[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4

Chris Inacio <inacio@cert.org> Thu, 25 July 2024 06:13 UTC

Return-Path: <inacio@cert.org>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED648C18DBAD for <nfsv4@ietfa.amsl.com>; Wed, 24 Jul 2024 23:13:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kP3fwDk4bmdr for <nfsv4@ietfa.amsl.com>; Wed, 24 Jul 2024 23:13:35 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0064.outbound.protection.office365.us [23.103.209.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B9FFC1840E0 for <nfsv4@ietf.org>; Wed, 24 Jul 2024 23:13:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=1gDKHFTzFixZ7He9qzabS+bV7wm6liSsFO46A8dmwNBInGiDT/86olwT6TAv8yxr/UEGAbO8q8Wj1Uj6jKYJcCnnPaMoVIr9H75nE6IyvmA+6P88K9itSepzMviTCk2s1/ZEPtbWz18A2U4+Wwjtwlg92KlqQRXlmCxehSYjLEAuQR2Skp4JPs49h+8IcHvxrcy4ZpOD7R0X9JOin/mQ8Dj/av9hn7B2uoLUY6D3iRXzhTFkdxX2ug9ZnSbfFdk2cVBV1cTe7uigO6keNqXni0RiKBsRzTc16wrDC7Us8DtHagOiQLew58MGXuy8j3R4mnbo6g8IhBbR+edFWbGDRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y2Z5M/TNI7rn7CyaO0Ld/InienZ9fqqUTlSdjc2mrr8=; b=RN8M6dCPE10Afq3JstYNVfoSoaqalj8gw8e4mT77EUYFxb5tsR3ZndVmUCCtYegSc9IeZIimDGArwKqkFY7Zcjq2KLRNIqwISg5RkA+QyUSqVnhDhVpFLQUYHZj/OHa8g32BwWM6u6BsGvXFTlqUDQLETV4HrFI7wI67OU58StgVP4Qo+ChQ4w78Lw6NWrjgstoQYUnzY1sbUWIT4sCFcBpMTzb+dhyniClnh0hZuqz3m4BAZivRqM7b4gVFySW5BC290jdOEZqb5xJ7K71OSC2l9h1AYhuViXeBK3iHMpdX4ReT9zek4CMBUbJ693Q7YmVzbYhMU0LT7hvpq26Cyg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y2Z5M/TNI7rn7CyaO0Ld/InienZ9fqqUTlSdjc2mrr8=; b=agvPP/0DxpC4MDyCqYpg3m2sHll30zXzzarXaXFRLWkgsy9rS2DaKHyX+Vst6uIVI6FbWkllVG9CGtvnwpXsdzTmbhJwBaa5Y/AXSRPao9RkEN5DLNVZse+Ko7ZnhnATEiMrKDqzLQiOyPQPlR9OtNOu57gDZeDhHbopdJsw6os=
Received: from SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:172::5) by SA1P110MB1784.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:1ab::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.20; Thu, 25 Jul 2024 06:13:31 +0000
Received: from SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM ([fe80::8aff:57ad:83e3:4567]) by SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM ([fe80::8aff:57ad:83e3:4567%7]) with mapi id 15.20.7784.017; Thu, 25 Jul 2024 06:13:31 +0000
From: Chris Inacio <inacio@cert.org>
To: Chuck Lever III <chuck.lever@oracle.com>
Thread-Topic: [nfsv4] Our different approaches to draft POSIX ACL support in NFSv4
Thread-Index: AQHa3doYhCA9qeJOrUWLiTYshzp/2bIGRfgAgACnAIA=
Date: Thu, 25 Jul 2024 06:13:31 +0000
Message-ID: <7E5AF217-C170-443A-8BFA-BF120FD1BF93@cert.org>
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com> <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com> <53DAEF45-2A4D-4066-97C2-7B09018DE99B@oracle.com> <CAM5tNy6a4ZG90i2ugXzuPqQ1zrsK9m8jLRKmv9VpnFG6m_Pqew@mail.gmail.com> <DD250FBD-A434-4294-818A-5728757CE032@oracle.com> <d1c538065728c17df66a6f9e79e55d90849fc866.camel@gmail.com> <D352FEB9-A487-4B3E-9BC8-DB2C1896F941@oracle.com> <8efc39289ecef97624622cfc431f890736b579a0.camel@hammerspace.com> <33FA1D6E-73B3-43A1-B65C-D806156E39A5@oracle.com> <cf8a48e517210512755455dd78352ae5b64f7949.camel@hammerspace.com> <449AF448-1471-47CD-B5C5-3A3A5FB9FB12@oracle.com> <2e32694382df3e70a93edcf40434a41729031e55.camel@hammerspace.com> <83c39a7b12c05b0f1a0fa6e069b08e399864277a.camel@hammerspace.com> <CADaq8jfw1FVH3dxOEJAZLrw_S5y2F6eaGkcfpha4X8BBNWgRSQ@mail.gmail.com> <6903782a95875541489844e33541114f0bf01acb.camel@hammerspace.com> <CADaq8jdFYo_DtRxS3h17dyQSFqXeoR60OjsjMM=o35HDg8ZnNg@mail.gmail.com> <111D8D84-CFA9-4823-A5FD-A7B58045356C@oracle.com> <46897779-93DF-4A33-90A7-94AD55CD76E1@cert.org>
In-Reply-To: <46897779-93DF-4A33-90A7-94AD55CD76E1@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.600.62)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1P110MB0975:EE_|SA1P110MB1784:EE_
x-ms-office365-filtering-correlation-id: f641e8b5-6b7d-4067-5f94-08dcac70e81f
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|366016|41320700013|1800799024|38070700018;
x-microsoft-antispam-message-info: yZGOpbNFx7x7dAFMk2dGhIRHJJrQ1qvq2HxBtZ9TPIxNWXnneOKchFD6R+3a8Gfm+b9S1beBhBp9lRvY7r2Z7G090ny+WlV7txlTW6Bo0uV7atmmUBVVWr84cXOcppcT5FivPXMY1TLZs88w3RoD4Ly8yh+Thp17neE6pXte13wS0qw4gVHkY0jpVr9JNZWgNlUV2rxH5NWxaaX1YIbW7jqaKiOo4eGgYPdZngIxGBAULn73RUfc3Thl61gNWfSsJdRDzsrXBw1BrlwLhhOLckRkXeHowElHLsFwzcTpW7fC6Ab4ETt8gYC6X5muGKBS2IS56IdmTtaz5WbVqnSdl04CihQDXE8aMAZyXSsjPUbZLVB/KfVzB20DD2IrgXiLBYHqYn7aK+SZJHslm/60FkdN/t5K/0a0b91M26b9WDTfkVm5yGhYI7FFNQWJYFyvjxhh5PfNGJWhTApNYdkoF5BPUXyxr7sRt8s5EK8629CvP1BSBGkdjyOBKrtBH9kKCxEzERXQ5F382LhoRNy5oXahEg082q6xN07MA8kPPzC3jPZkM1gtGggL4YGx+fEKichZcOvARbEYzw0l80qB1W8yRx9ZZddG+y1x74uftD0ISxSZWKH/aZE1Zpcl+s/2SWZuCF2uaL0FyRNSIPPBimbPzfFcY/q7cCbOuKon+fCw2MvFHubLzXKitcRkiwt4zCxloZ8nRa1+ZVeohGqiZ1xJPVuZg86yz55CLnW98ELyycIQCboxvhxpVPDxdOl8PfODKHhdS5V9kbvFbbtbDUAz/9DOLWCU+Vv2HN2w0el8d+jUcPYDSmehw4FJtX2CCzboOiiwXTJlinssJTsNV4Cf9KbRx/a0DZ1Ijui8Z4B9bSjBUyEJ4ayW2kGFFAWjD7S2F2GtC2znZq1VecYm2IFtuBxmjc0f5/peL7bcd9rmTZpSB+3EOu+0oxS4CbLRBCko1LGYVpZLCQLLS/wtCmD9b6P2iRLUAzTHHC66Dok3V2ClPeCABtS5fxzu7KbpaCfYS3d2+d9zPgXqgOuQ9oHz1l2BSsZx4q8aXCNhk4Xg0prfVYVWipDFbFMdjiq1a51XImGivOS6s/mAfHcFYnL1MAXVjpqJLD2qaUEJSQ0WELqBDZBcEMwP4Zz1pGcLVAfjE890ZZWv+scU7ZG16eezjepayudvWLW3LESWYP9ZEV3gLrl7f13muaIoWXmN1LgJr83CgtpjqszBw/Pchn3wOenRcZJGASry5mYPn1uH85Sy4EZP3O00sFHKk/KABdY1WvWUe0zTArSszgHFv7Cvkdbsm7sIO4fEhpENqPfMjGOq+67AzUUyAJlYyQp1AYGR8/+81eqZW/NaarLqf1exOBNQo6TZ6xNqEjwF2YmWH41H1wBW3oy1dQN6CCWA4F5OmWSIru73nkqkyg9wUA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(366016)(41320700013)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Zd8x/0xINcjArCoy0KD5YczYMBJ6MUyRvM2b3skXo7cv7X1OJq9vh4FK1tAeUKR6k/ZI/+D/eO1Fd2FfCarKFMDf0aZe6ftKmo6EzoP8FaMVFakao4LIFuX2JnFCz4NlJMOG50aWwmNrd7MeBcM/J7ffJ6hcDkrPHm4Cb+eF5ovMWwl2bNwL1VHpGlUr6wBhRcReCkn/o4+IJjBgYViM7tElAEhZguFQ75bx6yoeyMfEDSM6DLGyCVwfbVNpUi21X7tziM4fVm4C8jGQj/iBgEIpu9rTg03BFsg+t/EBcLdIEVKnmH6ilgcAqcLkO6nZVGkcuKYwHbCdWx3mV4T9su6YVHiokI0oixFrZfIbAQIdoTT1rzwgQ0sGuxeknXkYNVKI9+wN9V6QEoa0paOyPN5iqaw4Fvfx/e7f+Fre2RNhPkDFBS4uq2IApofzzsQLawAm2EZwwXHdrtCh4ZNiQCTTVRMeBRTr9EHXDi1Q+iDTApmHHEyiaHkaoWbUPX9EQxCzKXXNd3c3g5LSIbnw9kkbTNk6S8x1um3PPcZJYm9C9kEMpzN0LLPt7IR+Debz/ovX1XwJbXsg5MBnkKyPm9e1bs/gtAQKZzJweMxpBvZ4dJD6Go+PPXWuid0z+14RzdCKXwdby9N+MQyjMC+AFaNG82Jzl99qapt60e9E7khaUvL4w3kMoUEEhAZ4obLF4zMMgdj+RVnmJxIgCSbPwPSDktvmdA7ot6W+jV5AEZICFF5OaIxAtrcwpXUwUgbAVBT45xOfTek3KCXjBNokUINq/ndQUS+econqAspRbAAnngd4LxFvX7zKR7HFLLotL9J5F5LVXDAs7KcDG1YsKL850oik2Fnljl5vgcK0In5Ssptdu2EYW03yfQIQ7ALxUr33j92Y3fETQKwo/aoNNYSarmWrUCUKWnAflF0xqz5mDoQf6/xJ3JkYxMJ/b/UmFFILXNgjK4Bbt5JRLFH4dstwCFy2Zyp4iG6peSw531d3qonfEf7IEd8oiRUatFFejgkkdGywuXo3DztKN8uQuCO3pei9PiOwKzHpoMrujHEceFYgPw+hEqMAfyGuZ2X5bxf61A6R/j0byyAeVxUjhjLTGsyoO4OoSLIXaV0mUxTmBUu7wVyCAPL+bR93Gx6fQW2gK5+uBoLxa5dRz3rxkIiLg0NRyddbfj8/gR8toNVJEsYkSuBPkN9Ma19UetGM7J4ORlt307q3gkNWQTp6v2LdL6iKtvD0g9xlI6UQaB17elsHVSHzxMce7Cnv8ZfmzczqPR36k8jL5WMocXXAcg5M8jWwSlL+aykUJK1Mn9OxbI7P8dRAUEjfwZxFwZCV8muj649gDwnm2sKhecQ+YIcHq3tScN0q9bSwWbWWImyI2tIr7b1t4P9lnpkFXsOGwrJIlPirkniGEKEzerweafalxLFJFbI1fPZ0A/zO+cyPFL/RV7Cnl9it4Gj23Vloo73lLfW5akEGwtkTLooXfDclMiIWqF0EG+hBy8Yf9v+LLYo16NWfWR/Uxgv/1B+7
Content-Type: text/plain; charset="utf-8"
Content-ID: <D195CC07914F4B48BE9432E92B55ACC5@NAMP110.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f641e8b5-6b7d-4067-5f94-08dcac70e81f
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2024 06:13:31.0194 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1P110MB1784
Message-ID-Hash: U57RMRH6MEW26XIWGEP46IB4CATGPWPW
X-Message-ID-Hash: U57RMRH6MEW26XIWGEP46IB4CATGPWPW
X-MailFrom: inacio@cert.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Trond Myklebust <trondmy@hammerspace.com>, Bruce Fields <bfields@fieldses.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/B8tx0LExcBQluP61ye2g9Q5t8KM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

All,

IETF counsel said that at this point we should just continue developing the protocol however we see fit.  During the preparation of the draft, any IPR holders should make (as always) any declarations.

Right now, the counsel does not think that an informational draft is worth the effort.  That any issues should be able to be handled without too much complication as we progress a draft.

That said, he’s reviewing the entire email thread and may provide me with updated guidance after reviewing the thread.

Regards,
Chris


> On Jul 24, 2024, at 12:37 PM, Chris Inacio <inacio@cert.org> wrote:
> 
> Warning: External Sender - do not click links or open attachments unless you recognize the sender and know the content is safe.
> 
> 
> I’ll be consulting with IETF legal this afternoon on how to do this.  In the most general case, the IETF participation rules put the onerous on the IP owner to make a declaration.  After a declaration is made, then the WG can know what that declaration covers.
> 
> Again, I’ll be consulting the IETF lawyers this afternoon to get guidance on this.
> 
> 
>> On Jul 24, 2024, at 7:59 AM, Chuck Lever III <chuck.lever@oracle.com> wrote:
>> 
>> Warning: External Sender - do not click links or open attachments unless you recognize the sender and know the content is safe.
>> 
>> 
>> Hi -
>> 
>>> On Jul 24, 2024, at 8:43 AM, David Noveck <davenoveck@gmail.com> wrote:
>>> 
>>> Rick has discussed the possibility of a v4.2 extension but using new attributes has not committed to writing it up.   I'm worried that he might lose interest given the possibility of IP horrors, but I really don't know. From my point of view, the weakness in Rick's approach is that it does not address migration and coexistence issues.  I think that is essential given the history here but many files with ACLs exist on file systems and I think it's important to address the issues of how the existing model and a new one will interact.
>> 
>> Hence my concern about how POSIX ACLs might appear to clients
>> that access them via NFSv3's NFSACL versus how they might
>> appear to clients that access them via a putative NFSv4 POSIX
>> ACL facility. NFSv3 remains a widely-deployed protocol and I
>> believe users would be surprised if there were compatibility
>> issues.
>> 
>> If there are no issues here, great! If there are, IMO new
>> documents should help implementers and users understand and
>> cope with any differences.
>> 
>> Given that you believe "it's important to address the issues
>> of how the existing model and the new one interact" I hope
>> you will provide some guidance in this area in acls-0? or
>> follow-on documents. :-)
>> 
>> 
>> --
>> Chuck Lever
>> 
>> 
> 
> _______________________________________________
> nfsv4 mailing list -- nfsv4@ietf.org
> To unsubscribe send an email to nfsv4-leave@ietf.org