Re: [OPSAWG] Review of draft-zheng-opsawg-tacacs-yang-01
"Wubo (lana)" <lana.wubo@huawei.com> Tue, 09 April 2019 08:28 UTC
Return-Path: <lana.wubo@huawei.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10B52120116 for <opsawg@ietfa.amsl.com>; Tue, 9 Apr 2019 01:28:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UXSwfrvB5px8 for <opsawg@ietfa.amsl.com>; Tue, 9 Apr 2019 01:28:21 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA4281200D8 for <opsawg@ietf.org>; Tue, 9 Apr 2019 01:28:21 -0700 (PDT)
Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id CE258AB0C7B52B6B1282 for <opsawg@ietf.org>; Tue, 9 Apr 2019 09:28:19 +0100 (IST)
Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 9 Apr 2019 09:28:19 +0100
Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Tue, 9 Apr 2019 09:28:19 +0100
Received: from DGGEMI401-HUB.china.huawei.com (10.3.17.134) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Tue, 9 Apr 2019 09:28:18 +0100
Received: from DGGEMI526-MBX.china.huawei.com ([169.254.8.204]) by dggemi401-hub.china.huawei.com ([10.3.17.134]) with mapi id 14.03.0415.000; Tue, 9 Apr 2019 16:28:15 +0800
From: "Wubo (lana)" <lana.wubo@huawei.com>
To: Joe Clarke <jclarke@cisco.com>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] Review of draft-zheng-opsawg-tacacs-yang-01
Thread-Index: AdTugc7EL8UqRARgRU+9EAWScX5sbQ==
Date: Tue, 09 Apr 2019 08:28:15 +0000
Message-ID: <520ECC8D9CA1724BA1CE492DF898F6A34923F4@DGGEMI526-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.189.23]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/3935vYw9SGGfBADSIqjDTFXeYvc>
Subject: Re: [OPSAWG] Review of draft-zheng-opsawg-tacacs-yang-01
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2019 08:28:24 -0000
Hi Joe, Many thanks for your valuable comments and suggestions. Please see my in-line reply below. Thanks, Bo -----邮件原件----- 发件人: OPSAWG [mailto:opsawg-bounces@ietf.org] 代表 Joe Clarke 发送时间: 2019年4月9日 3:26 收件人: opsawg@ietf.org 主题: [OPSAWG] Review of draft-zheng-opsawg-tacacs-yang-01 As promised at the mic during opsawg at IETF 104, here is my more detailed review of this draft. As I stated during the meeting, I think the AAA module should be taken out of this document. I believe Alan has commented the same. A AAA module may be required, but I don't want to muddle the TACACS+ work with that. Plus, I'm not convinced opsawg would be the correct place for a more general AAA module. [Bo] Thanks, we will take out the AAA module and focus the draft on TACACS+ YANG model. Secondly, I like the fact that you're extending the ietf-system module in a manner similar to RADIUS. I think that this work fits nicely there for device admin. I would remove the AAA moniker from the module for now. Leave it as ietf-tacacs-plus. I recall seeing a comment on-list that any reference to "tacacs" must be "tacacs+" or "tacacs_plus" or similar. TACACS without the plus is a very different beast. Let's not confuse what we're trying to do here. [Bo] Thank you for the suggestion, the module name will be changed to ietf-tacacs-plus to avoid misunderstanding as the network access AAA or TACACS. Maybe I'm being overly pedantic here, but why is "options" separated from other rw objects by the statistics branch? I would think you'd want to group the rw objects together. [Bo] Agree, the "options" container will be moved to the front of the tacacs-plus container to make the configuration parameters together. The word "accounting" is misspelled throughout this document. In general, I would run a spell checker over it. After listening to Heather at the keynote, we should do our best to help out RFC Editor, even early on in the document lifecycle. [Bo] Sure, spell checking will be done and corrected. What is the intent of network-instance? Is this like specifying a VRF on which to reach the T+ server? The description was not very clear. [Bo] Yes, this is the intention. More text will be added. You have a source IP option, but I know some vendors also implement a source-interface. I think it would be useful to have that as well (maybe a choice there). [Bo] Ok, we can change "source-ip" to a choice statement to accommodate both implementation options. Thanks. Joe _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg