Re: Thoughts on NetConf Requirements

[Andy Bierman <abierman@cisco.com>]

At 02:34 PM 6/16/2003, Juergen Schoenwaelder wrote:

>>>>>> Andy Bierman writes:
>
>Wes>  [aside: I agree with Juergen that "filter" would be a better word
>Wes> than "element-subtree"].
>
>Andy> This is more than an aside terminology issue.  Filtering implies
>Andy> almost boundless complexity for all kinds of conditions and
>Andy> combinations.  
>
>I respectfully disagree with this statement. You seem to have the
>wisdom that anything other than subtree filtering (which is one of the
>many forms of filtering) has "almost boundless complexity" and I am
>more than confused by that statement. (Are we back in SNMP engineering
>where we often made things too simplistic and finally drove the car,
>which became quite complex over the years even to do even simple
>things, against the wall?)
>
>I just suggested to use the generic term filter since it allows to
>make an educated decision given the requirements and constraints what
>the best trade off actually is, rather than predefining the solution
>already now.

Element sub-tree filtering is known to be important and useful.
I think we agree that this type of authorization filtering is
needed.


>Andy> For example, filters such as "user joe is allowed to set
>Andy> parameter X on interface 37 to the value 7 between the hours of
>Andy> 3 and 5 am on every other friday" would be very complex to
>Andy> describe and implement in a standard way.
>
>Presenting an arbitrary complex example in order to rule out a
>discussion about this issue does not convince me to be good
>engineering practice.

Fair enough, but in my experience, IETF debates about filtering
end up with this kind of complexity.  My point is that the
netconf WG will not be held hostage for this type of debate
on authorization mechanisms.  If the WG make quick conclusive
decisions on this feature, then that's great.


>Andy> Agreeing on a useful filter subset and standardizing it is a
>Andy> huge effort which should not be allowed to slow down the initial
>Andy> netconf work.
>
>I am concerned about this approach to push through already taken
>design decisions. I believe WGs need to discuss design decisions and
>it is IMHO the job of the chairs to ensure that such discussions get
>the room they need and are not misused as a tool to artificially slow
>down the WG. However, killing discussions right away with the "slow
>down hammer" before a discussion actually started just does not seem
>right to me.

The charter does not provide for extensive and advanced authorization
filtering mechanisms.  I'm not trying to kill discussion, even if
I'm pretty certain this is the kind of thing that the IETF takes
forever to discuss.  I am trying to keep to the work focused
on what's in the charter.


>/js 

Andy


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>