IETF Logo Mail Archive

[Policy] RE: PCELS draft

mpana@metasolv.com Mon, 09 February 2004 21:16 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12883 for <policy-archive@odin.ietf.org>; Mon, 9 Feb 2004 16:16:36 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AqIlD-0002Ai-LL for policy-archive@odin.ietf.org; Mon, 09 Feb 2004 16:16:08 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i19LG77W008342 for policy-archive@odin.ietf.org; Mon, 9 Feb 2004 16:16:07 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AqIl8-00029u-4I; Mon, 09 Feb 2004 16:16:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AqIkY-00028G-Bn for policy@optimus.ietf.org; Mon, 09 Feb 2004 16:15:26 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12670 for <policy@ietf.org>; Mon, 9 Feb 2004 16:15:23 -0500 (EST)
From: mpana@metasolv.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AqIkW-0002Nv-00 for policy@ietf.org; Mon, 09 Feb 2004 16:15:24 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AqIjX-0002Gr-00 for policy@ietf.org; Mon, 09 Feb 2004 16:14:25 -0500
Received: from mail.metasolv.com ([216.30.145.7] helo=srvplemail1.metasolv.com) by ietf-mx with esmtp (Exim 4.12) id 1AqIil-00027h-00 for policy@ietf.org; Mon, 09 Feb 2004 16:13:35 -0500
Received: by srvplemail1.metasolv.com with Internet Mail Service (5.5.2653.19) id <1JJRMPFM>; Mon, 9 Feb 2004 15:11:50 -0600
Message-ID: <A33EE5A81E634B488B099FD31F65196101241C1C@srvotemail.metasolv.com>
To: Kurt@OpenLDAP.org
Cc: policy@ietf.org
Date: Mon, 09 Feb 2004 15:07:43 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C3EF50.C27D92DC"
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.9 required=5.0 tests=AWL,HTML_20_30,HTML_MESSAGE, NO_REAL_NAME autolearn=no version=2.60
Subject: [Policy] RE: PCELS draft
Sender: policy-admin@ietf.org
Errors-To: policy-admin@ietf.org
X-BeenThere: policy@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=unsubscribe>
List-Id: Policy Framework <policy.ietf.org>
List-Post: <mailto:policy@ietf.org>
List-Help: <mailto:policy-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=subscribe>

Kurt,

> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
[...]
> 
> 1) I noticed a number of RFC 2252 schema definitions
> (e.g., pcelsIsMirrored) not accompanied by prose which detailed
> the schema element.  While an RFC 2252 schema definition should
> be provided for each schema element, providing such should not
> be viewed by itself to provide a complete technical
> specification of the schema element.  The prose needs to detail
> all aspects of the schema element, such as application syntax
> and semantics, not covered in the RFC 2252 schema definition.
> It is also good to echo aspects of the RFC 2252 schema definition
> in the prose.

In the opening remarks for Section 5. we indicate that:
"   The semantics for the policy information classes that are to be
   mapped directly from the information model to an LDAP representation
   are detailed in [PCIM_EXT]. Consequently, this document presents only
   a brief reference to those semantics."
In your opinion, is this not sufficient? Are you suggesting that the we
should duplicate some of the text from rfc3460?

> 
> 2) I noticed a number of places where the only description
> of an application restriction upon the element (e.g.,
> pcelsIPHdrVersion) was in a comment field (e.g., DESC) in the
> formal language (RFC2252) description of the element.  These
> restrictions should be stated in prose.

The restrictions are fully documented by the information model (rfc3460).
Are you suggesting that we should re-state their applicability to the LDAP
Schema?

> 
> 3) As application restrictions upon values are not enforced
> by the directory, the specification should state how
> applications are to behave if they find values in the
> directory which, per the application restrictions, are
> invalid.  For instance, how are applications to deal with
> negative pcelsPriority values?

The last of the opening remarks for Section 5. (Note 5) indicates that:
" if a constraint is violated, then the
   policy rule(s) /group(s) SHOULD be treated as being disabled, meaning
   that execution of the policy rule(s) /group(s) SHOULD be stopped."
Do you find this insufficient?

> 
> 4) I don't understand the meaning of pcelsPriority
> DESC note that says: "Default value: 0".  Does this mean that
> if pcelsPriority is not present in the entry, then the
> application is to assume a 0 priority?   Also, since
> pcelsPolicySetAssociation MUSTs pcelsPriority, when would
> pcelsPriority need a default value?

Indeed, we have overlooked this detail. In the next revision we will remove
"Default value: 0" from the DESC if the pcelsPriority attribute definition.

>  I suggest you remove
> these defaults from the DESC field and instead detail how
> applications are to behave when an optional (MAY) attribute
> is not present in the object.

All the default values defined in PCELS for LDAP attributes, they are
directly mapped from information model (rfc3460) property defaults. I'm
thinking of adding a general note on default values for optional attributes
to the opening remarks in Section 5. Would that be acceptable?

> 
> 5) I note that a number of attribute types are described as
> holding "lists" while some are described as "unordered sets".
> The term list implies an ordering of its members.  And, in
> LDAP, all sets are unordered.  I suggest you always use the
> term "set" or always use the term "unordered set" when
> referring to values of a attribute type.

This was indeed poorly worded. The intention was to refer to *sets* of
values. (Unordered obviously.) We will fix this in the next revision.
However, PCELS defines several items with "List" in the name. This is
because of the names of the corresponding information model items. I don't
think that we can change the names without creating confusion.

> 
> 6) I note that a number of attributes of syntaxes/matching
> rules which behave properly (ensure same value (in different
> representations) is not stored twice, ensure matching of
> different representations match) for the kinds of
> application-restricted values placed in them.  For instance,
> it seems a bit odd to use case ignore directory string
> matching for IPv6 addresses. 

I am not sure I understand what this issue is. For instance the attribute
pcelsIPv6AddrList is a DirectoryString and it is mapped from a property
defined by rfc3460 in section 6.14.2. Among other things, this property can
be a hostname hence case insensitive. Is there anything wrong with that?

> 
> 7) The I-D should detail delegations it makes under the OID
> to be assigned by IANA.  That is, the x in IANA-ASSIGNED-OID.2.x
> should be specified so that the RFC-Editor can simply replace
> IANA-ASSIGNED-OID with the assigned OID throughout the I-D
> to produce the RFC-to-be.

Since we might still see some minor changes to the set of classes and
attributes, the plan was to fill-in the numbers after locking down the
content but before advancing the document to the next stage. 

And last but not least, thanks a lot for revising this document

Thank you,
Mircea.


> 
> -- Kurt
>

v2.23.0 | Report a Bug | By Email