Re: [regext] AD Review: draft-ietf-regext-org-ext-07
Adam Roach <adam@nostrum.com> Thu, 09 August 2018 05:06 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E3441294D7 for <regext@ietfa.amsl.com>; Wed, 8 Aug 2018 22:06:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.867
X-Spam-Level:
X-Spam-Status: No, score=-1.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4nvMYEPLpZF for <regext@ietfa.amsl.com>; Wed, 8 Aug 2018 22:06:46 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF45E130EFF for <regext@ietf.org>; Wed, 8 Aug 2018 22:06:45 -0700 (PDT)
Received: from Svantevit.roach.at (cpe-70-122-154-80.tx.res.rr.com [70.122.154.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w795609S071627 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 9 Aug 2018 00:06:02 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-154-80.tx.res.rr.com [70.122.154.80] claimed to be Svantevit.roach.at
To: Linlin Zhou <zhoulinlin@cnnic.cn>, draft-ietf-regext-org-ext <draft-ietf-regext-org-ext@tools.ietf.org>, regext <regext@ietf.org>
References: <c33925d0-eff9-62f2-2975-49cd413f4ebb@nostrum.com> <20180730142111887503210@cnnic.cn> <e253f0ab-d9ca-3f1e-6837-8af284eab5e1@nostrum.com> <2018080813065153438860@cnnic.cn> <2018080911115301931760@cnnic.cn>
From: Adam Roach <adam@nostrum.com>
Message-ID: <5780828e-0ae9-414a-3a05-84bdfe145f1a@nostrum.com>
Date: Thu, 09 Aug 2018 00:05:59 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <2018080911115301931760@cnnic.cn>
Content-Type: multipart/alternative; boundary="------------3E1E22910BF97F5614779643"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/IeyW4uz54nKIKWwEyuZnoyR5Z2Q>
Subject: Re: [regext] AD Review: draft-ietf-regext-org-ext-07
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Aug 2018 05:06:49 -0000
Thanks. This all sounds good to me. /a On 8/8/18 10:11 PM, Linlin Zhou wrote: > Dear Adam and WG, > Sorry, please ignore last unfinished letter. > > We've received some comments on the appropriate error codes. > Since draft-ietf-regext-org-ext is a command / response extension of another object that is related to a link attribute, > 2305 seems like a more proper error code for all of them, which means > "Object association prohibits operation". The association dould refer > to an existing association (e.g., attempt to add alink that already > exists) or a requested association (e.g. attempt to remove a link that > does not exist). > We found that in RFC5730 , the document already defined the response > format with error value elements using <value> or <extValue> for an > object. So we suggest not defining the specific response format in > this command/response extension. > The co-authors have discussed this issue and suggested the following > changes. > > An EPP error response MUST be returned if an <update> command cannot > be processed for any reason. > An attempt to add one organization ID or multiple organization IDs > with a particular role value when at least one of them already exists > does not change the object at all. A server SHOULD notify clients that > object relationsips exit by sending a 2305 error response code. > An attempt to remove an organization ID or multiple organization IDs > with a particular role value when > at least one of them does not exist does not change the object at all. > A server SHOULD notify clients that object relationships does not > exist by sending a 2305 error response code. > An attempt to change an organiztion ID or multiple organization IDs > with a particular role value when at least one of them does not exist > does not change the object at all. A server SHOULD notify clients that > object relationships does not eixt by sending a 2305 error response code. > Response format with error value elements is defined in section 2.6 of > RFC5730. > > Regards, > Linlin > ------------------------------------------------------------------------ > zhoulinlin@cnnic.cn > > *From:* Linlin Zhou <mailto:zhoulinlin@cnnic.cn> > *Date:* 2018-08-08 13:06 > *To:* Adam Roach <mailto:adam@nostrum.com>; > draft-ietf-regext-org-ext > <mailto:draft-ietf-regext-org-ext@tools.ietf.org>; regext > <mailto:regext@ietf.org> > *Subject:* Re: Re: [regext] AD Review: draft-ietf-regext-org-ext-07 > Dear Adam, > I have included my feedbacks for the remaining issues. Please see > below. > > Regards, > Linlin > ------------------------------------------------------------------------ > zhoulinlin@cnnic.cn > > *From:* Adam Roach <mailto:adam@nostrum.com> > *Date:* 2018-08-07 07:51 > *To:* Linlin Zhou <mailto:zhoulinlin@cnnic.cn>; > draft-ietf-regext-org-ext > <mailto:draft-ietf-regext-org-ext@tools.ietf.org>; regext > <mailto:regext@ietf.org> > *Subject:* Re: [regext] AD Review: draft-ietf-regext-org-ext-07 > Responses inline. > > On 7/30/18 1:21 AM, Linlin Zhou wrote: >> Dear Adam, >> Thanks for your review. I have my feedbacks started with >> [Linlin]. I'll update the draft based on your comments. >> >> Regards, >> Linlin >> ------------------------------------------------------------------------ >> zhoulinlin@cnnic.cn >> >> *From:* Adam Roach <mailto:adam@nostrum.com> >> *Date:* 2018-07-28 07:04 >> *To:* draft-ietf-regext-org-ext >> <mailto:draft-ietf-regext-org-ext@tools.ietf.org>; >> regext@ietf.org <mailto:regext@ietf.org> >> *Subject:* [regext] AD Review: draft-ietf-regext-org-ext-07 >> This is my AD review for draft-ietf-regext-org-ext-07. I >> have a handful of >> comments below that I'd like to see addressed prior to >> asking the IESG to >> consider the document. Please treat them as you would any >> other last-call >> comments. >> There are also two blocking comments that need to be >> resolved prior to >> IETF last >> call. >> Thanks to everyone who worked on this document. >> --------------------------------------------------------------------------- >> This is a blocking comment. >> This document raises the same question as >> draft-ietf-regext-org-08 does >> regarding the allowable placement of XML namespace >> declarations within the >> document; see, e.g., the following text: >> > In addition to the EPP command elements >> > described in the EPP object extensions, the command >> MUST contain an >> > <extension> element, and the <extension> element MUST >> contain a child >> > <orgext:create> element that identifies the extension >> namespace if >> > the client wants to associate data defined in this >> extension to the >> > object. >> I presume the same answer will apply to this document as >> does to >> draft-ietf-regext-org-08. >> Affected elements appear to also include <orgext:update> and >> <orgext:infData>. >> [Linlin] Please see my feedback in the reply of org >> draft. Thanks. >> > > > I assume we'll resolve this the same way in both documents. > > [Linlin] I've updated some words. Please see the feedback of > org draft. >> >> --------------------------------------------------------------------------- >> This is a blocking comment, as it impacts interoperability. >> §4.2.5: >> This section defines remove and change elements that use >> "role" as a key. It >> is unclear whether an attempt to remove or change an >> identifier >> corresponding to >> a role that is not present in the object results in an >> error, or is >> treated as >> success. >> For example, if an "example.com" is currently in the >> system as a >> reseller, but >> is *not* in the system as a privacyproxy, would an update >> containing the >> following elements return a success response or an error >> response? >> C: <orgext:update >> C: xmlns:orgext="urn:ietf:params:xml:ns:orgext-1.0"> >> C: <orgext:rem> >> C: <orgext:id role="privacyproxy"/> >> C: </orgext:rem> >> C: </orgext:update> >> If the answer is that an error is returned, then that >> error needs to be >> clearly >> specified in this document. >> >> [Linlin]I think an error should be returned. >> > > > Okay -- we need to say which error code to use, then. > > >> The same question needs to be answered for <orgext:chg>. >> > > > Is the answer the same for <orgext:chg> as for <orgext:rem>? > > >> Similarly, if <orgext:add> is issued for a role that >> already exists in the >> object, does this result in an error, or is the existing >> role identifier >> silently overridden? >> > > > This question also needs an answer. > > >> If the answer to "is this an error" is "yes" for any or >> all of the >> preceding questions: this document needs to clearly spell >> out what >> happens when >> an <orgext:...> element contains multiple <orgext:id> >> elements, and >> *some* of >> them cause an error while *some* of them do not. >> > > > This also still needs to be addressed. For example: > > If "example.com" is currently in the system as a reseller, but > is *not* in the system as a privacyproxy, what would the > following command do? > C: <orgext:update > C: xmlns:orgext="urn:ietf:params:xml:ns:orgext-1.0"> > C: <orgext:rem> > C: <orgext:id role="reseller"/> > C: <orgext:id role="privacyproxy"/> > C: </orgext:rem> > C: </orgext:update> > > > This could do any of the following, and the document needs to > be clear which one actually happens: > > 1. The command succeeds, and the "reseller" ID is removed > from "example.com" > 2. The command fails because "privacyproxy" doesn't exist as > an ID on "example.com." No changes are made. > 3. The command partially succeeds: the "reseller" ID is > removed from "example.com," but the response is an error > message because "privacyproxy" could not be returned. > > The semantics around #3 are very complicated, since you'll > ultimately need to indicate which part of the command > succeeded and which part failed, so you probably want to pick > #1 or #2. Given your answer above that removing a non-existent > orgext-ID from an object is a failure, I think #2 is the most > consistent. But this needs to be clearly specified. > > > >> >> Finally, if the <orgext:add> and <orgext:chg> elements do >> not result in >> errors >> in the cases described above, then this document should >> clearly specify how >> processing is different between those two elements, or >> clearly specify that >> handling of both elements is identical. >> [Linlin] So is it ok to add some words like "An EPP error >> response MUST be returned if an <update> command cannot >> be processed for any reason." ? >> > > > That's really not enough. You need to be very clear about what > "cannot be processed" means. And, since you have commands that > perform more than one operation at the same time, you need to > be very clear about handling when one of those operations > would be okay, but the other one is not. > > I don't want to tell you how to resolve each of these issues; > but, based on the one answer you gave above (about removing a > non-existent ID), the following clarifications would be > consistent: > > 1. An attempt to remove an ID that does not exist results in > an error with a result code of UUUU > 2. An attempt to change an ID that does not exist results in > an error with a result code of VVVV > 3. An attempt to add an ID that *does* already exist results > in an error with a result code of WWWW > 4. An attempt to remove more than one ID where at least one > of them does not exist does not change the object at all, > and results in an error with a result code of XXXX > 5. An attempt to change multiple IDs where at least one of > them does not exist does not change the object at all, and > results in an error with a result code of YYYY > 6. An attempt to add multiple IDs when at least one of them > already exists does not change the object at all, and > results in an error with a result code of YYYY > > You will need to say all six things. Also, for #4, #5, and #6, > you'll need to think about whether there is any way for the > client to know which ID caused the operation to fail > > Note that the result codes above might be the same as each > other or different from each other. I have no opinion on which > is better, as I'm not familiar with the philosophy of how > result codes are used in EPP. > > > [Linlin] Thanks for your suggestions. Adding some words at the > end of this section. I think error codes 2302 and 2303 defined > in RFC5730 could be used. > >> An EPP error response MUST be returned if an <update> >> command cannot be processed for any reason. >> >> >> An attempt to add an organization ID that does already >> exist results in an error with a result code of 2302. An >> attempt to add multiple organization IDs when at least >> one of them already exists does not change the object at >> all, and results in an error with a result code of 2302. >> >> >> An attempt to remove an organization ID that does not >> exist results in an error with a result code of 2303. An >> attempt to remove more than one ID where at least one of >> them does not exist does not change the object at all, >> and results in an error with a result code of 2303. >> >> >> An attempt to change an ID that does not exist results in >> an error with a result code of 2303. An attempt to add >> multiple IDs when at least one of them already exists >> does not change the object at all, and results in an >> error with a result code of 2303. >> >> >> If we want to identify which ID is the failing one, I >> think maybe we need to extend the <update> response. >> Something like this, >> >> > S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> > S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> > S: <response> > S: <result code="2302"> > S: <msg>Object exists</msg> > S: </result> > S: <resData> > S: <org:updData xmlns:org="urn:ietf:params:xml:ns:orgext-1.0"> > S: <org:id>res1523</org:id> > S: </org:updData> > S: </resData> > S: <trID> > S: <clTRID>ABC-12345</clTRID> > S: <svTRID>54321-XYZ</svTRID> > S: </trID> > S: </response> > S:</epp> > > > <element name="updData" type="orgext:updDataType"/> > > <complexType name="updDataType"> > <sequence> > <element name="id" type="eppcom:clIDType" minOccurs="0"/> > </sequence> > </complexType> >> >> --------------------------------------------------------------------------- >> > > > The resolution to the remaining issues all seem fine to me. > Thanks. > > /a > >
- [regext] AD Review: draft-ietf-regext-org-ext-07 Adam Roach
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Linlin Zhou
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Adam Roach
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Linlin Zhou
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Linlin Zhou
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Linlin Zhou
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Linlin Zhou
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Adam Roach
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Pieter Vandepitte
- Re: [regext] AD Review: draft-ietf-regext-org-ext… Linlin Zhou