IETF Logo Mail Archive

RE: [Policy] RE: PCELS position

David McTavish <dmctavish@sandvine.com> Fri, 26 September 2003 22:26 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA27224 for <policy-archive@odin.ietf.org>; Fri, 26 Sep 2003 18:26:32 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A312O-0005oW-79 for policy-archive@odin.ietf.org; Fri, 26 Sep 2003 18:26:10 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8QMQ8Pt022316 for policy-archive@odin.ietf.org; Fri, 26 Sep 2003 18:26:08 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A312H-0005n2-3P; Fri, 26 Sep 2003 18:26:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A1r2R-0001yP-N7 for policy@optimus.ietf.org; Tue, 23 Sep 2003 13:33:23 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA26410; Tue, 23 Sep 2003 13:33:15 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A1r2P-0003o6-00; Tue, 23 Sep 2003 13:33:21 -0400
Received: from sandvine.com ([199.243.201.138] helo=mail.sandvine.com ident=hidden-user) by ietf-mx with esmtp (Exim 4.12) id 1A1r2O-0003o3-00; Tue, 23 Sep 2003 13:33:20 -0400
Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <SZM8GSJH>; Tue, 23 Sep 2003 13:33:18 -0400
Message-ID: <FE045D4D9F7AED4CBFF1B3B813C85337022B15B0@mail.sandvine.com>
From: David McTavish <dmctavish@sandvine.com>
To: 'Robert Moore' <remoore@us.ibm.com>, John Strassner <John.Strassner@intelliden.com>
Cc: "'Wijnen, Bert (Bert)'" <bwijnen@lucent.com>, David McTavish <dmctavish@sandvine.com>, "'Joel M. Halpern'" <joel@stevecrocker.com>, John Strassner <John.Strassner@intelliden.com>, "'Pana, Mircea'" <mpana@metasolv.com>, "'policy@ietf.org'" <policy@ietf.org>, policy-admin@ietf.org
Subject: RE: [Policy] RE: PCELS position
Date: Tue, 23 Sep 2003 13:33:11 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: policy-admin@ietf.org
Errors-To: policy-admin@ietf.org
X-BeenThere: policy@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=unsubscribe>
List-Id: Policy Framework <policy.ietf.org>
List-Post: <mailto:policy@ietf.org>
List-Help: <mailto:policy-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=subscribe>

Hi Bob,
Unfortunately, in LDAP, attributes must be globally unique. So, if an
attribute is defined as "foo" in one objectclass as a boolean, and as an
integer in another class, this causes an incompatibility. In some cases
(OpenLDAP), this prevents the server from even starting. It's not the most
elegant implementation, but something you get used to when working on LDAP.

Hope this is informational,
d.


-----Original Message-----
From: Robert Moore [mailto:remoore@us.ibm.com]
Sent: Tuesday, September 23, 2003 1:26 PM
To: John Strassner
Cc: 'Wijnen, Bert (Bert)'; 'David McTavish'; 'Joel M. Halpern'; John
Strassner; 'Pana, Mircea'; 'policy@ietf.org'; policy-admin@ietf.org
Subject: RE: [Policy] RE: PCELS position






>Furthermore, the argument that you are "reusing" an attribute foo in a new
class bar is completely specious, because the new class >bar is different
than the original class baz that defined foo. The differences are very
fundamental - different hierarchies, different >attributes, and worse
(e.g., the definition of priority). This isn't reuse, this is simply
stealing an OID.

John, I'll have to say that I'm missing the essence of your argument here.
Formally (as you've acknowledged), LDAP falls into the same category as
X.500 and CMIP: attributes are defined, and maintain their identity,
independent of the classes in which they appear.  (Digression for those who
haven't worked in the DMTF: CIM works the opposite way -- an attribute's
identity is tied to the class in which it is defined, so that it's possible
to have two attributes with identical names defined in two different CIM
classes.  This is, of course, a potential source of confusion, so there
were DMTF guidelines saying "Don't do this."  But these provided an
artificial overlay of global scope on attributes whose identity was
inherently scoped by the classes that defined them.)  I don't have specific
experience with X.500 and LDAP, but I do know that in the CMIP case it was
perfectly good practice (in fact, it was typical) to define attributes
without regard to the classes that would include them.  I'm don't see why
X.500 and LDAP should be any different.  But your use of the wording "...
the original class baz that defined foo" suggests that you see some
non-formal, but nevertheless significant sense in which LDAP attributes
*are* defined relative to the (first?) class that contains them.

Regards,
Bob

Bob Moore
WebSphere Advanced Design and Technology
WebSphere Platform System House
IBM Software Group
+1-919-254-4436
remoore@us.ibm.com



 

                      John Strassner

                      <John.Strassner@inte        To:       "'Pana, Mircea'"
<mpana@metasolv.com>, "'Wijnen, Bert (Bert)'"                
                      lliden.com>                  <bwijnen@lucent.com>,
"'David McTavish'" <dmctavish@sandvine.com>, "'policy@ietf.org'" 
                      Sent by:                     <policy@ietf.org>

                      policy-admin@ietf.or        cc:       John Strassner
<John.Strassner@intelliden.com>, "'Joel M. Halpern'"           
                      g                            <joel@stevecrocker.com>

                                                  Subject:  RE: [Policy] RE:
PCELS position                                               
 

                      09/23/2003 01:03 PM

 





Again, you are trying to determine the validity of an information model
based on the concerns of one specific data model. This is backwards.

Furthermore, the argument that you are "reusing" an attribute foo in a new
class bar is completely specious, because the new class bar is different
than the original class baz that defined foo. The differences are very
fundamental - different hierarchies, different attributes, and worse (e.g.,
the definition of priority). This isn't reuse, this is simply stealing an
OID.

So, how about defining a NEW set of classes and attributes? And if you
prefixes the new classes and attributes, this would also get around the
schema problem that I stated earlier.



regards,
John


John C. Strassner
Chief Strategy Officer
Intelliden Inc.
90 South Cascade Avenue
Colorado Springs, CO  80906  USA
phone:  +1.719.785.0648
  fax:     +1.719.785.0644
email:    john.strassner@intelliden.com
-----Original Message-----
From: Pana, Mircea [mailto:mpana@metasolv.com]
Sent: Monday, September 22, 2003 8:21 AM
To: 'Wijnen, Bert (Bert)'; 'David McTavish'; Pana, Mircea;
'policy@ietf.org'
Cc: 'John Strassner'; 'Joel M. Halpern'
Subject: RE: [Policy] RE: PCELS position



Maybe there is no need for such drastic measures. Maybe it is only a matter
of interpretation of the PCIMe recommendations. After all PCIMe is quite
lenient wrt. that is and what is not used in submodels (see PCIMe section
5.10.).


Some of the structural changes proposed by PCIMe make it difficult for
PCELS to be interoperable with PCLS. These are as follows:


1. PCIMe defines a new abstract class, PolicySet, and makes it a superclass
of the already defined PolicyRule and PolicyGroup


2. In PCIMe the PolicyRule.Priority property has been deprecated in favor
of a new relative priority mechanism.
3. PolicyRepository is deprecated in favor of the new
ReusablePolicyContainer.

PCELS could be interoperable with PCLS if it was to interpret these PCIMe
changes as follows:
A. there is no need to have an explicit LDAP mapping of the abstract
PolicySet. (see also B.)
B. there is no need to have an explicit LDAP mapping of the modified
PolicyGroup. Implementations can use (the equivalent of) a PolicyRule with
no Actions or Conditions for PolicyGroup objects.


C. implementations SHOULD (as opposed to MUST) use the relative priority
mechanism instead of the absolute priority attribute of PolicyRule


D. PolicyRepository SHOULD not be used directly but it is acceptable for
instances of this class to occur through inheritance.


So, the question is whether the statements A. through D. violate PCIMe or
not. Opinions?


Thanks,
Mircea.
-----Original Message-----
From: Wijnen, Bert (Bert) [mailto:bwijnen@lucent.com]
Sent: Sunday, September 21, 2003 6:14 AM
To: 'David McTavish'; 'Pana, Mircea'; 'policy@ietf.org'
Cc: 'John Strassner'; 'Joel M. Halpern'
Subject: RE: [Policy] RE: PCELS position



W.r.t.
>  Is PCIMe considered so complete, that it is beyond modification, if such

>  modification could preserve its intent while also adhering to the
desires
> of maintaining consistency with PCIM and PCLS?


PCIMe is at Proposed Standard. If, for example because of this effort to
try and MAP it onto LDAP, we
find that we did some things in PCIMe that we should not have done, then,
with WG consensus,
we can make incompatible changes to PCIMe and then recycle at Proposed
Standard.
That is part of the normal standars track process. That is, we get
something to PS, then we start
using/implementing (the "using" part is reusing PCIMe definitions in otehr
CIM docs (like the
other docs we did in Policy, and like the IPsec work, the "implementing" is
sort of mapping onto for
example LDAP I think)... and if we find major issues, then we fix and
recycle at PS. If we do not
find major issues, we may advance to DS.


Hope this helps.
Bert



_______________________________________________
Policy mailing list
Policy@ietf.org
https://www1.ietf.org/mailman/listinfo/policy

v2.23.0 | Report a Bug | By Email