IETF Logo Mail Archive

Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00

Balázs Lengyel <balazs.lengyel@ericsson.com> Wed, 23 March 2022 22:22 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 249F03A0932 for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 15:22:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VAp0pqIk5cXg for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 15:22:20 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20600.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD2623A0907 for <netmod@ietf.org>; Wed, 23 Mar 2022 15:22:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hbmsl55mgq2DM5YDiOCdRZw1wn0b8WMLVEdUaynh8Mmhh9snieVSunu4otb+BgOscYgUAbW3i5Grm5X9LiAFEXJXiaNAGFbwjMbPTjQS/apJI5mGf5zQWhsoVF3QnqA3hXkpBNS05NJfrZTKHVuMFOTQkdzFBLFpecqnEIEGVBDNI8abvxeRzxvGZHjGSziobxausJQj3SVuj2X95EIuWAu9C6PZScw8+lv1yllJrsiNfbQIsgCcIYDFWGcDebbJb4xR9EiG7hMNvVqMA5ZF5cHsRdrQD6BGCqPLkEQavsA7b5xMww9iUPI1JPWb7tNQQDeiUCUHpLruWLJ52dvRxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PiNT+EY2XQiJpla+b4l3AebKvJdwWKtDEbrA2TR7fqo=; b=neZns1VW0vHV8Rumcx7Sbh5l/De22ALXGD6FTbcxxYc/W5wSAihP74KsFN7kUljcBaC2MFW9UmGOwv8ksK08A4IjQuvncWHVpbD3thPbu6iXL3DeY2wMZtREHMa6uaZXM4xYYFPy2lF2pOKykywPBk73NJVh0XXpl1myH2q6GU2gkeXI9lCQUHnSknUKedwkFcbS0XAAJxTeA7zdGhgX2Nz+DysyvNN0BfEGrLJ/I70ImqvObv0wMGNnir76daOZjR+Tj+QIizJSY3CpHsIY1s0sMFV5m5/JQaMbODYIy4U/ePCv2WP+JuAx5PnY53pHKpnSBo3d4t5ynrDeX4tNFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PiNT+EY2XQiJpla+b4l3AebKvJdwWKtDEbrA2TR7fqo=; b=pG+o+wPU5NbYW+DP4Yhxr6JgYYc9EknTN1lEU4foT2sI9s36QDxZ3F2ZcGnkbclGljgpaZwTX2kQcFTOXAPtK4IQHrpMWmaprmKE3ByWSenlsZjtqKBZJmyRyXYhnzKf9Hbg3fVDRbj0OXKqzsbfy0wcwu0NIP6nlhy3kqvFf3o=
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com (2603:10a6:800:6b::18) by VI1PR07MB6335.eurprd07.prod.outlook.com (2603:10a6:800:136::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.15; Wed, 23 Mar 2022 22:22:13 +0000
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2]) by VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2%6]) with mapi id 15.20.5102.016; Wed, 23 Mar 2022 22:22:13 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: Kent Watsen <kent+ietf@watsen.net>, Andy Bierman <andy@yumaworks.com>
CC: "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
Thread-Index: AQHYPvIQIDcZg301ck2evcS37rlEr6zNhs6AgAABIqA=
Date: Wed, 23 Mar 2022 22:22:13 +0000
Message-ID: <VI1PR0701MB23513199E93D97C894E18E8AF0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
References: <CABCOCHRqZgCfH0j5XnEt0aK0fwVCaxe_aSHCAZn3jb0QLrDuKw@mail.gmail.com> <0100017fb8d1d211-e9934d83-7ace-4521-ab9f-a73f67a33b8f-000000@email.amazonses.com>
In-Reply-To: <0100017fb8d1d211-e9934d83-7ace-4521-ab9f-a73f67a33b8f-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dbb6de3e-2f7c-4a54-0a55-08da0d1b94c1
x-ms-traffictypediagnostic: VI1PR07MB6335:EE_
x-microsoft-antispam-prvs: <VI1PR07MB63354D7AE51B7948BC1A6F92F0189@VI1PR07MB6335.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vv2vwlhQxjEq0h0OQDLU2Pl0v12DCqvMOV50eHxRNFSMXyC/T+yuoevTm0HO1YEEX8dJJw/g2pxC99bjJeeKfS/3jz1XAAVKCFl4ZRRE7jMpHORp5PTcZhkuqxMKMxQVxo9dfeej+p+uz9xvXp23ktjeuAwcSIN4MN6LbhtHe0ssV3PJ1RkMxge8zufmSFB6BtTGuW3XE0NsUia1FbhHNk5qsfhRNVV/4YwbeMMJ6l5SVFUUZlaE3fQhacjtCu1kGFjYL/fsCAvXELKcU+n97YnosAk7HKpfxBoKl5jdROlkMuFeAksjeQ1m6qt8uvacZQ+tqTIJTGbnIPtQxSLXJyVXrUhBHQqfC9O2fwsz4p0QNOqInLwKBrf9vMvF2U8FgXWSSyIF+2dfhzwnbb4OBqit3m6KZjHVZcTwtZuf8AgpvV+Y65XFkTjEYgxe5rytNATgovr9Nr7AKS7pfM5rCvtsU28VYI+dkKv7RAnpKuybKn5mJ8owuo2WbDmvzG9wGITC7N+bPoew2Nxg7+YjhAi/Z0XKeYjW8obBZLndjSTg2qpss6L2MCyx9DNO1yIuTeWSULRxRzGL1M3FvWtmDzkeK2mvWFZ04r7VvTfbARkCMIF+uIjXMbOC25GDXpT/7GXaO22oerrbE96c922qGsao5T2zo/eZkOYX+fB8ycYRF68ycqaALmw83Kh4Y/hE8fMdTprf7+XObzz3LmeaYHgGtokMZ4oOW8gbeC4ZFGEj7wAgkpVltT7WlPdkQOx5jiS7wIlO4A2etiEMv1O9mepVpI8oliuc196NKZ8M0Hg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2351.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38070700005)(83380400001)(316002)(38100700002)(55016003)(110136005)(6506007)(7696005)(71200400001)(33656002)(966005)(53546011)(9686003)(508600001)(76116006)(5660300002)(52536014)(66446008)(66556008)(66476007)(4326008)(166002)(66946007)(64756008)(2906002)(82960400001)(8676002)(122000001)(86362001)(8936002)(26005)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2lW7djF14BzvifNJPsGi+g6iJS395iQj5dojkj02qPx4p8jPa8JI3T3egr99Dv4ncrWfCjhOcEUYrgQH1G2+9uiBOfoLg/Zj7pKd5bWSTQXJS1WvB6y12ftWpsLfRqqlDMibPaBturco3sDUaNgBPX2s94/OvKRHGnFrhA1aJo7tAp5cOt4D0gEdLJBatd8NltuL190YyEPu4HJVc09EMANrXN0vZzjxwBNembrQU6D4evcDnk9m2x0szpouXH4t1XfeEcCcN2H2VR+qqZ3G/h2QCNlgIVd5qlpI1XBgwhbGYadFJ6Bvyz0NPUaC2i6opjKKS/4Va+9jZqzJmGI7foz6yg6nkz1IANpbAE8wjmq6kmdCDENZvy+8/Y8QNv1fjsFVy+W0oC2sSThQEnL+MtxZ2Tfgjxz0bhSJ4iw9zzfODq5KnpIdL5NQN3xJN6HDsczyZf8+yvRAtkEl0GaK/zgO/Xa/S6+qs5IyCXwcWPBkab2PdIUu8rzwhrfWrAhzFATU1TQxe0kI9Ztiq+cZAdpikfsjQ/DTEVTd5oLM+tXE6ZclmyQVhYAkxo7D7uxtOvyoi9WRnYDotCD6+TLu/aYxf7yaaNxIUP4Y77IqvzLFwvS5mWjBd7DqZIEfD/pChABC4kyBYtpv7e1vftvQ6D4yyo1RSBLyaiuvoEymXzwXT/9Sw3Q0BkT9IdsIsnVsrOwD3VJwe9/7UvRKB0MgfCpdU+ol5eGwXVZOKgPkCsONCVNk7V8wMCKE8qrfncAnRWSi7n7ma+f4J5AqTHpvt1YVLnHJJKRDy3m1yAtCaE1HYf5eYcg1lo2b41LWvEBozigo6+ErGxX5pMXSa/ozYiDuv4KYFwncQNiH8hHLER4mGhCeto3Kn8VAek+KE7ncdIPf21C4GMQ6CJdfPABPWk44AgUHPMBl0QQiL460hfoOvZGPTHMiCmiJot0PzyXuTpbnoiZoH67nNfUURbuuMiluc0N49qToexdDDsCsx79luJelTmYwKFMWWq5EEfIAjw1o6ov01jtrlwH86QbDphIcR5FBrmLYkBNZLW6CtPAR0M1V6FbaqjS8+vH4kMZxp8RSYuhf85PuIK7v/1RpHrj3nH0wsVKhTqsl3IxgZFIw1ICHAD6Bjh56wVpPvE5iC07j4T2j00kIcCKmUKgWgrji+vP/mzYim72JJiBMtCzfj5Np6oWtQJ9nRjLG+B3kZfhS5T0yHsv8DsVl4miSlfJJ9k0Dcc67z5Oupeck2w9LDyDWSFMNg9N588JOBNrX9PzvHRqkEvpgasrsIq7V4Ecpp39bxxgAXqxeV2cvAE2HNSuSuqTJbA+7B3n7syaIeaHN8DuUMbLsmp11qf6z0ACqLD0zDxv9na1PpNTLo1GQNODtj4ioyhyK3JkAbkjMEOH2QiXzt269NulIuZ/jWvulwRvwBVANjA2S3nRucNDU+BY0N665IAEyReFbS8awRy5gm1u/e0CwD56NamdlGw==
Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB23513199E93D97C894E18E8AF0189VI1PR0701MB2351_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR0701MB2351.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dbb6de3e-2f7c-4a54-0a55-08da0d1b94c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 22:22:13.3397 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /JtGPjNT4qPtesS+TERKhIXsa6Zs/2HffLMS212RBDD1wKR+PhjVErgh51YqucK8f2/kauXZq33bElfHnXiWEXRdE8ZvlhWo9afvv6n68Bg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB6335
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/v6hz0Gv-lV3RCrjnqOoBINZmZ70>
Subject: Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 22:22:25 -0000

Hello Kent, Andy,
I see more problems with an access control based immutable solution.
- user-dependency as Kent mentioned
- it is always possible to insert a new rule(set) at the beginning of the NACM list that overrides other rules. We would need to ensure that these rules stay the first
- there is a need to protect the access control rules protecting immutable data nodes; then rules to protect the rules that protect the rules that protect ...
- access control can be switched off
- access control does not work for emergency sessions
- access control rules that reference different part of the systems are MUCH more difficult to understand than a yang-extension statement immutable. Especially if you have an access control list with many (hundreds of) rules
Regards Balazs

From: netmod <netmod-bounces@ietf.org> On Behalf Of Kent Watsen
Sent: Wednesday, 23 March, 2022 23:07
To: Andy Bierman <andy@yumaworks.com>
Cc: netmod@ietf.org
Subject: Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00

Hi Andy,

The draft allows individual data instance nodes (e.g., in a list) to be flagged as immutable:



   The following terms are defined in this document:



   immutable:  A metadata annotation indicating the immutability of a

      data node.  An immutable data node is read-only to clients.  Note

      that "immutable" is used to annotate instances of YANG data nodes

      rather than schema nodes.  For instance, a "list" data node may

      exist in multiple instances in the data tree, "immutable" can

      annotate some of the instances as read-only, while others are not.


If it were not for that, then an access-control refinement seems appropriate, because then it would have to be user-specific, whereas this draft enables user-independant immutability.

As for *why* this draft enables individual data instance nodes to be flagged as immutable (a question asked in other recent review comments), please note that this work came out of the "with-system" work after a number of folks (myself included) noted that the concept was independent of a <system> datastore.  For instance, I defined a similar mechanism in a past life to handle objects published from a host-system to logical-systems (LNEs).

The most common example for such a need is with interfaces, e.g., the host-system publishes "eth-3.1.2" to a logical-system, where it is unable to delete it (whereas it is deletable in the host-system's config).  That said (playing devil's advocate), I wonder if, in this example, the interfaces, when published to a logical-system, should be published to the <system> datastore (because they're effectively a system-defined resource then, from the LNE's POV) and hence pickup their immutability that way.

Kent // contributor

On Mar 23, 2022, at 4:09 PM, Andy Bierman <andy@yumaworks.com<mailto:andy@yumaworks.com>> wrote:

Hi,

IMO the problem should be viewed as a refinement to the
access control policy of the device.  A standard mechanism
such as a YANG extension would be better than a growing
mix of proprietary solutions.

We have such a YANG extension called "user-write" that is widely deployed.
A simple boolean is not fine enough granularity, so a bits type is
needed instead to allow control of create, update, and delete access operations.


https://www.yumaworks.com/pub/latest/yangauto/yumapro-yangauto-guide.html#ncx-user-write<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-876c03f0bc610d95&q=1&e=6f7b65a8-ff22-4196-88eb-2eef36f59178&u=https%3A%2F%2Fwww.yumaworks.com%2Fpub%2Flatest%2Fyangauto%2Fyumapro-yangauto-guide.html%23ncx-user-write>


Andy

_______________________________________________
netmod mailing list
netmod@ietf.org<mailto:netmod@ietf.org>
https://www.ietf.org/mailman/listinfo/netmod

v2.23.0 | Report a Bug | By Email