[Policy] RE: PCELS draft
mpana@metasolv.com Mon, 09 February 2004 21:16 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12883 for <policy-archive@odin.ietf.org>; Mon, 9 Feb 2004 16:16:36 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AqIlD-0002Ai-LL for policy-archive@odin.ietf.org; Mon, 09 Feb 2004 16:16:08 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i19LG77W008342 for policy-archive@odin.ietf.org; Mon, 9 Feb 2004 16:16:07 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AqIl8-00029u-4I; Mon, 09 Feb 2004 16:16:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AqIkY-00028G-Bn for policy@optimus.ietf.org; Mon, 09 Feb 2004 16:15:26 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA12670 for <policy@ietf.org>; Mon, 9 Feb 2004 16:15:23 -0500 (EST)
From: mpana@metasolv.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AqIkW-0002Nv-00 for policy@ietf.org; Mon, 09 Feb 2004 16:15:24 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AqIjX-0002Gr-00 for policy@ietf.org; Mon, 09 Feb 2004 16:14:25 -0500
Received: from mail.metasolv.com ([216.30.145.7] helo=srvplemail1.metasolv.com) by ietf-mx with esmtp (Exim 4.12) id 1AqIil-00027h-00 for policy@ietf.org; Mon, 09 Feb 2004 16:13:35 -0500
Received: by srvplemail1.metasolv.com with Internet Mail Service (5.5.2653.19) id <1JJRMPFM>; Mon, 9 Feb 2004 15:11:50 -0600
Message-ID: <A33EE5A81E634B488B099FD31F65196101241C1C@srvotemail.metasolv.com>
To: Kurt@OpenLDAP.org
Cc: policy@ietf.org
Date: Mon, 09 Feb 2004 15:07:43 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C3EF50.C27D92DC"
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.9 required=5.0 tests=AWL,HTML_20_30,HTML_MESSAGE, NO_REAL_NAME autolearn=no version=2.60
Subject: [Policy] RE: PCELS draft
Sender: policy-admin@ietf.org
Errors-To: policy-admin@ietf.org
X-BeenThere: policy@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=unsubscribe>
List-Id: Policy Framework <policy.ietf.org>
List-Post: <mailto:policy@ietf.org>
List-Help: <mailto:policy-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=subscribe>
Kurt, > -----Original Message----- > From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] [...] > > 1) I noticed a number of RFC 2252 schema definitions > (e.g., pcelsIsMirrored) not accompanied by prose which detailed > the schema element. While an RFC 2252 schema definition should > be provided for each schema element, providing such should not > be viewed by itself to provide a complete technical > specification of the schema element. The prose needs to detail > all aspects of the schema element, such as application syntax > and semantics, not covered in the RFC 2252 schema definition. > It is also good to echo aspects of the RFC 2252 schema definition > in the prose. In the opening remarks for Section 5. we indicate that: " The semantics for the policy information classes that are to be mapped directly from the information model to an LDAP representation are detailed in [PCIM_EXT]. Consequently, this document presents only a brief reference to those semantics." In your opinion, is this not sufficient? Are you suggesting that the we should duplicate some of the text from rfc3460? > > 2) I noticed a number of places where the only description > of an application restriction upon the element (e.g., > pcelsIPHdrVersion) was in a comment field (e.g., DESC) in the > formal language (RFC2252) description of the element. These > restrictions should be stated in prose. The restrictions are fully documented by the information model (rfc3460). Are you suggesting that we should re-state their applicability to the LDAP Schema? > > 3) As application restrictions upon values are not enforced > by the directory, the specification should state how > applications are to behave if they find values in the > directory which, per the application restrictions, are > invalid. For instance, how are applications to deal with > negative pcelsPriority values? The last of the opening remarks for Section 5. (Note 5) indicates that: " if a constraint is violated, then the policy rule(s) /group(s) SHOULD be treated as being disabled, meaning that execution of the policy rule(s) /group(s) SHOULD be stopped." Do you find this insufficient? > > 4) I don't understand the meaning of pcelsPriority > DESC note that says: "Default value: 0". Does this mean that > if pcelsPriority is not present in the entry, then the > application is to assume a 0 priority? Also, since > pcelsPolicySetAssociation MUSTs pcelsPriority, when would > pcelsPriority need a default value? Indeed, we have overlooked this detail. In the next revision we will remove "Default value: 0" from the DESC if the pcelsPriority attribute definition. > I suggest you remove > these defaults from the DESC field and instead detail how > applications are to behave when an optional (MAY) attribute > is not present in the object. All the default values defined in PCELS for LDAP attributes, they are directly mapped from information model (rfc3460) property defaults. I'm thinking of adding a general note on default values for optional attributes to the opening remarks in Section 5. Would that be acceptable? > > 5) I note that a number of attribute types are described as > holding "lists" while some are described as "unordered sets". > The term list implies an ordering of its members. And, in > LDAP, all sets are unordered. I suggest you always use the > term "set" or always use the term "unordered set" when > referring to values of a attribute type. This was indeed poorly worded. The intention was to refer to *sets* of values. (Unordered obviously.) We will fix this in the next revision. However, PCELS defines several items with "List" in the name. This is because of the names of the corresponding information model items. I don't think that we can change the names without creating confusion. > > 6) I note that a number of attributes of syntaxes/matching > rules which behave properly (ensure same value (in different > representations) is not stored twice, ensure matching of > different representations match) for the kinds of > application-restricted values placed in them. For instance, > it seems a bit odd to use case ignore directory string > matching for IPv6 addresses. I am not sure I understand what this issue is. For instance the attribute pcelsIPv6AddrList is a DirectoryString and it is mapped from a property defined by rfc3460 in section 6.14.2. Among other things, this property can be a hostname hence case insensitive. Is there anything wrong with that? > > 7) The I-D should detail delegations it makes under the OID > to be assigned by IANA. That is, the x in IANA-ASSIGNED-OID.2.x > should be specified so that the RFC-Editor can simply replace > IANA-ASSIGNED-OID with the assigned OID throughout the I-D > to produce the RFC-to-be. Since we might still see some minor changes to the set of classes and attributes, the plan was to fill-in the numbers after locking down the content but before advancing the document to the next stage. And last but not least, thanks a lot for revising this document Thank you, Mircea. > > -- Kurt >
- [Policy] PCELS draft Kurt D. Zeilenga
- Re: [Policy] PCELS draft Marcus Brunner
- [Policy] RE: PCELS draft mpana
- [Policy] RE: PCELS draft mpana
- [Policy] RE: PCELS draft Kurt D. Zeilenga
- [Policy] RE: PCELS draft mpana