Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js

To: Phil Shafer <phil at juniper.net>
Subject: Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
From: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
Date: Tue, 3 Nov 2009 08:11:55 +0100
Cc: "netconf at ietf.org" <netconf at ietf.org>
Delivered-to: netconf at core3.amsl.com
In-reply-to: <200911030238.nA32cchn053137 at idle.juniper.net>
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
Mail-followup-to: Phil Shafer <phil at juniper.net>, "netconf at ietf.org" <netconf at ietf.org>
References: <20091102211232.GA4455 at elstar.local> <200911030238.nA32cchn053137 at idle.juniper.net>
Reply-to: Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>
User-agent: Mutt/1.5.20 (2009-06-14)

On Tue, Nov 03, 2009 at 03:38:38AM +0100, Phil Shafer wrote:
> Juergen Schoenwaelder writes:
> >:   username (string)
> >:     If present, the username contains an identifier which can be
> >:     used to uniquely identify an individual client (human or
> >:     machine).  This is likely to be implementation specific and
> >:     subject to the security requirements of the device vendor
> >:     and/or operators,  e.g., an SSH user, a host RSA fingerprint
> >:     or other identifier deemed acceptable.
> >
> >I do not want to boil the ocean, but we will likely have to work this
> >out in more detail later when access control is defined and we need a
> >deterministic way to derive a username from whatever has been used for
> >authentication. Those who follow the ISMS work will know why I have to
> >comment on this. So take this as a warning that in the future, we will
> >have to define much more precise ways to derive a username if we
> >associate access control rules with user identities.
> 
> There's also the issue of radius/tacplus users, where the "user
> name" and "login name" are distinct and both are needed.

Not sure I understand your comment - why does radius/tacplus lead to a
difference between a "user name" and a "login name"? Which AVPs are
you referring to?

> >I am badly missing description statements here. In general, it seems
> >that many description statements leave out details that are explained
> >in section 2. In SMIv2 land, it was considered good practice to have
> >all normative texts in the data model so that the text is there once
> >extracted from the RFC. I believe we should follow this practice and
> >move most of the text from section 2.1 into description clauses. This
> >also avoids any potential inconsistencies.
> 
> Amen.  Can we go further and encourage the YANG module to _be_
> the full RFC, so extracting the module gives the full normative
> text of the RFC inside the module?  So the RFC is some introductory
> text, followed by the YANG module with all the normative text as
> comments or descriptions inside that file.  Extracting the module
> gives you everything and there's not duplicate text to get out of
> sync or to add confusion.

This is pretty much what we have been doing in SMIv2 land.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

Follow-Ups:
- Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
  - From: Phil Shafer
- Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
  - From: Romascanu, Dan (Dan)

References:
- [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
  - From: Juergen Schoenwaelder
- Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
  - From: Phil Shafer

Prev by Date: Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
Next by Date: Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
Previous by thread: Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
Next by thread: Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js
Index(es):
- Date
- Thread

Re: [Netconf] draft-ietf-netconf-monitoring-09 last call comments from js

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.