Re: [regext] Request WGLC for draft-ietf-regext-rdap-redacted
Mario Loffredo <mario.loffredo@iit.cnr.it> Mon, 12 December 2022 15:18 UTC
Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33C58C1522C2 for <regext@ietfa.amsl.com>; Mon, 12 Dec 2022 07:18:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.796
X-Spam-Level:
X-Spam-Status: No, score=-6.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKIltIwTqfA5 for <regext@ietfa.amsl.com>; Mon, 12 Dec 2022 07:18:00 -0800 (PST)
Received: from mx5.iit.cnr.it (mx5.iit.cnr.it [146.48.58.12]) by ietfa.amsl.com (Postfix) with ESMTP id 8C2DCC1516ED for <regext@ietf.org>; Mon, 12 Dec 2022 07:17:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx5.iit.cnr.it (Postfix) with ESMTP id 7D992C03DB; Mon, 12 Dec 2022 16:17:56 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mx5.iit.cnr.it
Received: from mx5.iit.cnr.it ([127.0.0.1]) by localhost (mx5.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id klxFF0EWzQ9M; Mon, 12 Dec 2022 16:17:51 +0100 (CET)
Received: from [192.168.16.66] (sa.nic.it [192.12.193.247]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mx5.iit.cnr.it (Postfix) with ESMTPSA id ABECFC0184; Mon, 12 Dec 2022 16:17:51 +0100 (CET)
Content-Type: multipart/alternative; boundary="------------oUSHhmR8RXqxxHIMzUfzHsa1"
Message-ID: <759eed08-adad-17a3-34dc-804c64bb701a@iit.cnr.it>
Date: Mon, 12 Dec 2022 16:14:47 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1
To: "Gould, James" <jgould=40verisign.com@dmarc.ietf.org>, "regext@ietf.org" <regext@ietf.org>
References: <F5311F40-B40C-4C9A-9541-258907D562A1@verisign.com>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
In-Reply-To: <F5311F40-B40C-4C9A-9541-258907D562A1@verisign.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/_bJ5YSeeDsYy93oTnga67B0xGDY>
Subject: Re: [regext] Request WGLC for draft-ietf-regext-rdap-redacted
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2022 15:18:04 -0000
Il 12/12/2022 14:17, Gould, James ha scritto: > > Mario, > > Thank you for clarification around the vCard specific example of the > partial redaction of the formatted text properties “LABEL” and “FN”. > I don’t believe any of the existing redaction methods cover this case > of a partial redaction of a formatted text property value. I realize > this is a corner case, but to fully address it in RDAP, we may need to > add a new redaction method to draft-ietf-regext-rdap-redacted. The > redaction method could be “Redaction by Partial Value Method” with the > “method” member value of “partialValue”. This would signal to the > client that the formatted text property value has been partially > redacted. The concrete case are the “LABEL” and “FN” vCard > properties, but other formatted text properties could be defined in > the future. > > Thoughts on adding a new redaction method for covering this corner case? > I'm OK with it. A new redaction method is surely much better than my conservative proposal. Mario > -- > > JG > > > > > *James Gould > *Fellow Engineer > jgould@Verisign.com > <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> > > 703-948-3271 > 12061 Bluemont Way > Reston, VA 20190 > > Verisign.com <http://verisigninc.com/> > > *From: *Mario Loffredo <mario.loffredo@iit.cnr.it> > *Date: *Saturday, December 10, 2022 at 3:31 AM > *To: *James Gould <jgould@verisign.com>, "regext@ietf.org" > <regext@ietf.org> > *Subject: *[EXTERNAL] Re: [regext] Request WGLC for > draft-ietf-regext-rdap-redacted > > Hi James, > > please find my comments below. > > Il 09/12/2022 19:15, Gould, James ha scritto: > > Mario, > > Sorry for the delay in responding to your feedback. Thanks for > the feedback and below are the responses to it. > > -- > > JG > > > > > *James Gould > *Fellow Engineer > jgould@Verisign.com > <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> > > 703-948-3271 > 12061 Bluemont Way > Reston, VA 20190 > > Verisign.com > <http://secure-web.cisco.com/10wmXnAxec1RRrOtGTl4db_iLXMUtPfYFQrLzw-IA2PHbfNc9ze5KbXK3eWCAxJSio1lPtr_6pKioWeYvtLLrnVmZPkJWjQzok4esvmclUfrfkyRBCyDoJt_ryHsKxqZnXSbirKJywEyxB25w9OZqILiskden6igDu3eWZ8GZbgLoDDPJFLJVheJMYKuASxkT76O1U0JGRZ0wh5gYU7PxQ9YOsffUD0yMTCKG3C_S6kW9V15m-UfLxS6qupeP2j7qkhOOudeo--y4d2AzM-KUXiu-EqrQCbjBAN1DGuZ41tA/http%3A%2F%2Fverisigninc.com%2F> > > *From: *Mario Loffredo <mario.loffredo@iit.cnr.it> > <mailto:mario.loffredo@iit.cnr.it> > *Date: *Tuesday, November 15, 2022 at 9:05 AM > *To: *James Gould <jgould@verisign.com> > <mailto:jgould@verisign.com>, "regext@ietf.org" > <mailto:regext@ietf.org> <regext@ietf.org> <mailto:regext@ietf.org> > *Subject: *[EXTERNAL] Re: [regext] Request WGLC for > draft-ietf-regext-rdap-redacted > > Hi James, > > some comments from my side: > > 1) With reference to the following sentence in section 3.2: > > such as "" for a jCard [RFC7095] Text ("text") property or null for non-Text ("text") properties. > > it seems to me that RFC7095 doesn't include a clear statement in > that sense. > > Some VCard types (i.e. text, uri, language-tag, utc-offset, and > all date type variants) are mapped to JSON strings, other VCard > types are mapped to other JSON primitive types (i.e number, boolean). > > Given that, apart from "fn" that is a required "text" property, a > JSON string can be either null or empty. > > For sure, the use of the empty string makes more sense for "text" > values, but null value is not clearly prohibited for the other > VCard properties mapped to JSON strings. > > JG – Yes, the other jCard properties may be mapped to a JSON > string, but they include additional string format requirements > that would not be met with the use of an empty string. The > reference to the Text (“text”) property does not apply to the > other jCard properties that map to a JSON string, so the redaction > is handled with the use of a null value. > > 2) WIth regard to redaction by replacement method, should the > example in Fig.7 be updated as in the following: > > OLD > > "redacted": [ > > { > > "name": { > > "type": "Registrant Email" > > }, > > "path":"$.entities[?(@.roles[0]=='registrant')]. <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')][3]> > > vcardArray[1][?(@[0]=='email')][3]" <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')][3]>, > > "replacementPath":"$.entities[?(@.roles[0]=='registrant')]. <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')][3]> > > vcardArray[1][?(@[0]=='contact-uri')][3]" <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')][3]>, > > "pathLang": "jsonpath", > > "method": "replacementValue", > > } > > ] > > NEW > > "redacted": [ > > { > > "name": { > > "type": "Registrant Email" > > }, > > "path":"$.entities[?(@.roles[0]=='registrant')]. <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')]> > > vcardArray[1][?(@[0]=='email')]" <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')]>, > > "replacementPath":"$.entities[?(@.roles[0]=='registrant')]. <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')]> > > vcardArray[1][?(@[0]=='contact-uri')]" <mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')]>, > > "pathLang": "jsonpath", > > "method": "replacementValue", > > } > > ] > > Based on the example in Fig.6, the "email" property instead of the > "email" value is replaced. > > JG – Yes, I agree that the “email” property instead of the “email” > value is replaced. This will be addressed in > draft-ietf-regext-rdap-redacted-10. > > 3) Would rephrase the following sentence in section 4.2 > > OLD > > The "redacted" member contains an array of redacted > > objects with the following child members > > NEW > > The "redacted" member contains an array of > > objects with the following child members > > The objects in the "redacted" array are not redacted but rather > the response fields represented by those objects. > > JG – This will be updated in draft-ietf-regext-rdap-redacted-10. > > 4) Wonder if section 6.2 should include an entry for pathLang. > > JG – Yes, based on the feedback from Pawel Kowalik, the “redacted > expression language” type will be added with an initial > registration of the “jsonpath” value for the JSON Values Registry. > > 5) A last feedback about JSONPath Considerations: > > 5.a) Is it allowed to use wildcard in JSONPath? Think it could be > useful especially when the same redaction rule is applied to each > result of a search response. > > For example, if a registry policy consists in redacting all the > domain handles, the "redacted" content could simply be: > > "redacted": [ > > { > > "name": { > > "type": "Registry Domain ID" > > }, > > "path": "$.domainSearchResults[*].handle", > > "pathLang": "jsonpath", > > "method": "removal", > > "reason": { > > "type": "Server policy" > > } > > } > > ] > > JG – Actually for searches the “redacted” member can be included > on a per-object basis, since the redaction may be different per > object. Attempting to define crosscutting redaction definitions > for all objects included in the search seems like something the > server could do, but I don’t believe it should be encouraged. > > 5.b) I consider this a corner case so feel free to ignore it ;-) > > The VCard label property (as well as the JSContact fullAddress > property) is usually derived from the postal address information. > > When the postal address is partially redacted, what should be the > label value and the related redaction method? > > If you think it's worth managing this case, I would suggest a > conservative solution: the label property should be omitted and > the redaction method should be "removal". > > JG – The rule is if the property can be and is removed due to > redaction, then it is omitted, and the redaction method should be > “removal”. I’m not sure if this fully answers your feedback, so > please let me know with an example if it doesn’t. > > [ML] As I wrote in my previous mail, maybe it's not worth addressing > this case. In general, it is connected with the redaction of vCard > elements, namely the FN property and the LABEL parameter of the ADR > property, that are generated by formatting their structured > counterparts. If the structured components get partially redacted by > the emptyValue redaction method, what redaction method should I use to > redact the formatted versions? > > Here in the following an example clarifying my question. > > Before redaction: > > [ > "adr", > {"label": "Suite 1236\n4321 Rue Somewhere\nQuebec\QC\G1V 2M2\Canada"}, > "text", > [ > "", > "Suite 1236", > "4321 Rue Somewhere", > "Quebec", > "QC", > "G1V 2M2", > "Canada" > ] > ] > > After redaction: > > 1) > [ > "adr", > {"label": "QC\nCanada"}, > "text", > [ > "", > "", > "", > "", > "QC", > "", > "Canada" > ] > ] > 2) > > [ > "adr", > {}, > "text", > [ > "", > "", > "", > "", > "QC", > "", > "Canada" > ] > ] > > > Since the specification doesn't allow the server to signal that a > value has been partially redacted, and I don't see the need to add > another redaction method only for this corner case, my proposal was > simply the following: "those properties that are generated from other > properties that can be partially redacted must be redacted by using > the removal method" (Solution 2) > > Best, > > Mario > > Hope it could be helpful. > > Best, > > Mario > > Il 10/11/2022 19:38, Gould, James ha scritto: > > This is a formal request to start the WGLC for > draft-ietf-regext-rdap-redacted. There is a normative > reference to draft-ietf-jsonpath-base, which has a JSONPath > working group November milestone. draft-ietf-jsonpath-base > looks stable and can progress in parallel with > draft-ietf-regext-rdap-redacted. > > Thanks, > > -- > > JG > > > > > *James Gould > *Fellow Engineer > jgould@Verisign.com > <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> > > 703-948-3271 > 12061 Bluemont Way > Reston, VA 20190 > > Verisign.com > <http://secure-web.cisco.com/1jBgmRGLp97BwyI56ZY6E2KnhXLBn_CyaRjxVZ7GqU5nP4VoGbDmOFaSadTLrZ8OaIMWwNr4CLXsVIYNhnH4Z3c6przEWV0581stOfOtCDYyVb1U8iX-OaeglUaY6UIjRbRsoaAcqnx12w7uDgnjrwnhLrtSCH3NQK20VhpKXQbAofvo4jOJsx4cHjD5sxmv-xKgfyjXZgr7oOpxU9z41XgH02hJZZTYbogCf05948JANuWS0T4DojwwmNtmQHoN9UjVqPRqZKAn7gbjnO0xXK3ZDaxx9N9iz65hy3ZqIgQYHxdSLk5KUHbNvQydrwCxd/http%3A%2F%2Fverisigninc.com%2F> > > > > > _______________________________________________ > > regext mailing list > > regext@ietf.org > > https://www.ietf.org/mailman/listinfo/regext <https://secure-web.cisco.com/1QZXPKZg0yOi5FGPtQR9fKFNSa-mIVnC7WC4ALwt1eRfK3-ypZSt6_2xY-hSaVmgzAytTYYHcnL4rCXxWO2UpEtkMlh-OegPiK5nrIShRzg2hBlREYZPS41o1IwIWcM7UZPGQ-FxQBxkkf8fRsG27ZJPh6SN4Npz5Nx0eTyp0BNyD27_AEHQOQGphegY8qsrmx-Wjd9q7Csh129rmKkvKVxpZzed_u_8Pwyn4g4DN11Ns2RGRyh6-ymPx7BK5CxqUGI6OovchjtlylImbPICIi7KiCZMvnjcPCyn_ZDbQbxVQpIu6ikjianxcAM8RpdtD/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext> > > -- > > Dott. Mario Loffredo > > Technological Unit “Digital Innovation” > > Institute of Informatics and Telematics (IIT) > > National Research Council (CNR) > > via G. Moruzzi 1, I-56124 PISA, Italy > > Phone: +39.0503153497 > > Web:http://www.iit.cnr.it/mario.loffredo <http://secure-web.cisco.com/139AqdF7WT3CdxSSc0UPSoDgA0gl9_QwVKklekryCslll0JvKfIWV4X16QAKacmsRBjPmY6-F04c28s5zpz2HwT6ki7ON7XQHsnRXipvn3m1NoGxfR9XMNRGTtoSlaoXahD0z-bP-mSUPsraAy5ewotwaYuTsKuafF8T5HN8JqEL4pqYsq1WAdl8WS_bHigbb8mVKIhqTDuRazKzVCpoByy52N_M-Hf8megqz4jAbIU_D7CgzVTQH7GQXldLgfms9L0ugpZtQ0bewrH_9DBeNO0aiY2BRkZ8adIM_8V-TsGl3qCbgdfLzBl6RNTz79GpF/http%3A%2F%2Fwww.iit.cnr.it%2Fmario.loffredo> > > > > _______________________________________________ > > regext mailing list > > regext@ietf.org > > https://www.ietf.org/mailman/listinfo/regext <https://secure-web.cisco.com/1rA9AMtjPXivn2GGQB-ID4QUpd0YAumPZdCk9bomUeA-FW0jgWKt4BP-iZUjN9ZK5RHa3mQ0cgZR2CXGzCn7h5draw6tDsnn1tSB77lEpcrBTek47xmL8JcWRW7nrXcYWxlUJzXRAQbEPjV-zA4CToN9bL-qxyTxiM86Qdl2yf0VHGU9I7jvK8JrtFVS-STzmXEIFF8EaHSM31W6KF8L2VL4rQ4ZGnDL1tI2DNqDdq8GKQjafxSL34HzNHpWSllgqbY7K6JSCJ6773fZIRMhrDaF5f-HmjwipuKwciva27i0/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext> > > -- > Dott. Mario Loffredo > Technological Unit “Digital Innovation” > Institute of Informatics and Telematics (IIT) > National Research Council (CNR) > via G. Moruzzi 1, I-56124 PISA, Italy > Phone: +39.0503153497 > Web:http://www.iit.cnr.it/mario.loffredo <http://secure-web.cisco.com/1Bl4tTWy6j96jLMQhvvpHAXNQ41oOlRskA5D53vZW-T6wL5phoY08mwHjoDtV7zFoXdlnARj7naYERSK3D1qW0xpd-s6AvJpc0cJ_SoIHX3iNlY-fO3_aB3ZnKwQ65nXXA7jCf0fUrGBdv98Qds0-Y14vwcKUTItJm97dg7egfABvUs7UEhDs1G_C1kNZM-5r7UzETiZxK5ob6tjf5_rSghdo7CrPwb334_rKFyPKsj7HGu2tNYK7iKhzdbMAJXxYdGfnJMRecJSzF646MoK8g1sAcpiQmU0lbVf_fwxvhLo/http%3A%2F%2Fwww.iit.cnr.it%2Fmario.loffredo> > > _______________________________________________ > regext mailing list > regext@ietf.org > https://www.ietf.org/mailman/listinfo/regext -- Dott. Mario Loffredo Technological Unit “Digital Innovation” Institute of Informatics and Telematics (IIT) National Research Council (CNR) via G. Moruzzi 1, I-56124 PISA, Italy Phone: +39.0503153497 Web:http://www.iit.cnr.it/mario.loffredo
- [regext] Request WGLC for draft-ietf-regext-rdap-… Gould, James
- Re: [regext] Request WGLC for draft-ietf-regext-r… Mario Loffredo
- Re: [regext] Request WGLC for draft-ietf-regext-r… James Galvin
- Re: [regext] Request WGLC for draft-ietf-regext-r… Gould, James
- Re: [regext] Request WGLC for draft-ietf-regext-r… Mario Loffredo
- Re: [regext] Request WGLC for draft-ietf-regext-r… Gould, James
- Re: [regext] Request WGLC for draft-ietf-regext-r… Mario Loffredo