[secdir] Asynchronous Nature of the I2RS Protocol - vs RESTCONF and NETCONF
"Susan Hares" <shares@ndzh.com> Mon, 02 March 2015 22:27 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CEE71A8A56; Mon, 2 Mar 2015 14:27:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.354
X-Spam-Level:
X-Spam-Status: No, score=-96.354 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cr50ql2KeS7b; Mon, 2 Mar 2015 14:27:25 -0800 (PST)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) by ietfa.amsl.com (Postfix) with ESMTP id 0955B1A8A55; Mon, 2 Mar 2015 14:27:22 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=74.43.47.92;
From: Susan Hares <shares@ndzh.com>
To: i2rs@ietf.org
Date: Mon, 02 Mar 2015 17:27:17 -0500
Message-ID: <01c301d05538$0b4846c0$21d8d440$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01C4_01D0550E.2275E840"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdBVMeb8nh8z8cJJR6SPdF4VwHGdeQ==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Zrv3hYSMDJ7UfrmBX_c7RboELq0>
Cc: 'Jeffrey Haas' <jhaas@pfrc.org>, secdir@ietf.org
Subject: [secdir] Asynchronous Nature of the I2RS Protocol - vs RESTCONF and NETCONF
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2015 22:27:27 -0000
I2RS WG: We are trying to wrap of the protocol requirements for I2RS within March. This post ask 3 questions regarding the I2RS requirements. Question 1 context: The I2RS architecture states in section 1.1 that the I2RS interface should be: programmatic, asynchronous, and offers fast, interactive access for atomic operations. This posts asks if we need to require a checkpoint to make asynchronous functions work. In a review by the security directorate, the reviewer asked: "Is security and the support for the asynchronous nature of the protocol fully supported?" In the reviewers mind Asynchronous usually means the following: 1) The protocol can launch operations and then check back later whether they successfully completed. 2) If you want to execute a second operation only if a first succeeds (or to guarantee the order in which they execute), you need to at some point wait for operations to complete. 3) There is also substantial overhead in supporting asynchronous operation in that all transactions need labels so that they can be queried? Question 1: Do we believe that netconf or restconf augmented by the traceability requirements and the pub/sub requirements provides this support? Question 2: Do we need a checkpoint (monotonically incrementing counter to accomplish #2)? Question 3 Context: The security directorate reviewer of the I2RS architecture stated: " A conceptually simpler strategy [than the asynchronous strategy] is to say that since a client can make multiple parallel connections to an agent that in cases where a client wants asynchronous operation he opens multiple connections and launches one asynchronous operation on each. The cost is that is has lower performance in cases where there are large numbers of parallel operations tying up lots of connection state." In my understanding RESTCONF provides one operations per session. Question 3: If the I2RS client requires a tradeoff where that restricts the space requirements for parallel sessions, is the space requirement for output only (so that pub/sub requirements) are sufficient. Or should this tradeoff be considered in the I2RS protocol requirements. Thank you for your help, Sue Hares
- [secdir] Asynchronous Nature of the I2RS Protocol… Susan Hares
- Re: [secdir] Asynchronous Nature of the I2RS Prot… Melinda Shore
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Joel M. Halpern
- Re: [secdir] Asynchronous Nature of the I2RS Prot… Susan Hares
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Jeffrey Haas
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Jeffrey Haas
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Jeffrey Haas
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Juergen Schoenwaelder
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Juergen Schoenwaelder
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Andy Bierman
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Andy Bierman
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Juergen Schoenwaelder
- Re: [secdir] [i2rs] Asynchronous Nature of the I2… Jeffrey Haas