RE: [Policy] AD review: draft-reyes-policy-core-ext-schema-03.txt (targeted fo r PS)
John Strassner <John.Strassner@intelliden.com> Mon, 15 September 2003 13:16 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27769 for <policy-archive@odin.ietf.org>; Mon, 15 Sep 2003 09:16:36 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ytD7-00073E-Dm for policy-archive@odin.ietf.org; Mon, 15 Sep 2003 09:16:13 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8FDG9OQ026964 for policy-archive@odin.ietf.org; Mon, 15 Sep 2003 09:16:09 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ytD3-0006y6-8a; Mon, 15 Sep 2003 09:16:05 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ytCP-0006t8-Vb for policy@optimus.ietf.org; Mon, 15 Sep 2003 09:15:26 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA27674 for <policy@ietf.org>; Mon, 15 Sep 2003 09:15:18 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19ytCO-000561-00 for policy@ietf.org; Mon, 15 Sep 2003 09:15:24 -0400
Received: from cosium01.intelliden.net ([12.41.186.248]) by ietf-mx with esmtp (Exim 4.12) id 19ytCN-00052l-00 for policy@ietf.org; Mon, 15 Sep 2003 09:15:23 -0400
Received: by cosium01.intelliden.net with Internet Mail Service (5.5.2653.19) id <SSQBPLA7>; Mon, 15 Sep 2003 07:14:49 -0600
Message-ID: <AE723009E85E224CB00132C7FF0B34E172070B@cosium02.intelliden.net>
From: John Strassner <John.Strassner@intelliden.com>
To: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>, "'Pana, Mircea'" <mpana@metasolv.com>, 'Marcus Brunner' <brunner@ccrle.nec.de>, "'telabm@mat.upc.es'" <telabm@mat.upc.es>, "'angelica@mat.upc.es'" <angelica@mat.upc.es>, 'David Moron' <dmor4477@hotmail.com>
Cc: "Policy (E-mail)" <policy@ietf.org>
Subject: RE: [Policy] AD review: draft-reyes-policy-core-ext-schema-03.txt (targeted fo r PS)
Date: Mon, 15 Sep 2003 07:14:39 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C37B8B.51B40A10"
Sender: policy-admin@ietf.org
Errors-To: policy-admin@ietf.org
X-BeenThere: policy@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=unsubscribe>
List-Id: Policy Framework <policy.ietf.org>
List-Post: <mailto:policy@ietf.org>
List-Help: <mailto:policy-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=subscribe>
Hi Bert, My opinions in answer to your questions are inline. Look for <js>..</js> regards, John John C. Strassner Chief Strategy Officer Intelliden Inc. 90 South Cascade Avenue Colorado Springs, CO 80906 USA phone: +1.791.785.0648 fax: +1.719.785.0644 email: john.strassner@intelliden.com > -----Original Message----- > From: Wijnen, Bert (Bert) [mailto:bwijnen@lucent.com] > Sent: Friday, August 29, 2003 2:50 PM > To: 'Pana, Mircea'; 'Marcus Brunner'; 'telabm@mat.upc.es'; > 'angelica@mat.upc.es'; 'David Moron' > Cc: Policy (E-mail) > Subject: [Policy] AD review: draft-reyes-policy-core-ext-schema- > 03.txt (targeted fo r PS) > > Here are my comments. Would be good to not only hear > authors/editors > responses, but also input from the WG. > > - RFC3460 Updates RFC3060. So would it not be logical to say/claim > that this PCELS Updates PCLS ?? If so, we need to say so in the > abstract with a simple, but explicit sentence: > This document updates RFC zzzz > -- RFC-Editor replaces zzzz with RFC number assigned to > [PCLS] <js> One would have thought so. But this document changes PCLS in several fundamental ways. I do NOT think that the word "update" should be used anywhere in this document. </js> > - Maybe I just do not understand... But is it valid to just move a > class, like you moved the pcimGroup (and all that was under it) > underneath a new pcimPolicySet. Would it not be more cuatious to > deprecate the pcimGroup and define s pcimeGroup or such under > pcimPolicySet and do something similar for the other moved groups > classes? I understand that PCIM-EXT did this moving too, but that > is an information model (so abstract) while this is a mapping > onto > a repository, so here things may get incompatible if we already > have implementation of PCLS, no? <js> I don't think that moving classes around are justified or a good idea. This would be equivalent to me building a MIB where I "update" an existing table by building a completely new table. This and other things render the resulting schema of PCELS incompatible with older PCLS implementations. </js> > - Is it wise to have (as part of this document) two Vendor specific > classes that are not part of or based on PCIM-EXT ?? This doc is > supposed to do the LDAP Schema defintiions for PCIM-EXT, right? > So why these additions? <js> The vendor classes were originally intended to provide extensibility. But having new classes that are not built from PCIM or PCIMe is NOT a good idea, and they certainly do not qualify as an "update". </js> > - Is it wise to just rename classes (sect 4.2, bullet 1). Would it > not be wiser to deprecate the old ones and add new ones? <js> Renaming is a bad idea, because everything else now changes - their OIDs, classes referencing them, etc. But I don't believe that deprecation is appropriate for a schema. I know of no LDAP documents that have deprecated schema - this is rather done in an implementation. Again, it seems that this is more of a NEW implementation as opposed to an UPDATE of any type. </js> > - There seems to be more of these things that I wonder if > deprecation > and adding new ones would be better. I guess I do not very well > understand the impact (or non-impact) on existing implementations > of the PCLS by the changes being made. Can someone explain to me. > Or possibly add text to the document that describes such > (non-)impact. <js> There's a very large impact - lack of compatibility. Fundamentally, this document proposes a set of incompatible changes to PCLS. I don't understand why these changes are being asked for. It would seem that instead of rewriting parts of the schema, as this document proposes, changes should have been made to PCLS. </js> > - In section 5, I think you need to explain/define which matching > rules are used and make citations to where they are defined. > PCLS does that too (zeilenga-user_schema), but you probably > better use: draft-zeilenga-ldap-user-schema-mr-00.txt > Pls make sure that that indeed covers all matching rules. <js> The matching rules are not defined as normative references, which is imho a mistake. They should at least reference RFC2252 for LDAP definitions and X.520 for the X.5 definitions. Note that PCLS uses the 2001 version of X.520. </js> > - Security Considerations > Would it not be better to change the first 3 paragraphs: > This topic is based on requirements from previous [PCLS] > documents > and also takes into account other RFCs about the same security > aspects entitled as following: > > RFC 2829 (Authentication Methods for LDAP) > RFC 2830 (Lightweight Directory Access Protocol (v3): Extension > for > Transport Layer Security) > > These RFC documents provide a general framework for security > architecture of the system. However some comments have to be > provided > as a consequence of the inclusion of extensions in this own > document > and its relation with PCLS doc. > Into something like: > Since this PCELS document is an update to the [PCLS] it has the > same > basic security considerations as the [PCLS] document. So see > the > Security considerations in [PCLS] first. <js> I would agree </js> > - You may want to check the English on Page 55 (up to IANA > considerations) > For example: what is "obtention" ?? > what is "p.e." ? I guess par example or per exemple? > in English text we tend to use e.g. > > And for me (but I am not a security expert), I do not understand > what > that text on page 55 is trying to tell me. You may want to check > with > one of the security ADs, Russ Housley is probably the most > appropriate, > if this is clear and acceptable for them. <js> Russ Mundy was the security advisor for PCIM. Luis Sanchez also looked at early copies of the document. </js> > - IANA Considerations. > Isn't the IANA-ASSIGNED-OID the same as the one in PCLS ?? > If so, we should make that clear in the document, so it is > easy for IANA to see and understand. <js> Depends on what they would want to do. But I would expect that new classes (regardless of whether they update an existing class or not) to have new OIDs. </js> > NITS: > - in abstract, do not use citations as per RFC-Editor policy. It is > OK to > use RFC numbers. > - RFC2119 (your [KEYWORDS] citation) must be a normative reference > Your text on keywors on page 1 does not make a citation to this > by the > way. > > I want to get this doc reviewed by an LDAP expert (from the LDAP > directorate) as well, but maybe you can try to address and/or > answer > the above first. <js> I'm on the LDAP directorate ;-) and will take a good look at actual recommended schema next week. </js> > Thanks, > Bert > > _______________________________________________ > Policy mailing list > Policy@ietf.org > https://www1.ietf.org/mailman/listinfo/policy
- [Policy] AD review: draft-reyes-policy-core-ext-s… Wijnen, Bert (Bert)
- RE: [Policy] AD review: draft-reyes-policy-core-e… John Strassner