Re: [regext] Benjamin Kaduk's Discuss on draft-ietf-regext-org-ext-09: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Mon, 12 November 2018 19:49 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E6D9130DF2; Mon, 12 Nov 2018 11:49:10 -0800 (PST)
X-Quarantine-ID: <b623BLLYCJqv>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b623BLLYCJqv; Mon, 12 Nov 2018 11:49:07 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ABBC130DD9; Mon, 12 Nov 2018 11:49:06 -0800 (PST)
X-AuditID: 12074423-537ff70000004716-5a-5be9d92eb163
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 7C.8A.18198.F29D9EB5; Mon, 12 Nov 2018 14:49:04 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-4.mit.edu (8.14.7/8.9.2) with ESMTP id wACJmvkR003071; Mon, 12 Nov 2018 14:48:59 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) œby outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id wACJmrXl032489 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Nov 2018 14:48:55 -0500
Date: Mon, 12 Nov 2018 13:48:53 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Linlin Zhou <zhoulinlin@cnnic.cn>
Cc: regext-chairs <regext-chairs@ietf.org>, Pieter Vandepitte <pieter.vandepitte@dnsbelgium.be>, iesg <iesg@ietf.org>, regext <regext@ietf.org>, draft-ietf-regext-org-ext <draft-ietf-regext-org-ext@ietf.org>
Message-ID: <20181112194852.GE99562@kduck.kaduk.org>
References: <20181025172816.GB45914@kduck.kaduk.org> <2018103010160489184930@cnnic.cn> <20181031010506.GY45914@kduck.kaduk.org> <20181031141945204989108@cnnic.cn> <20181031124321.GH45914@kduck.kaduk.org> <2018110111280976085295@cnnic.cn> <20181101222859.GH45914@kduck.kaduk.org> <B567C9E4-BF56-4BB0-8081-27264947C1F7@verisign.com> <201811060918110034890@cnnic.cn> <2018111211152341848066@cnnic.cn>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2018111211152341848066@cnnic.cn>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprDKsWRmVeSWpSXmKPExsUixG6nrmtw82W0welzyhbLls1gtZjxZyKz xd+9s5gtXnY9Zba4OuEIo8Wvjy8ZHdg8Nl2T9Pg+6Ty7x5IlP5kCmKO4bFJSczLLUov07RK4 MlYe/MpUsCygYnPjAZYGxkv2XYycHBICJhLbNk1i6WLk4hASWMMksXz6Y0YIZyOjxJwdh1kh nLtMEu9XPGMBaWERUJXYdWgCG4jNJqAi0dB9mRnEFgGKfz81H6ybWeAVo8T6p+tZQRLCAgUS S5d8Z+pi5ODgBdr3f1IUxND5zBKbel+zg9TwCghKnJz5BGwBs4C6xJ95l5hB6pkFpCWW/+OA CMtLNG+dDbaLU0BP4v/9V4wgtqiAssTevkPsExgFZyGZNAvJpFkIk2YhmbSAkWUVo2xKbpVu bmJmTnFqsm5xcmJeXmqRrplebmaJXmpK6SZGcCS4KO9gfNnnfYhRgINRiYf3xPSX0UKsiWXF lbmHGCU5mJREedkXAoX4kvJTKjMSizPii0pzUosPMUpwMCuJ8PLxAOV4UxIrq1KL8mFS0hws SuK8f0QeRwsJpCeWpGanphakFsFkZTg4lCR4v10HahQsSk1PrUjLzClBSDNxcIIM5wEargBS w1tckJhbnJkOkT/FqCglznsWJCEAksgozYPrBSUqiez9Na8YxYFeEeaNuAFUxQNMcnDdwJgD +kiEt+Tlc5DBJYkIKakGxu4UkY1BVw9IzF7k/3pHjOIkvv1q1sztV5Rm/L5UcXijktaFaG32 32maW6cXmgc9Tmbcrqs954RkyRZd23tvd2goBE5YF654l9GkTGrRj4hZLzuWz7niN/2qZsFT Tk6HXJavs/TMtn5mW2HhvmKTo3x/4f03a88dC46cUWH0dcb+dcuEIzkFNimxFGckGmoxFxUn AgBbSUPRLwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/BGvLnjhUVD3IJ-Xfh8UPG1Owv94>
Subject: Re: [regext] Benjamin Kaduk's Discuss on draft-ietf-regext-org-ext-09: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 19:49:10 -0000

Hi Linlin,

On Mon, Nov 12, 2018 at 11:15:24AM +0800, Linlin Zhou wrote:
> Dear Benjamin,
> James provided his suggestions and I'd like to include them in the updated text. I think this is the last issue we have and please see if these changes workable for you.

I think this looks good, thank you!  Just one minor thing (in the same vein
as my comment just now on the companion document)...

> 1. In section 3.1 Organization Identifier, add sentences at the end of this paragraph. 
> A "role" attribute is used to represent the relationship that the organization has to the EPP object. Any given object MUST have at most one associated organization ID for any given role value. 
> 
> 2. In section 4.1.2,
> Zero or more <orgext:id> elements are allowed that contain the identifier of the organization, as defined in [section 3.1]. The "role" attribute is used to represent the relationship that the organization has to the object. See Section 7.3 in [ID.draft-ietf-regext-org] for a list of values.
> 
> 3. In section 4.2.1, 
> One or more <orgext:id> elements that contain the identifier of the organization, as defined in [section 3.1]. The "role" attribute is used to represent the relationship that the organization has to the object. See Section 7.3 in [ID.draft-ietf-regext-org] for a list of values. 
> 
> 4. In section 4.2.5,
>  o  An OPTIONAL <orgext:add> element that contains one or more <orgext:id> elements, as defined in [section 3.1], that add non-existent organization roles to the object. The <orgext:id> element MUST have a non-empty organization identifier value.  The server SHOULD validate that the <orgext:id> element role does not exist. 
>  
>    o  An OPTIONAL <orgext:rem> element that contains one or more <orgext:id> elements, as defined in [section 3.1], that remove organization roles from the object. The <orgext:id> element MAY have an empty organization identifier value.  The server SHOULD validate the existence of the <orgext:id> element role and the organization identifier if provided. 
>  
>    o  An OPTIONAL <orgext:chg> element that one or more <orgext:id> elements, as defined in [section 3.1], that change organization role identifiers for the object. The existing organization identifier value will be replaced for the defined role.  The server SHOULD validate the existence of the <orgext:id> element role. 
> 
> At least one <orgext:add>, <orgext:rem> or <orgext:chg> element MUST be provided. The <orgext:add>, <orgext:rem> and <orgext:chg> elements contain the following child element:
> 
> o One or more <orgext:id> elements that contain the identifier of the organization. The "role" attribute is used to represent the relationship that the organization has to the object. Any given object MUST have at most one associated organization ID for any given role value. See Section 7.3 in [ID.draft-ietf-regext-org] for a list of values.

... this MUST duplicates the requirement from Section 3.1; it could instead
be "Any given object has at most one [...]", optionally with a reference up
to Section 3.1.

-Benjamin

> Regards,
> Linlin
> 
> 
> Linlin Zhou
>  
> From: Linlin Zhou
> Date: 2018-11-06 09:18
> To: jgould; kaduk@mit.edu
> CC: regext-chairs; Pieter Vandepitte; iesg; regext; draft-ietf-regext-org-ext
> Subject: Re: [regext] Benjamin Kaduk's Discuss on draft-ietf-regext-org-ext-09: (with DISCUSS and COMMENT)
> Hi James,
> Thanks for your further suggestions. I'll include them in the updated version.
> 
> Regards,
> Linlin
> 
> 
> zhoulinlin@cnnic.cn
>  
> From: Gould, James
> Date: 2018-11-02 20:25
> To: kaduk@mit.edu; zhoulinlin@cnnic.cn
> CC: regext-chairs@ietf.org; pieter.vandepitte@dnsbelgium.be; iesg@ietf.org; regext@ietf.org; draft-ietf-regext-org-ext@ietf.org
> Subject: Re: [regext] Benjamin Kaduk's Discuss on draft-ietf-regext-org-ext-09: (with DISCUSS and COMMENT)
> I believe that we need to ensure that the 1-on-1 organization role mapping is consistently defined in the draft.  The definition of the "role" attribute, the possible value can be referenced in section 7.3, and the relationship between the organization id and the role should certainly be defined in section 3.1.  The definition in 3.1 can be referenced in the create (4.2.1) and info (4.1.2), as in "One or more <orgext:id> elements that contain the identifier of the organization, as defined in [section 3.1]."  The update (4.2.5) is a little bit more complex to provide clarity on the behavior of the <orgext:add>, <orgext:rem> and the <orgext:chg>.  The following bullet could be removed from the update (4.2.5):
>  
> One or more <orgext:id> elements that contain the identifier of
> the organization.  The "role" attribute is used to represent the
> relationship that the organization has to the object.  See
> Section 7.3 in [ID.draft-ietf-regext-org] for a list of values.
>  
> The reference to the <orgext:id> child elements and the expected behavior can be embedded under the definition of the <orgext:add>, <orgext:rem>, and <orgext:chg> elements, such as:
>  
>    o  An OPTIONAL <orgext:add> element that contains one or more <orgext:id> elements, as defined in [section 3.1], that add non-existent organization roles to the object.  The <orgext:id> element MUST have a non-empty organization identifier value.  The server SHOULD validate that the <orgext:id> element role does not exist.  
>  
>    o  An OPTIONAL <orgext:rem> element that contains one or more <orgext:id> elements, as defined in [section 3.1], that remove organization roles from the object.  The <orgext:id> element MAY have an empty organization identifier value.  The server SHOULD validate the existence of the <orgext:id> element role and the organization identifier if provided.  
>  
>    o  An OPTIONAL <orgext:chg> element that one or more <orgext:id> elements, as defined in [section 3.1], that change organization role identifiers for the object.  The existing organization identifier value will be replaced for the defined role.  The server SHOULD validate the existence of the <orgext:id> element role.     
>   
> —
> JG
>  
>  
>  
> James Gould
> Distinguished Engineer
> jgould@Verisign.com
>  
> 703-948-3271
> 12061 Bluemont Way
> Reston, VA 20190
>  
> Verisign.com <http://verisigninc.com/> 
>  
> On 11/1/18, 6:29 PM, "regext on behalf of Benjamin Kaduk" <regext-bounces@ietf.org on behalf of kaduk@mit.edu>; wrote:
>  
>     On Thu, Nov 01, 2018 at 11:28:10AM +0800, Linlin Zhou wrote:
>     > Dear Benjamin,
>     > I found that following sections may be the proper place to restrict the 1-to-1 mapping. I think we can have restrictions in section 3.1 only or in 3.1&4.2.1&4.2.5. I've not decided which one is better and hope to have others' suggestions.
>     
>     I'd be happy to hear others' suggestions as well.  I don't have a strong
>     preference, but if forced to choose would put text in all three places.
>     (That is, others should feel free to choose "just section 3.1" and not
>     force me to choose, if they want.)
>     
>     Thanks for putting together the proposals,
>     
>     Benjamin
>     
>     > 1. In section 3.1 Organization Identifier, add sentences at the end of this paragraph.
>     > A "role" attribute is used to represent the relationship that the organization has to the EPP object. Any given object MUST have at most one associated organization ID for any given role value.
>     > 
>     > 2. In section 4.2.1,
>     > One or more <orgext:id> elements that contain the identifier of the organization. The "role" attribute is used to represent the relationship that the organization has to the object. Any given object MUST have at most one associated organization ID for any given role value. See Section 7.3 in [ID.draft-ietf-regext-org] for a list of values.
>     > 
>     > 3. In section 4.2.5
>     > One or more <orgext:id> elements that contain the identifier of the organization. The "role" attribute is used to represent the relationship that the organization has to the object. Any given object MUST have at most one associated organization ID for any given role value. See Section 7.3 in [ID.draft-ietf-regext-org] for a list of values. 
>     > 
>     > If we have the restrictions, the 1-to-multiple mapping cases are not necessary to be specified in this document.
>     > 
>     > Regards,
>     > Linlin
>     > 
>     > 
>     > Linlin Zhou
>     >  
>     > From: Benjamin Kaduk
>     > Date: 2018-10-31 20:43
>     > To: Linlin Zhou
>     > CC: regext-chairs; Pieter Vandepitte; iesg; regext; draft-ietf-regext-org-ext
>     > Subject: Re: [regext] Benjamin Kaduk's Discuss on draft-ietf-regext-org-ext-09: (with DISCUSS and COMMENT)
>     > Dear Linlin,
>     >  
>     > On Wed, Oct 31, 2018 at 02:19:45PM +0800, Linlin Zhou wrote:
>     > > Dear Benjamin,
>     > > Thanks for your input. We believe that relationship between an object and an organization should be 1-to-1, one organization ID with just one role. 1-to-many is an exception for the organization extension. Indeed that is our concern, "the multiple examples may be overkill". Many thanks.
>     >  
>     > I won't object to requiring the 1-to-1 mapping, as the impact of the
>     > restriction seems minor.  I am not entirely sure where the best place to
>     > add some text that clarifies this restriction would be; perhaps in Section
>     > 4.2.1 where we describe the <orgext:id> elements in <create>?  (I assume
>     > that the formal syntax does not provide for a maxOccurs that applies
>     > per-type.)  It may also be worth a (non-normative) reminder in the <update>
>     > description that the semantics of <orgext:chg> are well-defined because
>     > there is only one entry per role value, but I'm not sure about that.
>     >  
>     > Thanks,
>     >  
>     > Benjamin
>     >  
>     > _______________________________________________
>     > regext mailing list
>     > regext@ietf.org
>     > https://www.ietf.org/mailman/listinfo/regext
>     
>     _______________________________________________
>     regext mailing list
>     regext@ietf.org
>     https://www.ietf.org/mailman/listinfo/regext
>