[nfsv4] updated comments re draft-ietf-nfsv4-lfs-registry-00
David Noveck <davenoveck@gmail.com> Sun, 31 August 2014 14:37 UTC
Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3DE71A8996 for <nfsv4@ietfa.amsl.com>; Sun, 31 Aug 2014 07:37:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMXHHinbKv2E for <nfsv4@ietfa.amsl.com>; Sun, 31 Aug 2014 07:37:03 -0700 (PDT)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA29C1A0369 for <nfsv4@ietf.org>; Sun, 31 Aug 2014 07:37:02 -0700 (PDT)
Received: by mail-ob0-f180.google.com with SMTP id m8so3156279obr.39 for <nfsv4@ietf.org>; Sun, 31 Aug 2014 07:37:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=LwzasvpciUmGJBPLtRxuNJGAR3oKu0r9RiULl1uvqk0=; b=x9n2VQwh4cFbYK6UWzyZcglpenXKoCtzu6+flYwACsoVpGsrj88/BbQTiacOEXr8gh HY8Fx1KEruev0Z+1W3ena0hEpWeJO0Y6+zFFFrtWvjWSZER1gDj4dSrTD/vv3KImInWE HehtGZ+sjmchuuPA9gpRYmm5t0p9tRF9RVxz/jk2PnLbDY/+BWxLW78N/gE+nb4HhUmr vu4Q1g/8/iTAlbUIsK1i8YLwSTmpnUssO9+ihB1vTTOjzCGWwdftfi7kvXz7RjIyLjW4 yxh0DAY+uRG0ICabRTcANvl8w5P8u6S3w0RvxMokgkIhSWNlT5g8aMGnT+IpPRUTHBMv tD1w==
MIME-Version: 1.0
X-Received: by 10.182.80.33 with SMTP id o1mr850372obx.78.1409495822369; Sun, 31 Aug 2014 07:37:02 -0700 (PDT)
Received: by 10.182.66.11 with HTTP; Sun, 31 Aug 2014 07:37:02 -0700 (PDT)
Date: Sun, 31 Aug 2014 10:37:02 -0400
Message-ID: <CADaq8jc=pQTdD68w-ghGigXBDEVZWBcQoh7pG3-V4RX5WvQ=TA@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
To: Thomas Haynes <thomas.haynes@primarydata.com>, dpquigl@davequigley.com, jarret.lu@oracle.com
Content-Type: multipart/alternative; boundary="047d7b2e4402ce0b420501edd1d5"
Archived-At: http://mailarchive.ietf.org/arch/msg/nfsv4/_Ja3DU2C1HrzYZmeaG5EIlqn_zw
Cc: "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: [nfsv4] updated comments re draft-ietf-nfsv4-lfs-registry-00
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Aug 2014 14:37:05 -0000
*Supersedes previous version (gmail sent it before it was ready).* Here's my stab at an abstract of the document as I understood its intent. You can adopt it, in whole or in part, if it works for you. In the past Mandatory Access Control (MAC) systems have used particular rigidly-specified policies which were implemented in particular protocols and platforms. As MAC systems become more widely deployed, additional flexibility in mechanism and policy will be required. While traditional trusted systems implemented Multi-Level Security (MLS) and integrity models, modern systems have expanded to include technologies such as type enforcement. Due to the wide range of policies and mechanisms which need to be accommodated, it is unlikely that use of a single security label format and model will be viable. To allow multiple MAC mechanisms and label formats to co-exist in a network, this document proposes a registry of label format specifications. This registry would contain label format identifiers and would provide for the association of each such identifier with a corresponding extensive document document outlining the exact syntax and use of the particular label format. With regard to the second paragraph of section 1, I don't think you are harsh enough about the complexity. It is not enough to say the complexity is "unneeded". I'd say it is actively harmful. How about the following: One solution might be to define a single label format which consists of the union of the requirements of all MAC models/implementations, known at a given time. This approach is not desirable because it introduces an environment where many MAC models would either have blank fields for many of the label's components or where many implementations would ignore many of values that are present altogether. The resulting complexity would be likely to result in a confusing situation in which the interaction of fields that that derive from different MAC models is never clearly specified and the addition of new models or extension of existing models is unduly difficult. An additional consideration is that if a policy authority or identifier field is specified in the label format it would require a robust description that encompassed multiple MAC models in an environment in which implementations would be likely to be MAC-model specific It also seems to me that with some limited reworking the last paragraph above and the existing last two paragraphs of section 1 could be made into a new section 1.1 devoted to policy administration In section 2, there's a problem with the definition of "label format specification". This same term has a different definition in section 6, and the definition in section 2 seems to match "Label format selector" in section 6.
- [nfsv4] updated comments re draft-ietf-nfsv4-lfs-… David Noveck