Re: [P2PSIP] draft-knauf-p2psip-share-00
Alexander Knauf <alexander.knauf@haw-hamburg.de> Mon, 16 May 2011 09:41 UTC
Return-Path: <prvs=110cb392e=Alexander.Knauf@haw-hamburg.de>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CED5AE0744 for <p2psip@ietfa.amsl.com>; Mon, 16 May 2011 02:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVbkpUjOKK-D for <p2psip@ietfa.amsl.com>; Mon, 16 May 2011 02:41:22 -0700 (PDT)
Received: from mx6.haw-public.haw-hamburg.de (mx6.haw-public.haw-hamburg.de [141.22.6.3]) by ietfa.amsl.com (Postfix) with ESMTP id 6A31AE06A3 for <p2psip@ietf.org>; Mon, 16 May 2011 02:41:20 -0700 (PDT)
Received: from dehawshub01.mailcluster.haw-hamburg.de ([141.22.200.36]) by mail6.is.haw-hamburg.de with ESMTP/TLS/RC4-MD5; 16 May 2011 11:41:19 +0200
Received: from dehawscas03.mailcluster.haw-hamburg.de (141.22.200.53) by DEHAWSHUB01.mailcluster.haw-hamburg.de (141.22.200.36) with Microsoft SMTP Server (TLS) id 8.1.358.0; Mon, 16 May 2011 11:41:19 +0200
Received: from [141.22.26.154] (141.22.200.35) by haw-mailer.haw-hamburg.de (141.22.200.80) with Microsoft SMTP Server (TLS) id 8.1.358.0; Mon, 16 May 2011 11:41:19 +0200
Message-ID: <4DD0F13E.7070007@haw-hamburg.de>
Date: Mon, 16 May 2011 11:41:18 +0200
From: Alexander Knauf <alexander.knauf@haw-hamburg.de>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10
MIME-Version: 1.0
To: p2psip@ietf.org
References: <4DCDC1A2.5030201@acm.org>
In-Reply-To: <4DCDC1A2.5030201@acm.org>
Content-Type: multipart/alternative; boundary="------------050806060204000407000606"
Subject: Re: [P2PSIP] draft-knauf-p2psip-share-00
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2011 09:41:22 -0000
Hi Marc,
thanks for your feedback!
On 14.05.2011 01:41, Marc Petit-Huguenin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> My problem is with the 4th paragraph of section 3:
>
> "Access Control Policy: To ensure write access to Shared Resource by
> Authorized Peers, each Usage MUST permit the USER-CHAIN-ACL access
> policy (see Section 5.4) in addition to its regular access
> policies (USER-MATCH, USER-NODE-MATCH, etc.)."
>
> I do not see in -base how two (or more) Access Control Policies can be used for
> one Kind.
I also see this conflict in the XML overlay config. document that only
allows a single access control policy per Kind. If it would support
multiple access policies, something like this:
kind-parameter&= element access-control { access-control-type }*<-- note the asterisk, compare with base -13 p.122
the receiver of a store request could iterate over the those policies,
trying if any of them is true.
> We have the same thing in draft-knauf-p2psip-disco:
>
> "Access Control Policy: Authorized focus peers are allowed to write
> the DisCo-Registration using the USER-CHAIN-ACL access policy.
> The conference creator (and resource owner) is the only exception:
> he is allowed to write based on the USER-MATCH or USER-PATTERN-
> MATCH policy."
>
> How a kind (DisCo-Registration in this case) can use two different access
> control policy?
same as above
> (Note that the configuration schema clearly states that a kind element contains
> one data-model element and one access-control element).
If the base document keeps this rule, we have to think about an
alternative in ShaRe/DisCo..
regards,
Alexander
> Thanks.
>
> - --
> Marc Petit-Huguenin
> Personal email: marc@petit-huguenin.org
> Professional email: petithug@acm.org
> Blog: http://blog.marc.petit-huguenin.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk3NwaAACgkQ9RoMZyVa61dlZwCeNlDcg0W7NiYYF7AuiXCmvWkS
> 6V4AniHrLWAEQjTYb3M3JqQ8jvO5BOD3
> =U1x+
> -----END PGP SIGNATURE-----
> _______________________________________________
> P2PSIP mailing list
> P2PSIP@ietf.org
> https://www.ietf.org/mailman/listinfo/p2psip
--
/*************************************************
* Alexander Knauf B.Sc.
* AG INET
* Dept. Informatik
* HAW Hamburg
* Berliner Tor 7
* D-20099 Hamburg, Germany
* Room: 580
* Net: http://inet.cpt.haw-hamburg.de/members/knauf
* Phone: +49 40 42875 - 8067
* Fax: +49 40 42875 - 8409
*************************************************/
- Re: [P2PSIP] draft-knauf-p2psip-share-00 Alexander Knauf
- [P2PSIP] draft-knauf-p2psip-share-00 Marc Petit-Huguenin
- Re: [P2PSIP] draft-knauf-p2psip-share-00 Marc Petit-Huguenin
- Re: [P2PSIP] draft-knauf-p2psip-share-00 Alexander Knauf
- Re: [P2PSIP] draft-knauf-p2psip-share-00 Marc Petit-Huguenin