Re: [yang-doctors] Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03

"Wubo (lana)" <lana.wubo@huawei.com> Thu, 07 May 2020 08:08 UTC

Return-Path: <lana.wubo@huawei.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B15773A0A22; Thu, 7 May 2020 01:08:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dyZ0rRO74fMc; Thu, 7 May 2020 01:08:19 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE8E53A0A1A; Thu, 7 May 2020 01:08:18 -0700 (PDT)
Received: from lhreml715-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id D205655041F6AF7ABB3D; Thu, 7 May 2020 09:08:14 +0100 (IST)
Received: from dggeme754-chm.china.huawei.com (10.3.19.100) by lhreml715-chm.china.huawei.com (10.201.108.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1913.5; Thu, 7 May 2020 09:08:10 +0100
Received: from dggeme752-chm.china.huawei.com (10.3.19.98) by dggeme754-chm.china.huawei.com (10.3.19.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Thu, 7 May 2020 16:08:08 +0800
Received: from dggeme752-chm.china.huawei.com ([10.6.80.76]) by dggeme752-chm.china.huawei.com ([10.6.80.76]) with mapi id 15.01.1913.007; Thu, 7 May 2020 16:08:08 +0800
From: "Wubo (lana)" <lana.wubo@huawei.com>
To: Ladislav Lhotka <ladislav.lhotka@nic.cz>, "Joe Clarke (jclarke)" <jclarke@cisco.com>
CC: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-opsawg-tacacs-yang.all@ietf.org" <draft-ietf-opsawg-tacacs-yang.all@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03
Thread-Index: AdYkQ64YYQ4Xp5EXQrW6gYuloLJ2uQ==
Date: Thu, 07 May 2020 08:08:08 +0000
Message-ID: <3f67cb112ccb4c5eb1ef3bc868cb76ec@huawei.com>
Accept-Language: en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.33.83]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/f3-p_2cHAdpeDfyCDQGe0JmP4ik>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2020 08:08:21 -0000

Hi Lada, Joe,

Thanks for the guidance, please see inline.

Thanks,
Bo

-----邮件原件-----
发件人: Ladislav Lhotka [mailto:ladislav.lhotka@nic.cz] 
发送时间: 2020年5月7日 14:38
收件人: Joe Clarke (jclarke) <jclarke@cisco.com>; Wubo (lana) <lana.wubo@huawei.com>
抄送: yang-doctors@ietf.org; last-call@ietf.org; draft-ietf-opsawg-tacacs-yang.all@ietf.org; opsawg@ietf.org
主题: Re: Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03

"Joe Clarke (jclarke)" <jclarke@cisco.com> writes:

>> - Is it correct that the server type may be either one of "authentication", "authorization" or "accounting", or all of them? Is it impossible for a server to be authentication & authorization but not accounting? Such a variant cannot be configured.
>> [Bo] OK, will correct when the final guidance on this issue is received.
>
> Lada replied yesterday to say that the bit string is likely preferred similar to access-operations in ietf-netconf-acm.  I might personally discourage the use of ‘*’ for this given that there are only three types, but that’s just my individual thought.

+1

I think it is better to have all three types explicitly in the value. Perhaps this could also be the default?

Lada
[Bo] Please see if the definition below is correct:
  typedef tcsplus-server-type {
       type bits {
         bit authentication {
           description
             "When set, the server is an authentication server.";
         }
         bit authorization {
           description
             "When set, the server is an authorization server.";
         }
         bit accounting {
           description
             "When set, the server is an accounting server.";
         }
         bit all {
           description
             "When set, the server can be all types of TACACS+ servers.";
         }		 
		 
       }
       description
         "server-type can be set to authentication/authorization/accounting or any combination of the three types. 
          When all three types are supported, either "all" or the three bits setting can be used;
     }

>
> Joe
>

-- 
Ladislav Lhotka 
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67