns:foo:bar:ospf" and company "B's" "ospf"
module also with namespace "urn:rdns:foo:bar:ospf".  Getting device "R" to
implement both modules is not trivial.  It actually requires obtaining both
modules, installing them on device "R", and perhaps even upgrading device "R's"
software to handle the second module.  In other words, I think that the
collision resulting from non-unique namespaces on device "R" is limited within
a device, therefore the solution can also be limited to the administrator detecting
and rectifying the collision.  I also think that this example holds true in the case
where an enterprise chooses to use URLs based on domain names as YANG
module namespaces.

> 
> [...break...]
> 
> Taking a step back, we do have the tension between XML namespaces (that
> are identified by URIs and used in the XML encoding) and 'JSON namespaces'
> identified by module names (and used in the JSON encoding). The former is
> relying on the uniqueness of a URI while the later is relying on the uniqueness
> of the YANG module name. So from this perspective, assuming the YANG
> module name is already sufficiently unique, perhaps the right thing to do is to
> simply use
> 
>    urn:yang:<modulename>
> 
> for all XML namespaces and to essentially get rid of the namespace
> declaration in YANG (which then defaults to urn:yang:<modulename>).

This approach would require registering "yang" URN and also would place
constraints on <modulename>.  These constraints might result in the same
questions that we're struggling with now, with URN/URL based on domain
names that can come and go.

Thanks,
Helen

v2.23.0 | Report a Bug | By Email