Re: [regext] AD Review: draft-ietf-regext-org-ext-07

"Linlin Zhou" <zhoulinlin@cnnic.cn> Fri, 10 August 2018 02:57 UTC

Return-Path: <zhoulinlin@cnnic.cn>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEEB6130EEC for <regext@ietfa.amsl.com>; Thu, 9 Aug 2018 19:57:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMBtUTlaStDC for <regext@ietfa.amsl.com>; Thu, 9 Aug 2018 19:57:01 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id 3E3D81294D0 for <regext@ietf.org>; Thu, 9 Aug 2018 19:56:57 -0700 (PDT)
Received: from Admin-THINK (unknown [218.241.103.128]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0CJkPzs_mxbHNoGAA--.5522S2; Fri, 10 Aug 2018 10:56:45 +0800 (CST)
Date: Fri, 10 Aug 2018 10:56:42 +0800
From: Linlin Zhou <zhoulinlin@cnnic.cn>
To: Pieter Vandepitte <pieter.vandepitte@dnsbelgium.be>, Adam Roach <adam@nostrum.com>, draft-ietf-regext-org-ext <draft-ietf-regext-org-ext@tools.ietf.org>, regext <regext@ietf.org>
References: <c33925d0-eff9-62f2-2975-49cd413f4ebb@nostrum.com>, <20180730142111887503210@cnnic.cn>, <e253f0ab-d9ca-3f1e-6837-8af284eab5e1@nostrum.com>, <2018080813065153438860@cnnic.cn>, <2018080911115301931760@cnnic.cn>, <90025736-95ED-4969-B958-FC3AB6BB1746@dnsbelgium.be>
X-Priority: 3
X-GUID: 225B1945-62E8-4137-9913-1379D63DB2C6
X-Has-Attach: no
X-Mailer: Foxmail 7, 2, 7, 21[cn]
Mime-Version: 1.0
Message-ID: <2018081010563915668625@cnnic.cn>
Content-Type: multipart/related; boundary="----=_001_NextPart022783254464_=----"
X-CM-TRANSID: AQAAf0CJkPzs_mxbHNoGAA--.5522S2
X-Coremail-Antispam: 1UD129KBjvAXoW3tr13Xr4UXw13CF1DWFWfZrb_yoW8JF48Zo WxZr4qya18XFyfCr1qkF4DJ3sxWa4Ikr1rJr47K398C3W2qF43Gw1UXwn3WFZ3JrZ0k348 Wa4UJ39YqwsxtF93n29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73VFW2AGmfu7bjvjm3 AaLaJ3UjIYCTnIWjp_UUUOH7k0a2IF6w4kM7kC6x804xWl14x267AKxVWUJVW8JwAFc2x0 x2IEx4CE42xK8VAvwI8IcIk0rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj4 1l84x0c7CEw4AK67xGY2AK021l84ACjcxK6xIIjxv20xvE14v26ryj6F1UM28EF7xvwVC0 I7IYx2IY6xkF7I0E14v26F4j6r4UJwA2z4x0Y4vEx4A2jsIE14v26F4UJVW0owA2z4x0Y4 vEx4A2jsIEc7CjxVAFwI0_Cr1j6rxdM2AIxVAIcxkEcVAq07x20xvEncxIr21le4C267I2 x7xF54xIwI1l5I8CrVAYj202j2C_Xr0_Wr1l5I8CrVAqjxCE14ACF2xKxwAqx4xG64kEw2 xG04xIwI0_Jr0_Gr1l5I8CrVCF0I0E4I0vr24lYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0E x4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwACY4 xI67k04243AVAKzVAKj4xxM4xvF2IEb7IF0Fy26I8I3I1lc2xSY4AK67AK6r4UMxAIw28I cxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_JrI_JrWlx2 IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUAVWUtwCIc40Y0x0EwIxGrwCI 42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVWUJVW8JwCI42 IY6xAIw20EY4v20xvaj40_WFyUJVCq3wCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E 87Iv6xkF7I0E14v26r1j6r4UYxBIdaVFxhVjvjDU0xZFpf9x07b5db8UUUUU=
X-CM-SenderInfo: p2kr3zplqox0w6fq0xffof0/
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/oOgGIf_IPelb2t6U_31kbpjQscE>
Subject: Re: [regext] AD Review: draft-ietf-regext-org-ext-07
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2018 02:57:08 -0000

Dear Pieter,
Maybe we defined a "role" element for the organizations. I think some of the error cases are referenced with "role" but not with the organization IDs in <update> command. So this is something that is different from RFC5731. From my understanding of AD's comments, this role may lead to some errors that do not happen before. You should have some considerations about these cases.

Regards,
Linlin


zhoulinlin@cnnic.cn
 
From: Pieter Vandepitte
Date: 2018-08-09 15:45
To: Linlin Zhou; Adam Roach; draft-ietf-regext-org-ext; regext
Subject: Re: [regext] AD Review: draft-ietf-regext-org-ext-07
Hi Linlin,
 
Other RFC’s do not specify the error codes in particular cases (e.g. 5731 does not specify what to return if you remove a linked contact does not exist). But… on the other hand, I think it can be very useful if all Registries use the same error codes for the same use cases. 
It’s just that if you start to specify them, you have to be as complete as possible. You can’t randomly pick some cases. There are quite a lot of other cases, so where do we stop? E.g. deleting an organization object which is already linked, add a link for which the organization does not exist, … to just name a few of them. 
 
Isn’t this useful content for some kind of Best Practices document?
 
Kind regards
 
Pieter
 
-- 
Pieter Vandepitte
Product Expert
+32 16 28 49 70
www.dnsbelgium.be
 
 
 
 
From: regext <regext-bounces@ietf.org> on behalf of Linlin Zhou <zhoulinlin@cnnic.cn>
Date: Thursday 9 August 2018 at 05:12
To: Adam Roach <adam@nostrum.com>, draft-ietf-regext-org-ext <draft-ietf-regext-org-ext@tools.ietf.org>, regext <regext@ietf.org>
Subject: Re: [regext] AD Review: draft-ietf-regext-org-ext-07
 
Dear Adam and WG,
Sorry, please ignore last unfinished letter.
 
We've received some comments on the appropriate error codes. Since draft-ietf-regext-org-ext is a command / response extension of another object that is related to a link attribute, 2305 seems like a more proper error code for all of them, which means "Object association prohibits operation". The association dould refer to an existing association (e.g., attempt to add alink that already exists) or a requested association (e.g. attempt to remove a link that does not exist).
We found that in RFC5730 , the document already defined the response format with error value elements using <value> or <extValue> for an object. So we suggest not defining the specific response format in this command/response extension.
The co-authors have discussed this issue and suggested the following changes.
 
An EPP error response MUST be returned if an <update> command cannot be processed for any reason. 
An attempt to add one organization ID or multiple organization IDs with a particular role value when at least one of them already exists does not change the object at all. A server SHOULD notify clients that object relationsips exit by sending a 2305 error response code.
An attempt to remove an organization ID or multiple organization IDs with a particular role value when at least one of them does not exist does not change the object at all. A server SHOULD notify clients that object relationships does not exist by sending a 2305 error response code.
An attempt to change an organiztion ID or multiple organization IDs with a particular role value when at least one of them does not exist does not change the object at all. A server SHOULD notify clients that object relationships does not eixt by sending a 2305 error response code.
Response format with error value elements is defined in section 2.6 of RFC5730.
 
Regards,
Linlin


zhoulinlin@cnnic.cn
 
From: Linlin Zhou
Date: 2018-08-08 13:06
To: Adam Roach; draft-ietf-regext-org-ext; regext
Subject: Re: Re: [regext] AD Review: draft-ietf-regext-org-ext-07
Dear Adam,
I have included my feedbacks for the remaining issues. Please see below.
 
Regards,
Linlin


zhoulinlin@cnnic.cn
 
From: Adam Roach
Date: 2018-08-07 07:51
To: Linlin Zhou; draft-ietf-regext-org-ext; regext
Subject: Re: [regext] AD Review: draft-ietf-regext-org-ext-07
Responses inline.

On 7/30/18 1:21 AM, Linlin Zhou wrote:
Dear Adam,
Thanks for your review. I have my feedbacks started with [Linlin]. I'll update the draft based on your comments.
 
Regards,
Linlin


zhoulinlin@cnnic.cn
 
From: Adam Roach
Date: 2018-07-28 07:04
To: draft-ietf-regext-org-ext; regext@ietf.org
Subject: [regext] AD Review: draft-ietf-regext-org-ext-07
This is my AD review for draft-ietf-regext-org-ext-07.  I have a handful of
comments below that I'd like to see addressed prior to asking the IESG to
consider the document. Please treat them as you would any other last-call
comments.
 
There are also two blocking comments that need to be resolved prior to 
IETF last
call.
 
Thanks to everyone who worked on this document.
 
---------------------------------------------------------------------------
 
This is a blocking comment.
 
This document raises the same question as draft-ietf-regext-org-08 does
regarding the allowable placement of XML namespace declarations within the
document; see, e.g., the following text:
 
>  In addition to the EPP command elements
>  described in the EPP object extensions, the command MUST contain an
>  <extension> element, and the <extension> element MUST contain a child
>  <orgext:create> element that identifies the extension namespace if
>  the client wants to associate data defined in this extension to the
>  object.
 
I presume the same answer will apply to this document as does to
draft-ietf-regext-org-08.
 
Affected elements appear to also include <orgext:update> and 
<orgext:infData>.
 
[Linlin] Please see my feedback in the reply of org draft. Thanks.


I assume we'll resolve this the same way in both documents.

[Linlin]  I've updated some words. Please see the feedback of org draft.

---------------------------------------------------------------------------
 
This is a blocking comment, as it impacts interoperability.
 
§4.2.5:
 
This section defines remove and change elements that use "role" as a key. It
is unclear whether an attempt to remove or change an identifier 
corresponding to
a role that is not present in the object results in an error, or is 
treated as
success.
 
For example, if an "example.com" is currently in the system as a 
reseller, but
is *not* in the system as a privacyproxy, would an update containing the
following elements return a success response or an error response?
 
   C:      <orgext:update
   C:        xmlns:orgext="urn:ietf:params:xml:ns:orgext-1.0">
   C:        <orgext:rem>
   C:          <orgext:id role="privacyproxy"/>
   C:        </orgext:rem>
   C:      </orgext:update>
 
If the answer is that an error is returned, then that error needs to be 
clearly
specified in this document.
 
[Linlin]I think an error should be returned.


Okay -- we need to say which error code to use, then.



 
The same question needs to be answered for <orgext:chg>.


Is the answer the same for <orgext:chg> as for <orgext:rem>?



Similarly, if <orgext:add> is issued for a role that already exists in the 
object, does this result in an error, or is the existing role identifier
silently overridden?


This question also needs an answer.



 
If the answer to "is this an error" is "yes" for any or all of the
preceding questions: this document needs to clearly spell out what 
happens when
an <orgext:...> element contains multiple <orgext:id> elements, and 
*some* of
them cause an error while *some* of them do not.


This also still needs to be addressed. For example:
If "example.com" is currently in the system as a reseller, but is *not* in the system as a privacyproxy, what would the following command do?
 
   C:      <orgext:update
   C:        xmlns:orgext="urn:ietf:params:xml:ns:orgext-1.0">
   C:        <orgext:rem>
   C:          <orgext:id role="reseller"/>
   C:          <orgext:id role="privacyproxy"/>
   C:        </orgext:rem>
   C:      </orgext:update>


This could do any of the following, and the document needs to be clear which one actually happens:


The command succeeds, and the "reseller" ID is removed from "example.com" 
The command fails because "privacyproxy" doesn't exist as an ID on "example.com." No changes are made. 
The command partially succeeds: the "reseller" ID is removed from "example.com," but the response is an error message because "privacyproxy" could not be returned. 
The semantics around #3 are very complicated, since you'll ultimately need to indicate which part of the command succeeded and which part failed, so you probably want to pick #1 or #2. Given your answer above that removing a non-existent orgext-ID from an object is a failure, I think #2 is the most consistent. But this needs to be clearly specified.



 
Finally, if the <orgext:add> and <orgext:chg> elements do not result in 
errors
in the cases described above, then this document should clearly specify how
processing is different between those two elements, or clearly specify that
handling of both elements is identical.
 
[Linlin] So is it ok to add some words like "An EPP error response MUST be returned if an <update> command cannot be processed for any reason." ?


That's really not enough. You need to be very clear about what "cannot be processed" means. And, since you have commands that perform more than one operation at the same time, you need to be very clear about handling when one of those operations would be okay, but the other one is not.

I don't want to tell you how to resolve each of these issues; but, based on the one answer you gave above (about removing a non-existent ID), the following clarifications would be consistent:

An attempt to remove an ID that does not exist results in an error with a result code of UUUU
An attempt to change an ID that does not exist results in an error with a result code of VVVV 
An attempt to add an ID that *does* already exist results in an error with a result code of WWWW 
An attempt to remove more than one ID where at least one of them does not exist does not change the object at all, and results in an error with a result code of XXXX 
An attempt to change multiple IDs where at least one of them does not exist does not change the object at all, and results in an error with a result code of YYYY 
An attempt to add multiple IDs when at least one of them already exists does not change the object at all, and results in an error with a result code of YYYY 
You will need to say all six things. Also, for #4, #5, and #6, you'll need to think about whether there is any way for the client to know which ID caused the operation to fail
Note that the result codes above might be the same as each other or different from each other. I have no opinion on which is better, as I'm not familiar with the philosophy of how result codes are used in EPP.

[Linlin] Thanks for your suggestions. Adding some words at the end of this section. I think error codes 2302 and 2303 defined in RFC5730 could be used.
 
An EPP error response MUST be returned if an <update> command cannot be processed for any reason. 
 
An attempt to add an organization ID that does already exist results in an error with a result code of 2302. An attempt to add multiple organization IDs when at least one of them already exists does not change the object at all, and results in an error with a result code of 2302.
 
An attempt to remove an organization ID that does not exist results in an error with a result code of 2303. An attempt to remove more than one ID where at least one of them does not exist does not change the object at all, and results in an error with a result code of 2303.
 
An attempt to change an ID that does not exist results in an error with a result code of 2303. An attempt to add multiple IDs when at least one of them already exists does not change the object at all, and results in an error with a result code of 2303.
 
If we want to identify which ID is the failing one, I think maybe we need to extend the <update> response. Something like this,
 
   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
   S:  <response>
   S:    <result code="2302">
   S:      <msg>Object exists</msg>
   S:    </result>
   S:    <resData>
   S:      <org:updData xmlns:org="urn:ietf:params:xml:ns:orgext-1.0">
   S:        <org:id>res1523</org:id>
   S:      </org:updData>
   S:    </resData>
   S:    <trID>
   S:      <clTRID>ABC-12345</clTRID>
   S:      <svTRID>54321-XYZ</svTRID>
   S:    </trID>
   S:  </response>
   S:</epp>
 
 
<element name="updData" type="orgext:updDataType"/>
 
 <complexType name="updDataType">
      <sequence>
        <element name="id" type="eppcom:clIDType"  minOccurs="0"/>
      </sequence>
  </complexType>

---------------------------------------------------------------------------
 
 


The resolution to the remaining issues all seem fine to me. Thanks.

/a