Re: [radext] draft-ietf-opsawg-ucl-acl: User Access Control Group ID RADIUS Attribute

Heikki Vatiainen <hvn@radiatorsoftware.com> Thu, 12 October 2023 14:55 UTC

Return-Path: <hvn@radiatorsoftware.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EA4CC1524B3 for <radext@ietfa.amsl.com>; Thu, 12 Oct 2023 07:55:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=radiatorsoftware-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCUtrCV3t3O2 for <radext@ietfa.amsl.com>; Thu, 12 Oct 2023 07:55:17 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 984ACC151997 for <radext@ietf.org>; Thu, 12 Oct 2023 07:55:17 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-50437c618b4so1371910e87.2 for <radext@ietf.org>; Thu, 12 Oct 2023 07:55:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radiatorsoftware-com.20230601.gappssmtp.com; s=20230601; t=1697122515; x=1697727315; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xRBCDnGuBttnysNX9rfIsgXgckMWUmkj2cEzwyFFbNE=; b=Y94c7q3KK9Ej8pN1hc8KIH0BNpjfhFA0NbDkCKwFk3WottfYoEAVQqJpoSwOQqcugH V9LO3Nlq/ziSf4k7t2VT9BzMN/diVSJwZSNk+dGzB1M5fLTYqvAywm+ThtLNAmLoCeam TnHMDCneV3RsVVHHSf0G/veZ2VXXqhGZbwSE1kO3mS/2yV8ViU8jYgiTar+00I+AVQFP ARSzS7pX71LTYFTEL/9qqOJWAx5tknvScNABJmGFs1wH25OYeyo4X0iuLnEwOWqVBHsu LzOO+x249QnQ4QMByWe0gfwrMYLqo1OGf1Pp9cm0aEd/tX5HNQSG1UWn2VQEIuWnAaSp mxMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697122515; x=1697727315; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xRBCDnGuBttnysNX9rfIsgXgckMWUmkj2cEzwyFFbNE=; b=T5NtGCrEVphnriW6xN8lw2fRBqAvFruV6RoSTNg5WrckK6evsvi9TVSZoHFT7OL5Yo CyyxM8UeAEJcFvUw0yCrEpyjz14Jr3RDgv27nCeKEgGxCakF0lXquIlGtHgIBR72Nk5i HLOmzn9gdUKIuE3JLqJjiJi4VSO5RTtfcKAJDPE6zRLNiTRgk2defkL7I42kZnPIRCDO aZngBsWc4nHluaJqjXJfkfn1pvMJ85AVvChPMhMukIx4j2nsdPNcPdfK7/vccL5MYQqC lKjlqv2AvWsDNVar59+jeMN8xdwgKqUzoIzXKlEwbPPaAeOj/malRHE7ZS96nAn+Mvwd 3q0w==
X-Gm-Message-State: AOJu0Yx7k1H6JrXOO5Tcpzr+PCM1L2u6YK1AdrFXh1C1kEXHNxRSRPCg Izj90xy0+Df+DX+nrNFtbd73f6Tobsc9amVik56/xg==
X-Google-Smtp-Source: AGHT+IGDI7hfyb4cvVTpjMemYXZJGh2s+14tjQ1cKYzQjLPo6RKfMtZHvIE8CUyXRRZUbnwZavOTf7zG5O4BfwuJOsk=
X-Received: by 2002:a05:6512:124d:b0:505:7360:6010 with SMTP id fb13-20020a056512124d00b0050573606010mr27432971lfb.28.1697122515290; Thu, 12 Oct 2023 07:55:15 -0700 (PDT)
MIME-Version: 1.0
References: <DU2PR02MB10160E3C06B7D7D89D3B21C9D88C3A@DU2PR02MB10160.eurprd02.prod.outlook.com>
In-Reply-To: <DU2PR02MB10160E3C06B7D7D89D3B21C9D88C3A@DU2PR02MB10160.eurprd02.prod.outlook.com>
From: Heikki Vatiainen <hvn@radiatorsoftware.com>
Date: Thu, 12 Oct 2023 17:54:58 +0300
Message-ID: <CAA7Lko9YknOpxtdD=F5E7ALO83pgenHbfPDMgoDJPPQjY-CBVw@mail.gmail.com>
To: mohamed.boucadair@orange.com
Cc: "radext@ietf.org" <radext@ietf.org>, opsawg <opsawg@ietf.org>, "draft-ma-opsawg-ucl-acl@ietf.org" <draft-ma-opsawg-ucl-acl@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aa25ae06078620d8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/ILQkmqHUZXpEn4p7J1HUyiQat1Y>
Subject: Re: [radext] draft-ietf-opsawg-ucl-acl: User Access Control Group ID RADIUS Attribute
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 14:55:21 -0000

On Tue, 26 Sept 2023 at 15:01, <mohamed.boucadair@orange.com> wrote:

> Hi RADEXT,
>
>
>
> FWIW, the document specifies the following new RADIUS attribute:
>
>
> https://boucadair.github.io/policy-based-network-acl/draft-ietf-opsawg-ucl-acl.html#name-user-access-control-group-i
>

Hello Med,

the example tables in the draft show that "Group ID" is an integer. Also,
the YANG module shows that group-id has type uint32 with range
"0..4294967294". If the value communicated with the new Radius attribute
maps directly to a value with a uint32 type, why not use Radius type
'integer' as defined by
https://datatracker.ietf.org/doc/html/rfc8044#section-3.1

This would make things easier to implementations since they would always
get a matching type from the Radius layer instead of having to parse a
'string' type.

-- 
Heikki Vatiainen
hvn@radiatorsoftware.com