Re: Proposed Update to Netconf Charter

[Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>]

On Tue, Jul 05, 2005 at 03:14:52PM -0700, Andy Bierman wrote:

> 3) tier 2 is data model access, and defined by the tuple:
> 
>  { operation-list, data-namespace, data-path, group-list }
> 
> where:
> 
>  operation-list is zero or more of the following strings:
>     { notify, read, create, merge, replace, delete }
>     [Shorthand: the term 'write' == create, merge, replace, delete]
>  data-namespace is the URI identifying the data model namespace
>  data-path is an absolute XPATH expression identifying the
>     top-level data model node that this access applies
>  group-list is a list of group names granted access

While all this sounds reasonable, I am really surprised that you
propose XPATH expressions given the lengthy discussion in the past
that XPATH expressions are too expensive for filtering. Or is it
because you expect access control on the 2nd tier not to be
mandatory to implement and an optional feature like XPATH 
filtering?

Sorry, I could not resist to ask this question. But despite this
somewhat polemic question, I do like the 2 tier approach that you
have outlined.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>