[Policy] RE: PCELS draft
mpana@metasolv.com Mon, 16 February 2004 00:59 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA05760 for <policy-archive@odin.ietf.org>; Sun, 15 Feb 2004 19:59:39 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AsX6M-0003KD-Cu for policy-archive@odin.ietf.org; Sun, 15 Feb 2004 19:59:10 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i1G0xAQF012777 for policy-archive@odin.ietf.org; Sun, 15 Feb 2004 19:59:10 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AsX6E-0003Jb-4D; Sun, 15 Feb 2004 19:59:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AsX68-0003J8-0s for policy@optimus.ietf.org; Sun, 15 Feb 2004 19:58:56 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA05756 for <policy@ietf.org>; Sun, 15 Feb 2004 19:58:54 -0500 (EST)
From: mpana@metasolv.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AsX66-0004s7-00 for policy@ietf.org; Sun, 15 Feb 2004 19:58:54 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AsX5A-0004ow-00 for policy@ietf.org; Sun, 15 Feb 2004 19:57:59 -0500
Received: from mail.metasolv.com ([216.30.145.7] helo=srvplemail1.metasolv.com) by ietf-mx with esmtp (Exim 4.12) id 1AsX4r-0004lS-00 for policy@ietf.org; Sun, 15 Feb 2004 19:57:37 -0500
Received: by srvplemail1.metasolv.com with Internet Mail Service (5.5.2653.19) id <1JJRTW5Q>; Sun, 15 Feb 2004 18:55:48 -0600
Message-ID: <A33EE5A81E634B488B099FD31F65196101241C36@srvotemail.metasolv.com>
To: Kurt@OpenLDAP.org
Cc: policy@ietf.org
Date: Sun, 15 Feb 2004 18:51:37 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C3F427.0808936C"
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.8 required=5.0 tests=AWL,HTML_20_30,HTML_MESSAGE, NO_REAL_NAME autolearn=no version=2.60
Subject: [Policy] RE: PCELS draft
Sender: policy-admin@ietf.org
Errors-To: policy-admin@ietf.org
X-BeenThere: policy@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=unsubscribe>
List-Id: Policy Framework <policy.ietf.org>
List-Post: <mailto:policy@ietf.org>
List-Help: <mailto:policy-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/policy>, <mailto:policy-request@ietf.org?subject=subscribe>
Kurt, Agreed. The next revision of PCELS will include changes to address all the issues that you have identified. Thank you for taking the time to explain these issues in detail. Mircea. > -----Original Message----- > From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] > Sent: Tuesday, February 10, 2004 6:57 PM > To: mpana@metasolv.com > Cc: policy@ietf.org > Subject: RE: PCELS draft > > > My point with 1) is that the I-D seems to be overly reliant on > formal language (RFC2252) description of the LDAP semantics. > That is, for an attribute type such as 'pcelsIsMirrored', > you should, in addition to providing the formal language > description, you should describe the LDAP semantics. For > instance: > The 'pcelsIsMirrored' attribute type is of syntax > BOOLEAN [X.680] and has an equality matching rule > of booleanMatch [ref]. Attributes of this type can > only have a single value. > > That is, you should include supporting prose. > > My point with 2) is that, it appears to me, that you were relying > on comments within the formal language description to detail > an implementation requirement. I suggest you replace all DESC > comments with something descriptive of the element (as oppose > to describing a restriction upon the element). > For instance, for pcelsIPHdrVersion, > DESC 'HdrIpVersion property' > With 3), I think your suggested (in your second follow-up) is > better than the current text. > > With 4), note that 'pcelsPriority' is only one of many attribute > types which are described as having defaults. The issue (and > resolution) is applicable to each. I think a general statement, > combined with removing any mention of defaults in DESC fields > (or replacing the field as suggested in 2), likely can adequately > resolve this issue. > > With 5), I think you may also need to consider (if you haven't > so already) whether the set/list is represented in a single value > of the attribute or in multiple, if the latter, how implementations > are to compose/decompose the PCIM_EXT value from/to its LDAP > representation. > > With 6, I am particular concerned that LDAP's matching semantics > may not be compatible with the application needs. For instance, > pcelsIntegerList could contain multiple values each containing > different representations of the same integer (because these 3 > and 03 are different directory strings). Also, I'm concerned > that the LDAP ordering matching rule may not meet the applications > needs (as the ordering will be applied to their representations, > not their abstract value). As I am PCIM ignorant, I leave it > you and others to determine if the application needs are met > or not. However, you might want to make a general note to > deployers of this that they cannot rely on LDAP syntaxes and > rules being consistent with PCIM syntaxes and rules. > > With 7, okay. > > > > At 01:07 PM 2/9/2004, mpana@metasolv.com wrote: > >Kurt, > > > >> -----Original Message----- > >> From: Kurt D. Zeilenga > [<mailto:Kurt@OpenLDAP.org>mailto:Kurt@OpenLDAP.org] > >[...] > >> > >> 1) I noticed a number of RFC 2252 schema definitions > >> (e.g., pcelsIsMirrored) not accompanied by prose which detailed > >> the schema element. While an RFC 2252 schema definition should > >> be provided for each schema element, providing such should not > >> be viewed by itself to provide a complete technical > >> specification of the schema element. The prose needs to detail > >> all aspects of the schema element, such as application syntax > >> and semantics, not covered in the RFC 2252 schema definition. > >> It is also good to echo aspects of the RFC 2252 schema definition > >> in the prose. > > > >In the opening remarks for Section 5. we indicate that: > >" The semantics for the policy information classes that are to be > > mapped directly from the information model to an LDAP > representation > > are detailed in [PCIM_EXT]. Consequently, this document > presents only > > a brief reference to those semantics." > >In your opinion, is this not sufficient? Are you suggesting > that the we should duplicate some of the text from rfc3460? > > > >> > >> 2) I noticed a number of places where the only description > >> of an application restriction upon the element (e.g., > >> pcelsIPHdrVersion) was in a comment field (e.g., DESC) in the > >> formal language (RFC2252) description of the element. These > >> restrictions should be stated in prose. > > > >The restrictions are fully documented by the information > model (rfc3460). Are you suggesting that we should re-state > their applicability to the LDAP Schema? > > > >> > >> 3) As application restrictions upon values are not enforced > >> by the directory, the specification should state how > >> applications are to behave if they find values in the > >> directory which, per the application restrictions, are > >> invalid. For instance, how are applications to deal with > >> negative pcelsPriority values? > > > >The last of the opening remarks for Section 5. (Note 5) > indicates that: > >" if a constraint is violated, then the > > policy rule(s) /group(s) SHOULD be treated as being > disabled, meaning > > that execution of the policy rule(s) /group(s) SHOULD be > stopped." > >Do you find this insufficient? > > > >> > >> 4) I don't understand the meaning of pcelsPriority > >> DESC note that says: "Default value: 0". Does this mean that > >> if pcelsPriority is not present in the entry, then the > >> application is to assume a 0 priority? Also, since > >> pcelsPolicySetAssociation MUSTs pcelsPriority, when would > >> pcelsPriority need a default value? > > > >Indeed, we have overlooked this detail. In the next revision > we will remove "Default value: 0" from the DESC if the > pcelsPriority attribute definition. > > > >> I suggest you remove > >> these defaults from the DESC field and instead detail how > >> applications are to behave when an optional (MAY) attribute > >> is not present in the object. > > > >All the default values defined in PCELS for LDAP attributes, > they are directly mapped from information model (rfc3460) > property defaults. I'm thinking of adding a general note on > default values for optional attributes to the opening remarks > in Section 5. Would that be acceptable? > > > >> > >> 5) I note that a number of attribute types are described as > >> holding "lists" while some are described as "unordered sets". > >> The term list implies an ordering of its members. And, in > >> LDAP, all sets are unordered. I suggest you always use the > >> term "set" or always use the term "unordered set" when > >> referring to values of a attribute type. > > > >This was indeed poorly worded. The intention was to refer to > *sets* of values. (Unordered obviously.) We will fix this in > the next revision. However, PCELS defines several items with > "List" in the name. This is because of the names of the > corresponding information model items. I don't think that we > can change the names without creating confusion. > > > >> > >> 6) I note that a number of attributes of syntaxes/matching > >> rules which behave properly (ensure same value (in different > >> representations) is not stored twice, ensure matching of > >> different representations match) for the kinds of > >> application-restricted values placed in them. For instance, > >> it seems a bit odd to use case ignore directory string > >> matching for IPv6 addresses. > > > >I am not sure I understand what this issue is. For instance > the attribute pcelsIPv6AddrList is a DirectoryString and it > is mapped from a property defined by rfc3460 in section > 6.14.2. Among other things, this property can be a hostname > hence case insensitive. Is there anything wrong with that? > > > >> > >> 7) The I-D should detail delegations it makes under the OID > >> to be assigned by IANA. That is, the x in IANA-ASSIGNED-OID.2.x > >> should be specified so that the RFC-Editor can simply replace > >> IANA-ASSIGNED-OID with the assigned OID throughout the I-D > >> to produce the RFC-to-be. > > > >Since we might still see some minor changes to the set of > classes and attributes, the plan was to fill-in the numbers > after locking down the content but before advancing the > document to the next stage. > > > >And last but not least, thanks a lot for revising this document > > > >Thank you, > >Mircea. > > > >> > >> -- Kurt > >> >
- [Policy] PCELS draft Kurt D. Zeilenga
- Re: [Policy] PCELS draft Marcus Brunner
- [Policy] RE: PCELS draft mpana
- [Policy] RE: PCELS draft mpana
- [Policy] RE: PCELS draft Kurt D. Zeilenga
- [Policy] RE: PCELS draft mpana