cardinality of policyRuleSequencedActions

From majordomo@raleigh.ibm.com Fri Dec 1 00:15:31 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id AAA15045 for ; Fri, 1 Dec 2000 00:15:31 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id AAA18584; Fri, 1 Dec 2000 00:00:52 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id XAA17334; Thu, 30 Nov 2000 23:58:10 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA27628; Thu, 30 Nov 2000 11:11:14 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA33252; Thu, 30 Nov 2000 11:11:10 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id LAA22012 for ; Thu, 30 Nov 2000 11:11:18 -0500 Received: from mailmaestro.smartpipes.com (mailmaestro.smartpipes.com [63.98.224.170]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id LAA17290 for ; Thu, 30 Nov 2000 11:11:11 -0500 Received: by mailmaestro.smartpipes.com with Internet Mail Service (5.5.2650.21) id ; Thu, 30 Nov 2000 16:10:53 -0000 Message-Id: <8E1E94178828D143B34A560A7A6F2C0B01A6A0F1@mailmaestro.smartpipes.com> From: "Quevedo, Felix" To: "'Larry S. Bartz'" , IETF Policy WG LIST Cc: "LIST, DEN discussion" , chair-den@dmtf.org, chair-ldap@dmtf.org, chair-network@dmtf.org, cim-support@dmtf.org Subject: RE: CIM24 schema tweaks Date: Thu, 30 Nov 2000 16:10:49 -0000 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Quevedo, Felix" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id AAA15045 In the same DSP0117 spec there is also an issue with DITContentRules. It uses the MAY term to indicate that an entry "may attach" an auxiliary class. Per ye olde ITU X.501, the AUX term may be more appropriate, as done in DSP0101. Or maybe not? Then again, IETF RFC 2252 does not detail a ditContentRules BNF. Félix E Quevedo ? Smile, everything is possible! E-Mail: fquevedo@smartpipes.com Voice: 614 923 6242 Fax: 614 923 6299 -----Original Message----- From: Larry S. Bartz [mailto:lbartz@parnelli.indy.cr.irs.gov] Sent: Thursday, November 30, 2000 07:42 To: IETF Policy WG LIST Cc: LIST, DEN discussion; chair-den@dmtf.org; chair-ldap@dmtf.org; chair-network@dmtf.org; cim-support@dmtf.org Subject: CIM24 schema tweaks << File: tweakedCIM24schema.txt >> My previous message on this subject was mishandled by my mailer, resulting in severe truncation. Here's a retry: I have encountered some difficulties implementing the CIM v2.4 schema, as described in the DSP0117 documents at http://www.dmtf.org/spec/denh.html . Since the IETF Policy WG's draft-ietf-policy-core-schema-08.txt depends upon the cim24 schema, experimental implementers of "schema-08" may find the following comments and attached edited ABNF helpful. I am also sharing these comments with the DMTF's WG chairs and CIM support e-mail addresses. I request that these comments be forwarded to the appropriate individuals for review. - DESC - Some Directory products enforce a length limit on the DESC terms of objectclass and attributeType descriptions. X.501 defines the limit as {ub-schema}. Annex C of X.520 defines {ub-schema} as 1024. DESC term values which exceed 1024 characters violate this limit. Several of the descriptions in DSP0117 contain DESC term values which exceed 1024 characters in length. - Matching Rules - Many of the attribute descriptions in DSP0117 have no matching rule terms specified. The attachment nominates matching rule terms where appropriate, with comments designated by #LSB. - Unspecified Attributes - Several attribute types are nominated by objectClass descriptions but which have not been defined. These include three whose names begin with "dlmHelperRefTo...". Based on a presumption that other previously-defined attributes were intended, the attachment substitutes defined attribute names for those which are not defined, with comments designated by #LSB. - Forward references precluded - The attachment relocates entries in the file to avoid forward references. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Fri Dec 1 10:32:21 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA20866 for ; Fri, 1 Dec 2000 10:32:20 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA07356; Fri, 1 Dec 2000 10:21:02 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id KAA41850; Fri, 1 Dec 2000 10:20:56 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA50168; Fri, 1 Dec 2000 09:56:24 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA63960; Fri, 1 Dec 2000 09:56:19 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id JAA43066 for ; Fri, 1 Dec 2000 09:56:23 -0500 Received: from mailmaestro.smartpipes.com (mailmaestro.smartpipes.com [63.98.224.170]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id JAA24836 for ; Fri, 1 Dec 2000 09:56:21 -0500 Received: by mailmaestro.smartpipes.com with Internet Mail Service (5.5.2650.21) id ; Fri, 1 Dec 2000 14:55:24 -0000 Message-Id: <8E1E94178828D143B34A560A7A6F2C0B01A6A0FA@mailmaestro.smartpipes.com> From: "Quevedo, Felix" To: "'Larry S. Bartz'" , IETF Policy WG LIST Cc: "LIST, DEN discussion" , chair-den@dmtf.org, chair-ldap@dmtf.org, chair-network@dmtf.org, cim-support@dmtf.org Subject: RE: CIM24 schema tweaks Date: Fri, 1 Dec 2000 14:55:19 -0000 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Quevedo, Felix" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id KAA20866 Larry, It looks like the dlmHelperRefTo... should actually be: dlm...HelperRef. This must have happen when applying a "new" naming convention to the attributes type descriptions, but did not to modify their references in the object class descriptions. Can the DMTF team confirm this? Félix E Quevedo ? Smile, everything is possible! E-Mail: fquevedo@smartpipes.com Voice: 614 923 6242 Fax: 614 923 6299 -----Original Message----- From: Larry S. Bartz [mailto:lbartz@parnelli.indy.cr.irs.gov] Sent: Thursday, November 30, 2000 07:42 To: IETF Policy WG LIST Cc: LIST, DEN discussion; chair-den@dmtf.org; chair-ldap@dmtf.org; chair-network@dmtf.org; cim-support@dmtf.org Subject: CIM24 schema tweaks << File: tweakedCIM24schema.txt >> My previous message on this subject was mishandled by my mailer, resulting in severe truncation. Here's a retry: I have encountered some difficulties implementing the CIM v2.4 schema, as described in the DSP0117 documents at http://www.dmtf.org/spec/denh.html . Since the IETF Policy WG's draft-ietf-policy-core-schema-08.txt depends upon the cim24 schema, experimental implementers of "schema-08" may find the following comments and attached edited ABNF helpful. I am also sharing these comments with the DMTF's WG chairs and CIM support e-mail addresses. I request that these comments be forwarded to the appropriate individuals for review. - DESC - Some Directory products enforce a length limit on the DESC terms of objectclass and attributeType descriptions. X.501 defines the limit as {ub-schema}. Annex C of X.520 defines {ub-schema} as 1024. DESC term values which exceed 1024 characters violate this limit. Several of the descriptions in DSP0117 contain DESC term values which exceed 1024 characters in length. - Matching Rules - Many of the attribute descriptions in DSP0117 have no matching rule terms specified. The attachment nominates matching rule terms where appropriate, with comments designated by #LSB. - Unspecified Attributes - Several attribute types are nominated by objectClass descriptions but which have not been defined. These include three whose names begin with "dlmHelperRefTo...". Based on a presumption that other previously-defined attributes were intended, the attachment substitutes defined attribute names for those which are not defined, with comments designated by #LSB. - Forward references precluded - The attachment relocates entries in the file to avoid forward references. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Fri Dec 1 10:39:02 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA21620 for ; Fri, 1 Dec 2000 10:39:02 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA35704; Fri, 1 Dec 2000 10:23:06 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id KAA43912; Fri, 1 Dec 2000 10:20:59 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA57884; Fri, 1 Dec 2000 09:49:42 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA39956; Fri, 1 Dec 2000 09:49:39 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id JAA31748 for ; Fri, 1 Dec 2000 09:49:43 -0500 Received: from yamato.ccrle.nec.de (yamato.ccrle.nec.de [195.37.70.1]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id JAA32140 for ; Fri, 1 Dec 2000 09:49:40 -0500 Received: from wallace.heidelberg.ccrle.nec.de (root@Wallace.heidelberg.ccrle.nec.de [192.168.102.1]) by yamato.ccrle.nec.de (8.10.1/8.10.1) with ESMTP id eB1EolE54814; Fri, 1 Dec 2000 15:50:47 +0100 (CET) Received: from ccrle.nec.de (santiago.heidelberg.ccrle.nec.de [192.168.102.117]) by wallace.heidelberg.ccrle.nec.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id PAA04016; Fri, 1 Dec 2000 15:50:01 +0100 Message-Id: <3A266763.2A2CCCB0@ccrle.nec.de> Date: Thu, 30 Nov 2000 15:42:43 +0100 From: Marcus Brunner Organization: NEC Europe Ltd X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en,de Mime-Version: 1.0 To: Yoram Snir Cc: "'Policy Mailing List' (E-mail)" Subject: Re: QoS Policy Information Model draft References: <001c01c05aac$3ae14350$ab5afe90@ysnirnt70> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Marcus Brunner Content-Transfer-Encoding: 7bit Yoram, I have some questions and comments (see inline) Yoram Snir wrote: [...] > 1. Some of the classes defined in QPIM are intended for usage outside the > scope of QoS domain. The concept of conditions as building blocks of > filters, the basic condition structure of , the > concept of variable binding and the concept of variable to > value relationship are valuable to domains out side QoS policy. In order to > allow more natural usage of these concept in other domains, the relevant > classes prefix was changed from qosPolicyXXX to gpsPolicyXXX and properties > prefix was changed from qpPolicyXXX to > gpPolicy ,i.e., general policy XXX. > This is a grewat idea. We have to talk about what to do with this calsses in SD. > 2. The notion of a class representing a filter or a Boolean expression made > of policy conditions, that could also serve as a reusable filter was added. > The class gpsPolicyCompoundCondition allows the definition of a flexible > reusable filter, leveraging the mechanism defined in CPIM for associating > policy conditions to a policy rule . > I do not understand, why you added this condition. I see no additional value. Do you want to group conditions, representing a packet filter, together for reuse and easier handling? > 3. This draft was updated to be compatible with the latest PCIM draft. > > 4. PHB Actions added to allow full coverage of the QoS policy model required > for definition of policies for a differential service domain. References to > external PHB definitions removed. > > 5. Alignment between policy definition of QPIM and low level PIB / MIB Was > illustrated. > > 6. Reuse of Policy groups and their QPIM extensions, gpsPolicyGroups and > Policy rules were explained and examples were added. > Rule nesting What is the semantic of the PolicyRuleinPolicyRule aggregation? Basically, I do not see the execution semantic. I have the feeling this concept will run us in problems implementing it properly (defined semantic) Why is ordered grouping of rules not sufficient? Rule Decsision Strategy Why do we need another method additional to conditions and roles to decide, whether a rule is applied/executed? Is the semantic of the priority value of the policy rule really defined within a container in PCIM? I have not found this in the lasted PCIM draft. > 7. Role usage in the context of QoS policy was explained. No new concepts > were introduced. Role were also defined per gpsPolicyGroups. What do we gain having roles in the policy group, and each group and rule will inherite the role from its container? Form the execution point of view, this should be the other way around. A policy groups role property should contain all roles and role combinations from the rules and groups contained in the specific group. > > 8. Change gpsPolicyMeter to include a traffic profile and scope. The > previous way of binding the meter the traffic profile and a scope using a > provisioning action could lead to inconsistencies if not used properly. > > 9. Clarification of the use of gpValueTypes property of values and the > meaning of table 3. > > 10. Rewriting the draft in a storage independent way. The previous draft was > not general enough. Added appropriate association and aggregations and > removed references from objects. Changed text > appropriately. > > 11. qpsNamedPolicyContainer class name was changes to gpsPolicyGroup to > allow for usage outside the scope of QoS domain. > > The draft is available in via ftp (util the ietf repository updates): > ftp ftpeng.cisco.com. > user: anonymous > cd ietf-policy-wg (under login dir) > get draft-ietf-policy-qos-info-model-02.txt > > Enjoy > > Yoram Snir -- Dr. Marcus Brunner C&C Research Laboratories NEC Europe Ltd. E-Mail: brunner@ccrle.nec.de WWW: http://www.ccrle.nec.de/ personal home page: http://www.tik.ee.ethz.ch/~brunner Adenauerplatz 6 D-69115 Heidelberg Germany Phone: +49 (0)6221/ 9051129 Fax: +49 (0)6221/ 9051155 From majordomo@raleigh.ibm.com Fri Dec 1 11:06:56 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA01045 for ; Fri, 1 Dec 2000 11:06:53 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA25488; Fri, 1 Dec 2000 10:57:54 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id KAA44806; Fri, 1 Dec 2000 10:57:52 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA69526; Fri, 1 Dec 2000 10:28:49 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA42126; Fri, 1 Dec 2000 10:28:45 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id KAA34840 for ; Fri, 1 Dec 2000 10:28:46 -0500 Received: from cisco.com (csi-admin1.cisco.com [144.254.91.12]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA26618 for ; Fri, 1 Dec 2000 10:28:21 -0500 Received: from ysnirnt70 (ysnir-isdn-home.cisco.com [10.49.112.178]) by cisco.com (8.8.5-Cisco.2-SunOS.5.5.1.sun4/8.8.8) with SMTP id RAA06397; Fri, 1 Dec 2000 17:27:47 +0200 (IST) From: "Yoram Snir" To: Cc: "''Policy Mailing List' $E-mail$'" Subject: RE: QoS Policy Information Model draft Date: Fri, 1 Dec 2000 17:25:43 +0200 Message-Id: <004501c05baa$f8e06f80$b270310a@ysnirnt70> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal In-Reply-To: <3A266763.2A2CCCB0@ccrle.nec.de> Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Yoram Snir" Content-Transfer-Encoding: 7bit Marcus please see in line. Yoram Snir > -----Original Message----- > From: Marcus Brunner [mailto:brunner@ccrle.nec.de] > Sent: Thursday, November 30, 2000 4:43 PM > To: Yoram Snir > Cc: 'Policy Mailing List' (E-mail) > Subject: Re: QoS Policy Information Model draft > > > Yoram, > > I have some questions and comments (see inline) > > Yoram Snir wrote: > [...] > > > 1. Some of the classes defined in QPIM are intended for > usage outside the > > scope of QoS domain. The concept of conditions as building blocks of > > filters, the basic condition structure of operator value>, the > > concept of variable binding and the concept of variable to > > value relationship are valuable to domains out side QoS > policy. In order to > > allow more natural usage of these concept in other domains, > the relevant > > classes prefix was changed from qosPolicyXXX to > gpsPolicyXXX and properties > > prefix was changed from qpPolicyXXX to > > gpPolicy ,i.e., general policy XXX. > > > > This is a grewat idea. We have to talk about what to do with this > calsses in SD. > OK > > 2. The notion of a class representing a filter or a Boolean > expression made > > of policy conditions, that could also serve as a reusable > filter was added. > > The class gpsPolicyCompoundCondition allows the definition > of a flexible > > reusable filter, leveraging the mechanism defined in CPIM > for associating > > policy conditions to a policy rule . > > > > I do not understand, why you added this condition. I see no additional > value. Do you want to group conditions, representing a packet filter, > together for reuse and easier handling? Exactly, the only way you could reuse a group of condition with specific semantics is by adding this class. For example condition A and not ConditionB. It doesn't have to be a packet filter, how about: (URL = *.jpg or URL = *.gif) to represent HTML GETS of pictures? > > > 3. This draft was updated to be compatible with the latest > PCIM draft. > > > > 4. PHB Actions added to allow full coverage of the QoS > policy model required > > for definition of policies for a differential service > domain. References to > > external PHB definitions removed. > > > > 5. Alignment between policy definition of QPIM and low > level PIB / MIB Was > > illustrated. > > > > 6. Reuse of Policy groups and their QPIM extensions, > gpsPolicyGroups and > > Policy rules were explained and examples were added. > > > > Rule nesting > What is the semantic of the PolicyRuleinPolicyRule aggregation? > Basically, I do not see the execution semantic. I have the > feeling this > concept will run us in problems implementing it properly (defined > semantic) > Why is ordered grouping of rules not sufficient? Please see explanation and example in the draft, it illustrates the order of grouping and rules, and how the combination works. > > Rule Decsision Strategy > Why do we need another method additional to conditions and roles to > decide, whether a rule is applied/executed? It has to do with the usage of orders in groups and rules and explained in the same section. In general you might want to have a "first match" on the groups of rules, an a "match all in the group itself". Remember that sub rules are allowed. > > Is the semantic of the priority value of the policy rule > really defined > within a container in PCIM? I have not found this in the lasted PCIM > draft. It should be, will check. > > > 7. Role usage in the context of QoS policy was explained. > No new concepts > > were introduced. Role were also defined per gpsPolicyGroups. > > What do we gain having roles in the policy group, and each group and > rule will inherite the role from its container? Form the > execution point > of view, this should be the other way around. A policy groups role > property should contain all roles and role combinations from the rules > and groups contained in the specific group. I disagree, roles are used by policy engines to pick which rules are applicable to them and should be acted on. So if a rule is defined for special case and has a special role, the group or sub rule containing it and other rules should not be effected. We should talk more in SD. > > > > > 8. Change gpsPolicyMeter to include a traffic profile and scope. The > > previous way of binding the meter the traffic profile and a > scope using a > > provisioning action could lead to inconsistencies if not > used properly. > > > > 9. Clarification of the use of gpValueTypes property of > values and the > > meaning of table 3. > > > > 10. Rewriting the draft in a storage independent way. The > previous draft was > > not general enough. Added appropriate association and > aggregations and > > removed references from objects. Changed text > > appropriately. > > > > 11. qpsNamedPolicyContainer class name was changes to > gpsPolicyGroup to > > allow for usage outside the scope of QoS domain. > > > > The draft is available in via ftp (util the ietf repository > updates): > > ftp ftpeng.cisco.com. > > user: anonymous > > cd ietf-policy-wg (under login dir) > > get draft-ietf-policy-qos-info-model-02.txt > > > > Enjoy > > > > Yoram Snir > > -- > > Dr. Marcus Brunner > C&C Research Laboratories > NEC Europe Ltd. > > E-Mail: brunner@ccrle.nec.de > WWW: http://www.ccrle.nec.de/ > personal home page: http://www.tik.ee.ethz.ch/~brunner > > Adenauerplatz 6 > D-69115 Heidelberg > Germany > > Phone: +49 (0)6221/ 9051129 > Fax: +49 (0)6221/ 9051155 > From majordomo@raleigh.ibm.com Fri Dec 1 11:42:12 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA12189 for ; Fri, 1 Dec 2000 11:42:08 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id LAA25554; Fri, 1 Dec 2000 11:27:50 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id LAA38210; Fri, 1 Dec 2000 11:27:47 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA32266; Fri, 1 Dec 2000 11:00:07 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA51932; Fri, 1 Dec 2000 11:00:01 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id LAA32358 for ; Fri, 1 Dec 2000 11:00:05 -0500 Received: from yamato.ccrle.nec.de (yamato.ccrle.nec.de [195.37.70.1]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA30254 for ; Fri, 1 Dec 2000 10:59:46 -0500 Received: from wallace.heidelberg.ccrle.nec.de (root@Wallace.heidelberg.ccrle.nec.de [192.168.102.1]) by yamato.ccrle.nec.de (8.10.1/8.10.1) with ESMTP id eB1G0YE56810; Fri, 1 Dec 2000 17:00:34 +0100 (CET) Received: from imap.heidelberg.ccrle.nec.de (postfix@imap.heidelberg.ccrle.nec.de [192.168.102.7]) by wallace.heidelberg.ccrle.nec.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id QAA04596; Fri, 1 Dec 2000 16:59:47 +0100 Received: by imap.heidelberg.ccrle.nec.de (Postfix, from userid 30) id 960C67DC9; Fri, 1 Dec 2000 18:59:19 +0100 (CET) From: Marcus Brunner To: ysnir@cisco.com, Yoram Snir Cc: brunner@ccrle.nec.de, "''Policy Mailing List' (E-mail)'" References: <004501c05baa$f8e06f80$b270310a@ysnirnt70> In-Reply-To: <004501c05baa$f8e06f80$b270310a@ysnirnt70> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: IMP/PHP3 Imap webMail Program 2.0.9 Subject: RE: QoS Policy Information Model draft Message-Id: <20001201175919.960C67DC9@imap.heidelberg.ccrle.nec.de> Date: Fri, 1 Dec 2000 18:59:19 +0100 (CET) Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Marcus Brunner Content-Transfer-Encoding: 7bit Yoram, Quoting Yoram Snir : [...] > > > 2. The notion of a class representing a filter or a Boolean > > expression made > > > of policy conditions, that could also serve as a reusable > > filter was added. > > > The class gpsPolicyCompoundCondition allows the definition > > of a flexible > > > reusable filter, leveraging the mechanism defined in CPIM > > for associating > > > policy conditions to a policy rule . > > > > > > > I do not understand, why you added this condition. I see no additional > > value. Do you want to group conditions, representing a packet filter, > > together for reuse and easier handling? > > Exactly, the only way you could reuse a group of condition with specific > semantics is by adding this class. For example condition A and not > ConditionB. It doesn't have to be a packet filter, how about: > (URL = *.jpg or URL = *.gif) to represent HTML GETS of pictures? So basically it is a condition group, like a group of rules (gpsPolicyGroup), should there be the same for action groups? > > > > > > 3. This draft was updated to be compatible with the latest > > PCIM draft. > > > > > > 4. PHB Actions added to allow full coverage of the QoS > > policy model required > > > for definition of policies for a differential service > > domain. References to > > > external PHB definitions removed. > > > > > > 5. Alignment between policy definition of QPIM and low > > level PIB / MIB Was > > > illustrated. > > > > > > 6. Reuse of Policy groups and their QPIM extensions, > > gpsPolicyGroups and > > > Policy rules were explained and examples were added. > > > > > > > Rule nesting > > What is the semantic of the PolicyRuleinPolicyRule aggregation? > > Basically, I do not see the execution semantic. I have the > > feeling this > > concept will run us in problems implementing it properly (defined > > semantic) > > Why is ordered grouping of rules not sufficient? > > Please see explanation and example in the draft, it illustrates the order > of > grouping and rules, and how the combination works. So lets try, if I understand it correct. We have three rules R1,R2, and R3, with conditions C1,C2, C3, and actions A1, A2, A3. R2 and R3 are associated to R1. So if C1 is true perform A1 and evalute rules R2 and R3 if C2 is true then perform A2 if C2 is false then (stop of evalute R3 ??? -> define sequential or paralell evaluation of the rules) if C1 is false do nothing What is the difference to the three rules? IF C1 THEN A1 IF C1 AND C2 THEN A2 IF C1 AND C3 THEN A3 What is the context of the evaluation of R2, R3? Same as R1? Global? Is the semantic the same as if one would model it with a EvaluationAction? > > > > Rule Decsision Strategy > > Why do we need another method additional to conditions and roles to > > decide, whether a rule is applied/executed? > > It has to do with the usage of orders in groups and rules and explained in > the same section. In general you might want to have a "first match" on the > groups of rules, an a "match all in the group itself". Remember that sub > rules are allowed. > > > > > Is the semantic of the priority value of the policy rule > > really defined > > within a container in PCIM? I have not found this in the lasted PCIM > > draft. > > It should be, will check. > > > > > > 7. Role usage in the context of QoS policy was explained. > > No new concepts > > > were introduced. Role were also defined per gpsPolicyGroups. > > > > What do we gain having roles in the policy group, and each group and > > rule will inherite the role from its container? Form the > > execution point > > of view, this should be the other way around. A policy groups role > > property should contain all roles and role combinations from the rules > > and groups contained in the specific group. > > I disagree, roles are used by policy engines to pick which rules are > applicable to them and should be acted on. So if a rule is defined for > special case and has a special role, the group or sub rule containing it > and > other rules should not be effected. > We should talk more in SD. As you said, basically a role helps to implement a policy engine more efficent, because only rules which a written for a particular role are evaluated. But if the engine has to check for all roles of all rules in a group you have nothing gained. So what is the role property in the policyGroup for? Marcus Dr. Marcus Brunner C&C Research Laboratories NEC Europe Ltd. E-Mail: brunner@ccrle.nec.de WWW: http://www.ccrle.nec.de/ personal home page: http://www.tik.ee.ethz.ch/~brunner Adenauerplatz 6 D-69115 Heidelberg Germany Phone: +49 (0)6221/ 9051129 Fax: +49 (0)6221/ 9051155 From majordomo@raleigh.ibm.com Fri Dec 1 14:14:46 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA27179 for ; Fri, 1 Dec 2000 14:14:45 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id NAA31954; Fri, 1 Dec 2000 13:58:13 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id NAA34612; Fri, 1 Dec 2000 13:58:12 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA55260; Fri, 1 Dec 2000 13:26:22 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA33982; Fri, 1 Dec 2000 13:26:17 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id NAA35784 for ; Fri, 1 Dec 2000 13:26:18 -0500 Received: from mx-relay1.treas.gov (mx-relay1.treas.gov [199.196.144.5]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id NAA37574 for ; Fri, 1 Dec 2000 13:26:14 -0500 Received: from tias4.treas.gov (tias-gw4.treas.gov [199.196.144.14]) by mx-relay1.treas.gov (8.9.1b+Sun/8.9.3) with SMTP id NAA04971; Fri, 1 Dec 2000 13:26:32 -0500 (EST) Received: from mailhub.net.treas.gov by tias4.treas.gov via smtpd (for mx-relay.treas.gov [199.196.144.5]) with SMTP; 1 Dec 2000 18:26:32 UT Received: from mears.indy.cr.irs.gov (mailhub-3.net.treas.gov [10.7.8.11]) by mailhub-3.net.treas.gov (8.9.3+Sun/8.9.3) with ESMTP id NAA18403; Fri, 1 Dec 2000 13:24:40 -0500 (EST) Received: from parnelli.indy.cr.irs.gov (IDENT:lsbart35@localhost [127.0.0.1]) by mears.indy.cr.irs.gov (8.9.3/8.9.3) with ESMTP id NAA04566; Fri, 1 Dec 2000 13:26:24 -0500 Message-Id: <3A27ED50.A870B878@parnelli.indy.cr.irs.gov> Date: Fri, 01 Dec 2000 13:26:24 -0500 From: "Larry S. Bartz" X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en Mime-Version: 1.0 To: "Quevedo, Felix" Cc: IETF Policy WG LIST , "LIST, DEN discussion" , chair-den@dmtf.org, chair-ldap@dmtf.org, chair-network@dmtf.org, cim-support@dmtf.org Subject: Re: CIM24 schema tweaks References: <8E1E94178828D143B34A560A7A6F2C0B01A6A0FA@mailmaestro.smartpipes.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Larry S. Bartz" Content-Transfer-Encoding: 7bit "Quevedo, Felix" wrote: > > Larry, > > It looks like the dlmHelperRefTo... should actually be: dlm...HelperRef. > This must have happen when applying a "new" naming convention to the > attributes type descriptions, but did not to modify their references in the > object class descriptions. > > Can the DMTF team confirm this? I guessed the same. I substituted the dlm...HelperRef attrs in the attachment to my initial message. I've spotted another potential difficulty with the schema of DSP0117. See this description: attributetype ( 1.3.6.1.4.1.412.100.1.2.1 NAME 'orderedCimKeys' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE EQUALITY octetStringMatch ) The matching rule syntax does not match the attribute's syntax. This must be corrected. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Fri Dec 1 15:32:36 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA15179 for ; Fri, 1 Dec 2000 15:32:34 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA25374; Fri, 1 Dec 2000 14:54:57 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id OAA34714; Fri, 1 Dec 2000 14:54:57 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA63856; Fri, 1 Dec 2000 14:34:15 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA51304; Fri, 1 Dec 2000 14:34:11 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id OAA27732 for ; Fri, 1 Dec 2000 14:34:11 -0500 Received: from mx-relay1.treas.gov (mx-relay1.treas.gov [199.196.144.5]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA31512 for ; Fri, 1 Dec 2000 14:34:04 -0500 Received: from tias4.treas.gov (tias-gw4.treas.gov [199.196.144.14]) by mx-relay1.treas.gov (8.9.1b+Sun/8.9.3) with SMTP id OAA05991; Fri, 1 Dec 2000 14:33:32 -0500 (EST) Received: from mailhub.net.treas.gov by tias4.treas.gov via smtpd (for mx-relay.treas.gov [199.196.144.5]) with SMTP; 1 Dec 2000 19:33:32 UT Received: from mears.indy.cr.irs.gov (mailhub-3.net.treas.gov [10.7.8.11]) by mailhub-3.net.treas.gov (8.9.3+Sun/8.9.3) with ESMTP id OAA17710; Fri, 1 Dec 2000 14:31:40 -0500 (EST) Received: from parnelli.indy.cr.irs.gov (IDENT:lsbart35@localhost [127.0.0.1]) by mears.indy.cr.irs.gov (8.9.3/8.9.3) with ESMTP id OAA04628; Fri, 1 Dec 2000 14:33:25 -0500 Message-Id: <3A27FD05.5022C523@parnelli.indy.cr.irs.gov> Date: Fri, 01 Dec 2000 14:33:25 -0500 From: "Larry S. Bartz" X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en Mime-Version: 1.0 Cc: IETF Policy WG LIST , "LIST, DEN discussion" , chair-den@dmtf.org, chair-ldap@dmtf.org, chair-network@dmtf.org, cim-support@dmtf.org Subject: dlm1/CIM24 schema suggestion References: <8E1E94178828D143B34A560A7A6F2C0B01A6A0FA@mailmaestro.smartpipes.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Larry S. Bartz" Content-Transfer-Encoding: 7bit Since there is no "public" forum for discussion of the dlm1/CIM24 LDAP schema, I'm forwarding these comments through various DMTF Working Group chairs. Please forward these comments to your working group members as you deem appropriate. Since the IETF's Policy WG has such a close working relationship with the DMTF WGs, I'm sharing these comments with the Policy WG, as well. -- The attributes dlmPrimaryOwnerName and dlmPrimaryOwnerContact do not adequately leverage the potential of the Directory information model. These attributes of the objectclass dlm1System are defined as directoryString types. If the "primary owner" is not represented in the Directory (or a federated Directory instance), these string values may adequately serve their purpose. This could be considered "best effort" information. In a thorough Directory implementation, it is likely that the "primary owner" will be represented with a Directory entry. This could be via objectclasses such as person, organizationalUnit, organizationalRole, or similar. In such cases, the "primary owner(s)" should be identified by a distinguishedName (DN) -type attribute. By leveraging Directory-based information about "primary owner", clients can discover and use specific and strongly-typed attribute values such as e-mail, URL, and phone numbers for voice, fax, pager, and mobile . The next iteration of the dlm/CIM schema should support an additional attribute of distinguishedName (DN) type, an attribute to augment the "primary owner" notion of the information model. The attribute could be named dlmPrimaryOwnerDN. This attributeType should allow multiple values. Similar rationale applies to the dlmSupportAccess objectclass. If the supporting entity is represented in the Directory (or federated Directory instance), it should be identified by a distinguishedName (DN) -type attribute. The next iteration of the dlm/CIM schema should support an additional attribute of distinguishedName (DN) type, an attribute to augment the "support entity" notion of the information model. The attribute could be named dlmSupportAccessDN. This attributeType should allow multiple values. Thank you for your consideration of this issue. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Fri Dec 1 18:27:50 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA28769 for ; Fri, 1 Dec 2000 18:27:50 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id SAA07548; Fri, 1 Dec 2000 18:18:22 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id SAA44082; Fri, 1 Dec 2000 18:18:17 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA48442; Fri, 1 Dec 2000 15:56:20 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA66864; Fri, 1 Dec 2000 15:56:16 -0500 Received: from southrelay02.raleigh.ibm.com (southrelay02.raleigh.ibm.com [9.37.3.209]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id PAA29834 for ; Fri, 1 Dec 2000 15:56:19 -0500 Received: from d04nm200.raleigh.ibm.com (d04nm200.raleigh.ibm.com [9.67.228.37]) by southrelay02.raleigh.ibm.com (8.8.8m3/NCO v4.95) with ESMTP id PAA58506; Fri, 1 Dec 2000 15:53:40 -0500 Importance: Normal Subject: Modeling of algorithmic droppers and queues To: diffserv@ietf.org, policy@raleigh.ibm.com X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-Id: From: "Robert Moore" Date: Fri, 1 Dec 2000 15:57:43 -0500 X-Mimetrack: Serialize by Router on D04NM200/04/M/IBM(Release 5.0.3 (Intl)|21 March 2000) at 12/01/2000 03:54:01 PM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Robert Moore" After reading through the -05 Informal Model, and comparing it with the new -02 QDDIM, it appears that neither of us is quite there yet on modeling the relationship between an algorithmic dropper and a queue. There are (at least!) two ways of modeling these two elements, and both documents contain elements of both approaches. Option 1: an algorithmic dropper sits before its queue in the data path, and based on what it sees in the queue, it discards "packets that arrive at its input" (Informal Model, p. 27). This is what the Informal Model describes as the alternative it has chosen. It is the basis for the NextService association in QDDIM and the Next pointer in the -06 MIB, which show a progression from -to-AlgorithmicDropper-to-queue. Option 2: an algorithmic dropper sits beside its queue, outside the data path, and based on what it sees in the queue, it discards packets "from the head, tail, or other part of the associated queue" (Informal Model, p. 29). Figure 5 in the Informal Model shows this interpretation very clearly, and it's also represented in the QDDIM by the HeadTailDropQueueBinding association. If we look at the example TCB in section 8.2 of the informal model, we see that the droppers are all placed before their associated queues, as Option 1 requires. But they're also dropping from the tails of the queues, which, given the picture, isn't too much of a stretch: if the observed properties of the queue tell it to, the dropper drops a packet that it's holding, rather than putting it onto the tail of the queue. What would the picture look like if the dropping were from the head of one of the queues? We can't place the dropper after the queue -- both the Informal Model and the MIB explicitly rule this out. The only picture that works is the one for Option 2. But here the dropper is plainly not dropping a packet that "arrives at its input" -- it's dropping a packet from the head of the queue. I'm not sure what's the best way to clarify all of this. My inclination, though, would be to say that Option 2 is the right way to think of this relationship, with the *convention* that the chain of Next pointers / NextService associations always goes -->AlgorithmicDropper-->queue. I'm also wondering whether, in the QDDIM, we should have made HeadTailDropQueueBinding a subclass of NextService, This would embody the convention that I just described, without requiring a separate NextService association between the dropper and the queue, alongside the HeadTailDropQueueBinding. (This assumes that the queue that a HeadTailDropper monitors is always the same one from which it causes packets to be dropped -- I haven't seen anything to indicate that this is not the case.) Regards, Bob Bob Moore IBM Networking Software +1-919-254-4436 remoore@us.ibm.com From majordomo@raleigh.ibm.com Fri Dec 1 18:56:08 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA05837 for ; Fri, 1 Dec 2000 18:56:07 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id SAA15732; Fri, 1 Dec 2000 18:33:44 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id SAA28558; Fri, 1 Dec 2000 18:33:40 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA58010; Fri, 1 Dec 2000 16:43:50 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA12164; Fri, 1 Dec 2000 16:43:47 -0500 Received: from lmr (lig32-227-160-45.us.lig-dial.ibm.com [32.227.160.45]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id QAA19990; Fri, 1 Dec 2000 16:43:53 -0500 Message-Id: <002101c05bdf$8cfe8920$08a0e320@raleigh.ibm.com> From: "Lee Rafalow" To: "Larry S. Bartz" Cc: "IETF Policy WG LIST" , "LIST, DEN discussion" References: <8E1E94178828D143B34A560A7A6F2C0B01A6A0FA@mailmaestro.smartpipes.com> <3A27FD05.5022C523@parnelli.indy.cr.irs.gov> Subject: Re: dlm1/CIM24 schema suggestion Date: Fri, 1 Dec 2000 16:41:58 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-Mimeole: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Lee Rafalow" Content-Transfer-Encoding: 7bit Larry, these mailing lists seem fine for having this discussion. The Policy Core LDAP Schema draft references the CIM Core mapping so it's relevent. (Joel, Ed, if you disagree, let us know and we'll find another forum.) The CIM user-security model (see http://www.dmtf.org/spec/cims.html ) has three associations of interest that augment the primary owner name and contact properties. (An argument could be made that these properties should be deprecated, but that hasn't been done as yet.) The SystemAdministrator, SystemAdministratorRole and SystemAdministratorGroup associations define relationships between a System and a UserEntity (in CIM, Person and UsersAccess are subclasses of UserEntity), Role and Group respectively. The mapping of the CIM user-security model to an LDAP schema is in process right now. The Person, Role and Group objects will be mapped directly to familiar LDAP classes. If you look at the way associations are mapped in the Core mapping, you'll see that the preferred way of doing these associations would be to have an aux class of the association, e.g., dlm1SystemAdminsitratorAuxClass, attached to both a Person instance (e.g., inetOrgPerson) with a DN pointer back to the system, dlmSystemAdministratorAntecedentRef, and attached to a system instance with a DN pointer to the Person, dlmSystemAdministratorDependentRef. We haven't gotten to the Support model yet. I hope this helps. Cheers, Lee ----- Original Message ----- From: "Larry S. Bartz" Cc: "IETF Policy WG LIST" ; "LIST, DEN discussion" ; ; ; ; Sent: Friday, December 01, 2000 2:33 PM Subject: dlm1/CIM24 schema suggestion > Since there is no "public" forum for discussion of the dlm1/CIM24 LDAP > schema, I'm forwarding these comments through various DMTF Working Group > chairs. Please forward these comments to your working group members as > you deem appropriate. > > Since the IETF's Policy WG has such a close working relationship with > the > DMTF WGs, I'm sharing these comments with the Policy WG, as well. > > -- > > The attributes dlmPrimaryOwnerName and dlmPrimaryOwnerContact do not > adequately leverage the potential of the Directory information model. > These attributes of the objectclass dlm1System are defined as > directoryString types. > > If the "primary owner" is not represented in the Directory (or a > federated Directory instance), these string values may adequately > serve their purpose. This could be considered "best effort" information. > > In a thorough Directory implementation, it is likely that the > "primary owner" will be represented with a Directory entry. This > could be via objectclasses such as person, organizationalUnit, > organizationalRole, or similar. > > In such cases, the "primary owner(s)" should be identified by a > distinguishedName (DN) -type attribute. > > By leveraging Directory-based information about "primary owner", > clients can discover and use specific and strongly-typed attribute > values such as e-mail, URL, and phone numbers for voice, fax, pager, > and mobile . > > The next iteration of the dlm/CIM schema should support an additional > attribute of distinguishedName (DN) type, an attribute to augment > the "primary owner" notion of the information model. The attribute > could be named dlmPrimaryOwnerDN. This attributeType should allow > multiple values. > > Similar rationale applies to the dlmSupportAccess objectclass. If > the supporting entity is represented in the Directory (or federated > Directory instance), it should be identified by a distinguishedName > (DN) -type attribute. > > The next iteration of the dlm/CIM schema should support an additional > attribute of distinguishedName (DN) type, an attribute to augment > the "support entity" notion of the information model. The attribute > could be named dlmSupportAccessDN. This attributeType should allow > multiple values. > > Thank you for your consideration of this issue. > > -- > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| > # Larry Bartz | | > # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | > # | Ooo, ooo, oooooo! | > # | I've got a gnu attitude! | > # voice (317) 226-7060 | | > # FAX (317) 226-6378 | | > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Fri Dec 1 18:58:50 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA06468 for ; Fri, 1 Dec 2000 18:58:50 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id SAA33970; Fri, 1 Dec 2000 18:33:50 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id SAA22010; Fri, 1 Dec 2000 18:33:41 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA12240; Fri, 1 Dec 2000 16:49:37 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA53190; Fri, 1 Dec 2000 16:49:34 -0500 Received: from corp.tivoli.com (corp.tivoli.com [146.84.104.1]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id QAA24558 for ; Fri, 1 Dec 2000 16:49:42 -0500 From: Ed_Ellesson@tivoli.com Received: from schub.tivoli.com (schub.tivoli.com [146.84.104.17]) by corp.tivoli.com (8.9.3/8.9.0) with ESMTP id PAA24903; Fri, 1 Dec 2000 15:49:57 -0600 (CST) Importance: Normal Subject: Proposed Policy Framework Agenda To: policy@raleigh.ibm.com Cc: "Joel M. Halpern" , "Wijnen, Bert (Bert)" Date: Fri, 1 Dec 2000 16:42:15 -0500 Message-Id: X-Mimetrack: Serialize by Router on SCHub/Tivoli Systems(Release 5.0.4a |July 24, 2000) at 12/01/2000 03:49:13 PM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Ed_Ellesson@tivoli.com Hi, Policy Frameworkers: I understand that we have until Monday at 5pm to get this into the agenda@ietf.org address, for posting on the IETF web page. Please comment. Proposed Policy Framework Agenda (still being negotiated): Monday Afternoon, Dec. 11: 3:30 - 5:30pm (120 minutes) 1. Intro/Objectives/Milestones: Joel , 10 minutes 2. Agenda Bash: Ed, 5 minutes 3. QDDIM: Bob Moore, Editor. Total: 30 minutes (20 minutes issues presentation, plus 10 min. for discussion) 4. QPIM: QPIM Author(s) Total: 30 minutes (20 minutes issues presentation, plus 10 min. for discussion) 5. QDIM/QPIM compatibility with DiffServ: Total 30 minutes (Conceptual Model, MIB, and PIB Issues discussion) 6. Wrap-up: Ed and Joel, 15 minutes. (Summary and short re-review of Wed agenda) Wednesday Morning, Dec. 13: 9:00 - 11:30am (150 minutes) 1. Intro/News since Monday: Ed and Joel, 5 minutes 2. IPSP's PCIM-based Model: Lee Rafalow/IPSP Participants: Total 30 minutes (20 minutes issues presentation, plus 10 for discussion) 3. Packet Classification, priority, and link between policy and configuration mechanisms: 30 minutes (Issues/Harmonization discussion: QDIM, QPIM, IPSP) 4. PCLS Update: Bob Moore: 5 minutes, Ed Ellesson: 15 minutes: Total 20 minutes (General PCLS issues update, plus Security Considerations issues): 5. Terminology Draft Update/Issues and harmonization discussion: Andrea: 20 minutes 6. (If time permits) AAA Architecture: Use of policy framework in context of AAA Architecture: Cees deLaat, and John Vollbrecht: 10 minutes 7. (If time permits) MPLS: MPLS Policy Draft Author(s): Use of policy framework in context of MPLS: 10 minute update 8. Wrap-up, and charter milestones re-visit: 25 minutes, Ed, Joel and Bert ********************* Thanks, Ed and Joel From majordomo@raleigh.ibm.com Fri Dec 1 19:23:04 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA12022 for ; Fri, 1 Dec 2000 19:23:03 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id TAA28104; Fri, 1 Dec 2000 19:14:05 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id TAA26604; Fri, 1 Dec 2000 19:13:58 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA51882; Fri, 1 Dec 2000 18:47:30 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA48524; Fri, 1 Dec 2000 18:47:25 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id SAA25730 for ; Fri, 1 Dec 2000 18:47:25 -0500 Received: from mail7.nc.rr.com (mail7.southeast.rr.com [24.93.67.54]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id SAA31814 for ; Fri, 1 Dec 2000 18:42:33 -0500 Received: from ellesson ([24.25.4.246]) by mail7.nc.rr.com with Microsoft SMTPSVC(5.5.1877.537.53); Fri, 1 Dec 2000 18:41:45 -0500 Message-Id: <005701c05bf0$42b041e0$f6041918@nc.rr.com> From: "Ed Ellesson" To: Subject: Fw: Proposed Policy Framework Agenda Date: Fri, 1 Dec 2000 18:41:43 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-Mimeole: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Ed Ellesson" Content-Transfer-Encoding: 7bit I have not seen this posted yet, so I will try from another account. ----- Original Message ----- From: To: Sent: Friday, December 01, 2000 6:25 PM Subject: Proposed Policy Framework Agenda > > ---------------------- Forwarded by Ed Ellesson/Tivoli Systems on > 12/01/2000 06:29 PM --------------------------- > > Ed Ellesson > 12/01/2000 04:42 PM > > To: policy@raleigh.ibm.com > cc: "Joel M. Halpern" , "Wijnen, Bert (Bert)" > > From: Ed Ellesson/Tivoli Systems@Tivoli Systems > Subject: Proposed Policy Framework Agenda > > > Hi, Policy Frameworkers: > > I understand that we have until Monday at 5pm to get this into the > agenda@ietf.org address, for posting on the IETF web page. Please comment. > > > Proposed Policy Framework Agenda (still being negotiated): > > > > Monday Afternoon, Dec. 11: 3:30 - 5:30pm (120 minutes) > > 1. Intro/Objectives/Milestones: Joel , 10 minutes > > 2. Agenda Bash: Ed, 5 minutes > > 3. QDDIM: Bob Moore, Editor. Total: 30 minutes > > (20 minutes issues presentation, plus 10 min. for discussion) > > 4. QPIM: QPIM Author(s) Total: 30 minutes > > (20 minutes issues presentation, plus 10 min. for discussion) > > 5. QDIM/QPIM compatibility with DiffServ: Total 30 minutes > > (Conceptual Model, MIB, and PIB Issues discussion) > > 6. Wrap-up: Ed and Joel, 15 minutes. > > (Summary and short re-review of Wed agenda) > > > > Wednesday Morning, Dec. 13: 9:00 - 11:30am (150 minutes) > > 1. Intro/News since Monday: Ed and Joel, 5 minutes > > 2. IPSP's PCIM-based Model: Lee Rafalow/IPSP Participants: Total 30 > minutes > > (20 minutes issues presentation, plus 10 for discussion) > > 3. Packet Classification, priority, and link between policy and > configuration mechanisms: 30 minutes > > (Issues/Harmonization discussion: QDIM, QPIM, IPSP) > > 4. PCLS Update: Bob Moore: 5 minutes, Ed Ellesson: 15 minutes: Total > 20 minutes > > (General PCLS issues update, plus Security Considerations issues): > > 5. Terminology Draft Update/Issues and harmonization discussion: Andrea: > 20 minutes > > 6. (If time permits) AAA Architecture: Use of policy framework in context > of AAA Architecture: Cees deLaat, and John Vollbrecht: 10 minutes > > 7. (If time permits) MPLS: MPLS Policy Draft Author(s): Use of policy > framework in context of MPLS: 10 minute update > > 8. Wrap-up, and charter milestones re-visit: 25 minutes, Ed, Joel and > Bert > > > ********************* > > Thanks, > > Ed and Joel > > > > From majordomo@raleigh.ibm.com Fri Dec 1 20:35:15 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id UAA27843 for ; Fri, 1 Dec 2000 20:35:15 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id UAA24588; Fri, 1 Dec 2000 20:26:35 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id UAA44182; Fri, 1 Dec 2000 20:26:34 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA50022; Fri, 1 Dec 2000 19:59:30 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA12124; Fri, 1 Dec 2000 19:59:27 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id TAA05378 for ; Fri, 1 Dec 2000 19:59:28 -0500 Received: from mail.coreon.net (IDENT:mirapoint@mail.coreon.net [216.74.131.6]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id TAA35748 for ; Fri, 1 Dec 2000 19:59:27 -0500 Received: from mail.coreon.net (mail.coreon.net [216.74.131.6]) by mail.coreon.net (Mirapoint) with SMTP id AAO48966; Fri, 1 Dec 2000 19:59:42 -0500 (EST) From: Message-Id: <200012020059.AAO48966@mail.coreon.net> Date: Fri, 1 Dec 2000 20:13:19 -0500 Subject: Re: CIM24 schema tweaks To: "Larry S. Bartz" Cc: "Quevedo, Felix" , IETF Policy WG LIST , ietf-ldapbis@openldap.org, ietf-ldapext@netscape.com Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Content-Transfer-Encoding: 7bit >> It looks like the dlmHelperRefTo... should actually be: dlm...HelperRef. >> This must have happen when applying a "new" naming convention to the >> attributes type descriptions, but did not to modify their references in the >> object class descriptions. >> >> Can the DMTF team confirm this? I can confirm that... they should be ..HelperRef, but in editing the document we got them out of sync. >I guessed the same. I substituted the dlm...HelperRef attrs in the >attachment to my initial message. > >I've spotted another potential difficulty with the schema of DSP0117. > >See this description: > >attributetype ( 1.3.6.1.4.1.412.100.1.2.1 > NAME 'orderedCimKeys' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE > EQUALITY octetStringMatch > ) > >The matching rule syntax does not match the attribute's syntax. This >must be corrected. Well, as an editor, I get to play the "no complaints without making a suggestion" card. What do you suggest as the equality match? Based on my reading of the X.500-series and LDAP RFCs the only option for Directory Strings is caseIgnoreMatch, and I'm not at all comfortable with declaring that as the matching rule for a syntax that holds UTF-8 strings. Actually, the more I think about this, I think this is a bigger issue than just Policy, so I'm cross posting to ldapext and the newly minted ldapbis to see what those folks can add. Ryan Moats From majordomo@raleigh.ibm.com Fri Dec 1 21:54:30 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id VAA11876 for ; Fri, 1 Dec 2000 21:54:29 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id VAA18414; Fri, 1 Dec 2000 21:44:45 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id VAA23252; Fri, 1 Dec 2000 21:44:51 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA45154; Fri, 1 Dec 2000 21:21:19 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA43080; Fri, 1 Dec 2000 21:21:15 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id VAA46172 for ; Fri, 1 Dec 2000 21:21:17 -0500 Received: from netscape.com (h-205-217-237-46.netscape.com [205.217.237.46]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id VAA38704 for ; Fri, 1 Dec 2000 21:21:14 -0500 Received: from dredd.mcom.com (dredd.mcom.com [205.217.237.54]) by netscape.com (8.10.0/8.10.0) with ESMTP id eB228Ds13555 for ; Fri, 1 Dec 2000 18:08:14 -0800 (PST) Received: from sun.com ([192.18.120.101]) by dredd.mcom.com (Netscape Messaging Server 4.15 dredd Jun 22 2000 16:29:39) with ESMTP id G4X57600.7S7; Fri, 1 Dec 2000 18:21:06 -0800 Message-Id: <3A285C91.64107968@sun.com> Date: Fri, 01 Dec 2000 18:21:05 -0800 From: Mark Wahl Organization: Sun Microsystems, Inc. X-Mailer: Mozilla 4.7 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: en Mime-Version: 1.0 To: rmoats@coreon.net Cc: "Larry S. Bartz" , "Quevedo Felix" , IETF Policy WG LIST , ietf-ldapbis@openldap.org, ietf-ldapext@netscape.com Subject: Re: CIM24 schema tweaks References: <200012020059.AAO48966@mail.coreon.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Mark Wahl Content-Transfer-Encoding: 7bit rmoats@coreon.net wrote: > > > Well, as an editor, I get to play the "no complaints without > making a suggestion" card. What do you suggest as the > equality match? Based on my reading of the X.500-series and > LDAP RFCs the only option for Directory Strings is > caseIgnoreMatch, and I'm not at all comfortable with > declaring that as the matching rule for a syntax that holds > UTF-8 strings. There can be other matching rules for Directory String syntax attributes besides case ignore. Case ignore is just the most common. You can have a Case Sensitive, or other more complex ones if you define them. Mark Wahl Sun Microsystems Inc. From majordomo@raleigh.ibm.com Fri Dec 1 23:52:10 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA02957 for ; Fri, 1 Dec 2000 23:52:10 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id XAA34638; Fri, 1 Dec 2000 23:42:12 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id XAA27048; Fri, 1 Dec 2000 23:42:12 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA46542; Fri, 1 Dec 2000 23:21:55 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA56006; Fri, 1 Dec 2000 23:21:52 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id XAA32866 for ; Fri, 1 Dec 2000 23:22:02 -0500 Received: from mail.coreon.net (IDENT:mirapoint@mail.coreon.net [216.74.131.6]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id XAA20534 for ; Fri, 1 Dec 2000 23:21:53 -0500 Received: from mail.coreon.net (mail.coreon.net [216.74.131.6]) by mail.coreon.net (Mirapoint) with SMTP id AAO49142; Fri, 1 Dec 2000 23:22:27 -0500 (EST) From: Message-Id: <200012020422.AAO49142@mail.coreon.net> Date: Fri, 1 Dec 2000 23:36:06 -0500 Subject: Re: CIM24 schema tweaks To: Mark Wahl Cc: "Larry S. Bartz" , Quevedo Felix , IETF Policy WG LIST , ietf-ldapbis@openldap.org, ietf-ldapext@netscape.com Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Content-Transfer-Encoding: 7bit Mark- I realize that but doesn't, that sort of put the cart before the horse, by creating an implementation barrier? Thinking about it, I suppose the document could define a new matching rule and say "in case your directory implementation doesn't support this you can use ", but I was looking for what could be besides caseIgnoreMatch. Ryan ---- Original message ---- >Date: Fri, 01 Dec 2000 18:21:05 -0800 >From: Mark Wahl >Subject: Re: CIM24 schema tweaks >To: rmoats@coreon.net >Cc: "Larry S. Bartz" , "Quevedo Felix" , IETF Policy WG LIST , ietf-ldapbis@openldap.org, ietf-ldapext@netscape.com > >rmoats@coreon.net wrote: >> > >> >> Well, as an editor, I get to play the "no complaints without >> making a suggestion" card. What do you suggest as the >> equality match? Based on my reading of the X.500-series and >> LDAP RFCs the only option for Directory Strings is >> caseIgnoreMatch, and I'm not at all comfortable with >> declaring that as the matching rule for a syntax that holds >> UTF-8 strings. > >There can be other matching rules for Directory String syntax >attributes besides case ignore. Case ignore is just the most >common. You can have a Case Sensitive, or other more complex >ones if you define them. > >Mark Wahl >Sun Microsystems Inc. From majordomo@raleigh.ibm.com Sat Dec 2 08:56:36 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA05838 for ; Sat, 2 Dec 2000 08:56:36 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id IAA18426; Sat, 2 Dec 2000 08:46:33 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id IAA35962; Sat, 2 Dec 2000 08:46:32 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA39984; Sat, 2 Dec 2000 08:15:30 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA50216; Sat, 2 Dec 2000 08:15:25 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id IAA32226 for ; Sat, 2 Dec 2000 08:15:30 -0500 Received: from mailmaestro.smartpipes.com (mailmaestro.smartpipes.com [63.98.224.170]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id IAA27920 for ; Sat, 2 Dec 2000 08:15:27 -0500 Received: by mailmaestro.smartpipes.com with Internet Mail Service (5.5.2650.21) id ; Sat, 2 Dec 2000 13:15:22 -0000 Message-Id: <8E1E94178828D143B34A560A7A6F2C0B01A6A0FC@mailmaestro.smartpipes.com> From: "Quevedo, Felix" To: "'rmoats@coreon.net'" , Mark Wahl Cc: "Larry S. Bartz" , "Quevedo, Felix" , IETF Policy WG LIST , ietf-ldapbis@openldap.org, ietf-ldapext@netscape.com Subject: RE: CIM24 schema tweaks Date: Sat, 2 Dec 2000 13:15:21 -0000 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Quevedo, Felix" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id IAA05838 All, Interesting... Having the opportunity to be at the directory server vendor side, and now as a server user, I do believe the spec work has been wonderful. Functional inter-operations are possible thanks to the effort. Schema inter-operations... we are not there yet. We all know there could be many implementations, but only one (one hopes) guideline/recommendation/standard document. It would be a daunting task to cover all possible interpretations (implementations). This may be beyond the scope of the spec. To all of this we should also consider the limitations of the underlining technology on which that implementation is based on. Is there a Directory server that supports near 100% the LDAP spec? Maybe. Is it the one we all use? Sure not. Let's take MS ActiveDirectory (pardon the example). It does not support multiple names or attribute superiors or matching rules or ... It does however have other features like LinkID's to define relationships. So we have to take the spec and "adjust" it to the technology. Who should do it? The developer? The vendor? The spec editor? The industry is hungry for guidance from the standard bodies. Not necessarily the ultimate solution. Thanks to all!! Félix E Quevedo :) Smile, everything is possible! E-Mail: fquevedo@smartpipes.com Voice: 614 923 6242 Fax: 614 923 6299 -----Original Message----- From: rmoats@coreon.net [mailto:rmoats@coreon.net] Sent: Friday, December 01, 2000 23:36 To: Mark Wahl Cc: Larry S. Bartz; Quevedo Felix; IETF Policy WG LIST; ietf-ldapbis@openldap.org; ietf-ldapext@netscape.com Subject: Re: CIM24 schema tweaks Mark- I realize that but doesn't, that sort of put the cart before the horse, by creating an implementation barrier? Thinking about it, I suppose the document could define a new matching rule and say "in case your directory implementation doesn't support this you can use ", but I was looking for what could be besides caseIgnoreMatch. Ryan ---- Original message ---- >Date: Fri, 01 Dec 2000 18:21:05 -0800 >From: Mark Wahl >Subject: Re: CIM24 schema tweaks >To: rmoats@coreon.net >Cc: "Larry S. Bartz" , "Quevedo Felix" , IETF Policy WG LIST , ietf-ldapbis@openldap.org, ietf-ldapext@netscape.com > >rmoats@coreon.net wrote: >> > >> >> Well, as an editor, I get to play the "no complaints without >> making a suggestion" card. What do you suggest as the >> equality match? Based on my reading of the X.500-series and >> LDAP RFCs the only option for Directory Strings is >> caseIgnoreMatch, and I'm not at all comfortable with >> declaring that as the matching rule for a syntax that holds >> UTF-8 strings. > >There can be other matching rules for Directory String syntax >attributes besides case ignore. Case ignore is just the most >common. You can have a Case Sensitive, or other more complex >ones if you define them. > >Mark Wahl >Sun Microsystems Inc. From majordomo@raleigh.ibm.com Sat Dec 2 12:46:51 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA16905 for ; Sat, 2 Dec 2000 12:46:50 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id MAA19178; Sat, 2 Dec 2000 12:36:35 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id MAA28644; Sat, 2 Dec 2000 12:36:22 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA66840; Sat, 2 Dec 2000 12:05:51 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA42254; Sat, 2 Dec 2000 12:05:47 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id MAA31598 for ; Sat, 2 Dec 2000 12:05:53 -0500 Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id MAA28050 for ; Sat, 2 Dec 2000 12:05:51 -0500 Received: from mira-sjcm-1.cisco.com (mira-sjcm-1.cisco.com [171.69.2.212]) by sj-msg-core-4.cisco.com (8.9.3/8.9.1) with ESMTP id JAA10152; Sat, 2 Dec 2000 09:05:45 -0800 (PST) Received: from jstrassnlap (sj-dial-1-149.cisco.com [171.68.179.150]) by mira-sjcm-1.cisco.com (Mirapoint) with SMTP id ADT24464; Sat, 2 Dec 2000 09:05:38 -0800 (PST) Message-Id: <001a01c05c82$922a6650$96b344ab@cisco.com> From: "John Strassner" To: "Jean Christophe Martin $From Home$" , "Yoram Ramberg" , Cc: References: <4.3.2.7.2.20001129171501.00cf4190@csi-admin1.cisco.com> <3A254215.EFC1C41A@eng.sun.com> Subject: Re: new version of QPIM Date: Sat, 2 Dec 2000 02:08:13 -0800 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-Mimeole: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "John Strassner" Content-Transfer-Encoding: 7bit Hi Jean, I believe your issue is that if you want to build a condition to filter traffic, the IETF IPsec model uses classes derived from FilterEntryBase whereas QPIM uses two different classes - gpsPolicySimpleCondition and gpsPolicyCompoundCondition. The reason for this is that the QPIM extends the definition of a condition into an ordered triplet (i.e., {variable, operator, value}). These semantics are not present in the current definition of FilterEntryBase or its subclasses. Furthermore, the QPIM further extends these semantics to define a set of classes to model a set of common variables, a corresponding set of classes to model the values that the variables can take, and relationships to: 1) constrain the values that a given variable can take 2) relate the variables and values to a condition 3) represent reusable variables and values Note that an implementation could in fact produce a FilterEntry from these classes. HTH and kind regards, John ----- Original Message ----- From: "Jean Christophe Martin (From Home)" To: "Yoram Ramberg" ; Cc: Sent: Wednesday, November 29, 2000 9:51 AM Subject: Re: new version of QPIM > Yoram , John > > > A new (-02) version of the QoS Policy Information Model draft has been sent > > to the IETF for posting. > > Here is the motivation of my first mail to the alias : > > The CIM Network sub-model defines the elements : FilterList, > FilterEntryBase > and FilterEntry. > These Filters are describing the traffic in the Forwarding Path. > > The IPSEC policy Model (IETF/DMTF) is using these classes as the basis > for > the condition part of the policy. > > However, your draft is redefining a condition object that is not at all > aligned with the IETF (IPSEC) or the DMTF (QoS Device Sub-Model & > IPSEC). > > Do you have any plans to change your draft so that, at a minimum, one > can > reuse already existing Filters as Conditions in the QoS Policy Model ? > > Thanks. > > JC. From majordomo@raleigh.ibm.com Sun Dec 3 07:19:15 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id HAA28729 for ; Sun, 3 Dec 2000 07:19:15 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id HAA09124; Sun, 3 Dec 2000 07:08:35 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id HAA37298; Sun, 3 Dec 2000 07:08:42 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA54828; Sun, 3 Dec 2000 06:38:12 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA52004; Sun, 3 Dec 2000 06:38:09 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id GAA48086 for ; Sun, 3 Dec 2000 06:38:13 -0500 Received: from cisco.com (csi-admin1.cisco.com [144.254.91.12]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id GAA39116 for ; Sun, 3 Dec 2000 06:38:11 -0500 Received: from yramberg-hpxu.cisco.com (telaviv3-dhcp65.cisco.com [144.254.93.193]) by cisco.com (8.8.5-Cisco.2-SunOS.5.5.1.sun4/8.8.8) with ESMTP id NAA17906; Sun, 3 Dec 2000 13:37:55 +0200 (IST) Message-Id: <4.3.2.7.2.20001203102134.034c9d80@csi-admin1.cisco.com> X-Sender: yramberg@csi-admin1.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sun, 03 Dec 2000 13:38:00 -0600 To: Marcus Brunner , ysnir@cisco.com, Yoram Snir From: Yoram Ramberg Subject: Rule nesting and ordering Cc: brunner@ccrle.nec.de, "''Policy Mailing List' (E-mail)'" In-Reply-To: <20001201175919.960C67DC9@imap.heidelberg.ccrle.nec.de> References: <004501c05baa$f8e06f80$b270310a@ysnirnt70> <004501c05baa$f8e06f80$b270310a@ysnirnt70> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Yoram Ramberg I took the liberty to snip the stuff I didn';t address... *Yoram At 06:59 PM 12/1/00 +0100, Marcus Brunner wrote: [...snip...] > > > > > > Rule nesting > > > What is the semantic of the PolicyRuleinPolicyRule aggregation? > > > Basically, I do not see the execution semantic. I have the > > > feeling this > > > concept will run us in problems implementing it properly (defined > > > semantic) > > > Why is ordered grouping of rules not sufficient? > > > > Please see explanation and example in the draft, it illustrates the order > > of > > grouping and rules, and how the combination works. > >So lets try, if I understand it correct. > >We have three rules R1,R2, and R3, with conditions C1,C2, C3, and actions A1, >A2, A3. R2 and R3 are associated to R1. > >So if C1 is true perform A1 and evalute rules R2 and R3 > if C2 is true then perform A2 > if C2 is false then (stop of evalute R3 ??? -> define >sequential or paralell evaluation of the rules) >if C1 is false do nothing > >What is the difference to the three rules? >IF C1 THEN A1 >IF C1 AND C2 THEN A2 >IF C1 AND C3 THEN A3 > >What is the context of the evaluation of R2, R3? Same as R1? Global? >Is the semantic the same as if one would model it with a EvaluationAction? This is my understanding of the evaluation and execution order: Assuming the 1, 2 and 3 designate rule priority, If the decision strategy is MATCH ALL (expected to be rare for constructs like this), If (C1) { If (C2) {A1; A2;}; if (C3) {A1; A3;}; A1; } If the decision strategy is MATCH FIRST (which us the usual case), if (C1) { if (C2) {A1; A2;} else if (C3) {A1; A3} else A1; } Am I right? *Yoram From majordomo@raleigh.ibm.com Mon Dec 4 14:44:45 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA10794 for ; Mon, 4 Dec 2000 14:44:45 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA27542; Mon, 4 Dec 2000 14:29:49 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id OAA24330; Mon, 4 Dec 2000 14:29:20 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA39244; Mon, 4 Dec 2000 13:55:23 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA40758; Mon, 4 Dec 2000 13:55:15 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id NAA36294 for ; Mon, 4 Dec 2000 13:55:17 -0500 Received: from yamato.ccrle.nec.de (yamato.ccrle.nec.de [195.37.70.1]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id NAA24550 for ; Mon, 4 Dec 2000 13:55:13 -0500 Received: from wallace.heidelberg.ccrle.nec.de (root@Wallace.heidelberg.ccrle.nec.de [192.168.102.1]) by yamato.ccrle.nec.de (8.10.1/8.10.1) with ESMTP id eB4IuME94423; Mon, 4 Dec 2000 19:56:22 +0100 (CET) Received: from imap.heidelberg.ccrle.nec.de (postfix@imap.heidelberg.ccrle.nec.de [192.168.102.7]) by wallace.heidelberg.ccrle.nec.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id TAA24326; Mon, 4 Dec 2000 19:55:30 +0100 Received: by imap.heidelberg.ccrle.nec.de (Postfix, from userid 30) id 5EDF77DCC; Mon, 4 Dec 2000 21:55:07 +0100 (CET) From: Marcus Brunner To: Ed_Ellesson@tivoli.com Cc: policy@raleigh.ibm.com, "Joel M. Halpern" References: In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: IMP/PHP3 Imap webMail Program 2.0.9 Subject: Re: Proposed Policy Framework Agenda Message-Id: <20001204205507.5EDF77DCC@imap.heidelberg.ccrle.nec.de> Date: Mon, 4 Dec 2000 21:55:07 +0100 (CET) Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Marcus Brunner Content-Transfer-Encoding: 7bit > 3. Packet Classification, priority, and link between policy and > configuration mechanisms: 30 minutes > > (Issues/Harmonization discussion: QDIM, QPIM, IPSP) There are other, more genreal issues concenrning reusability in QDIM, QPIM,IPSP as well as the MPLS part. (see the extention draft) Dr. Marcus Brunner C&C Research Laboratories NEC Europe Ltd. E-Mail: brunner@ccrle.nec.de WWW: http://www.ccrle.nec.de/ personal home page: http://www.tik.ee.ethz.ch/~brunner Adenauerplatz 6 D-69115 Heidelberg Germany Phone: +49 (0)6221/ 9051129 Fax: +49 (0)6221/ 9051155 From majordomo@raleigh.ibm.com Mon Dec 4 15:14:44 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA18331 for ; Mon, 4 Dec 2000 15:14:43 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id PAA28974; Mon, 4 Dec 2000 15:02:42 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id PAA31318; Mon, 4 Dec 2000 15:02:40 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA47306; Mon, 4 Dec 2000 14:42:13 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA24002; Mon, 4 Dec 2000 14:42:10 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id OAA29068 for ; Mon, 4 Dec 2000 14:42:12 -0500 Received: from yamato.ccrle.nec.de (yamato.ccrle.nec.de [195.37.70.1]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA15972 for ; Mon, 4 Dec 2000 14:12:31 -0500 Received: from wallace.heidelberg.ccrle.nec.de (root@Wallace.heidelberg.ccrle.nec.de [192.168.102.1]) by yamato.ccrle.nec.de (8.10.1/8.10.1) with ESMTP id eB4JDnE94510; Mon, 4 Dec 2000 20:13:49 +0100 (CET) Received: from imap.heidelberg.ccrle.nec.de (postfix@imap.heidelberg.ccrle.nec.de [192.168.102.7]) by wallace.heidelberg.ccrle.nec.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id UAA24425; Mon, 4 Dec 2000 20:12:58 +0100 Received: by imap.heidelberg.ccrle.nec.de (Postfix, from userid 30) id 76C857DCC; Mon, 4 Dec 2000 22:12:32 +0100 (CET) From: Marcus Brunner To: Yoram Ramberg Cc: Marcus Brunner , ysnir@cisco.com, Yoram Snir , brunner@ccrle.nec.de, "''Policy Mailing List' (E-mail)'" References: <004501c05baa$f8e06f80$b270310a@ysnirnt70> <004501c05baa$f8e06f80$b270310a@ysnirnt70> <4.3.2.7.2.20001203102134.034c9d80@csi-admin1.cisco.com> In-Reply-To: <4.3.2.7.2.20001203102134.034c9d80@csi-admin1.cisco.com> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: IMP/PHP3 Imap webMail Program 2.0.9 Subject: Re: Rule nesting and ordering Message-Id: <20001204211232.76C857DCC@imap.heidelberg.ccrle.nec.de> Date: Mon, 4 Dec 2000 22:12:32 +0100 (CET) Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Marcus Brunner Content-Transfer-Encoding: 7bit Quoting Yoram Ramberg : > I took the liberty to snip the stuff I didn';t address... > *Yoram > > At 06:59 PM 12/1/00 +0100, Marcus Brunner wrote: > [...snip...] > > > > > > > > Rule nesting > > > > What is the semantic of the PolicyRuleinPolicyRule aggregation? > > > > Basically, I do not see the execution semantic. I have the > > > > feeling this > > > > concept will run us in problems implementing it properly (defined > > > > semantic) > > > > Why is ordered grouping of rules not sufficient? > > > > > > Please see explanation and example in the draft, it illustrates the > order > > > of > > > grouping and rules, and how the combination works. > > > >So lets try, if I understand it correct. > > > >We have three rules R1,R2, and R3, with conditions C1,C2, C3, and actions > A1, > >A2, A3. R2 and R3 are associated to R1. > > > >So if C1 is true perform A1 and evalute rules R2 and R3 > > if C2 is true then perform A2 > > if C2 is false then (stop of evalute R3 ??? -> define > >sequential or paralell evaluation of the rules) > >if C1 is false do nothing > > > >What is the difference to the three rules? > >IF C1 THEN A1 > >IF C1 AND C2 THEN A2 > >IF C1 AND C3 THEN A3 > > > >What is the context of the evaluation of R2, R3? Same as R1? Global? > >Is the semantic the same as if one would model it with a EvaluationAction? > > This is my understanding of the evaluation and execution order: > Assuming the 1, 2 and 3 designate rule priority, > > If the decision strategy is MATCH ALL (expected to be rare for constructs > like this), > If (C1) { > If (C2) {A1; A2;}; > if (C3) {A1; A3;}; > A1; > } > The question is here, what is the action order? Why not like the following? If (C1) { A1; If (C2) {A1;A2;}; if (C3) {A1;A3;}; } Seceond question, why do you perform A1 potentially many times? > If the decision strategy is MATCH FIRST (which us the usual case), > if (C1) { > if (C2) {A1; A2;} > else if (C3) {A1; A3} > else A1; > } > > Am I right? Yes. Marcus > *Yoram > > Dr. Marcus Brunner C&C Research Laboratories NEC Europe Ltd. E-Mail: brunner@ccrle.nec.de WWW: http://www.ccrle.nec.de/ personal home page: http://www.tik.ee.ethz.ch/~brunner Adenauerplatz 6 D-69115 Heidelberg Germany Phone: +49 (0)6221/ 9051129 Fax: +49 (0)6221/ 9051155 From majordomo@raleigh.ibm.com Mon Dec 4 17:13:23 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA19325 for ; Mon, 4 Dec 2000 17:13:23 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id RAA29332; Mon, 4 Dec 2000 17:03:28 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id RAA23346; Mon, 4 Dec 2000 17:03:20 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA41312; Mon, 4 Dec 2000 16:41:55 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA37450; Mon, 4 Dec 2000 16:41:51 -0500 Received: from corp.tivoli.com (corp.tivoli.com [146.84.104.1]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id QAA21758 for ; Mon, 4 Dec 2000 16:41:54 -0500 From: Ed_Ellesson@tivoli.com Received: from schub.tivoli.com (schub.tivoli.com [146.84.104.17]) by corp.tivoli.com (8.9.3/8.9.0) with ESMTP id PAA00931; Mon, 4 Dec 2000 15:42:11 -0600 (CST) Importance: Normal Subject: Re: Proposed Policy Framework Agenda To: Marcus Brunner Cc: Ed_Ellesson@tivoli.com, policy@raleigh.ibm.com, "Joel M. Halpern" Date: Mon, 4 Dec 2000 16:36:32 -0500 Message-Id: X-Mimetrack: Serialize by Router on SCHub/Tivoli Systems(Release 5.0.4a |July 24, 2000) at 12/04/2000 03:41:16 PM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Ed_Ellesson@tivoli.com Marcus, Thanks for your note about the agenda. I modified the description of that agenda item slightly, with the addition of "other", in case we need to capture any additional issues that come up. Regarding PCIM extensions, I think that we should first get some experience in applying PCIM to the QOS and IPSP disciplines, and find out whether or not we run into any fundamental roadblocks in the context of those disciplines. Ed Ellesson Tivoli Systems Durham, NC ellesson@tivoli.com Office at Tivoli: 919-224-2111 Office at home: 919-644-3977 Marcus Brunner @raleigh.ibm.com on 12/04/2000 03:55:07 PM Please respond to Marcus Brunner Sent by: policy-owner@raleigh.ibm.com To: Ed_Ellesson@tivoli.com cc: policy@raleigh.ibm.com, "Joel M. Halpern" Subject: Re: Proposed Policy Framework Agenda > 3. Packet Classification, priority, and link between policy and > configuration mechanisms: 30 minutes > > (Issues/Harmonization discussion: QDIM, QPIM, IPSP) There are other, more genreal issues concenrning reusability in QDIM, QPIM,IPSP as well as the MPLS part. (see the extention draft) Dr. Marcus Brunner C&C Research Laboratories NEC Europe Ltd. E-Mail: brunner@ccrle.nec.de WWW: http://www.ccrle.nec.de/ personal home page: http://www.tik.ee.ethz.ch/~brunner Adenauerplatz 6 D-69115 Heidelberg Germany Phone: +49 (0)6221/ 9051129 Fax: +49 (0)6221/ 9051155 From majordomo@raleigh.ibm.com Mon Dec 4 17:13:45 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA19496 for ; Mon, 4 Dec 2000 17:13:44 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id RAA22174; Mon, 4 Dec 2000 17:03:30 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id RAA25310; Mon, 4 Dec 2000 17:03:21 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA43594; Mon, 4 Dec 2000 16:33:31 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA43578; Mon, 4 Dec 2000 16:33:27 -0500 Received: from corp.tivoli.com (corp.tivoli.com [146.84.104.1]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id QAA30302 for ; Mon, 4 Dec 2000 16:33:27 -0500 From: Ed_Ellesson@tivoli.com Received: from schub.tivoli.com (schub.tivoli.com [146.84.104.17]) by corp.tivoli.com (8.9.3/8.9.0) with ESMTP id PAA26178; Mon, 4 Dec 2000 15:33:37 -0600 (CST) Importance: Normal Subject: Policy Framework WG Agenda To: agenda@ietf.org Cc: policy@raleigh.ibm.com, "Joel M. Halpern" , "Wijnen, Bert (Bert)" Date: Mon, 4 Dec 2000 16:28:00 -0500 Message-Id: X-Mimetrack: Serialize by Router on SCHub/Tivoli Systems(Release 5.0.4a |July 24, 2000) at 12/04/2000 03:32:42 PM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Ed_Ellesson@tivoli.com We are still negotiating some of the specifics, but this is the agenda we are posting for the IETF Working Group and BOF Agendas page: Proposed Policy Framework Agenda: Monday Afternoon, Dec. 11: 3:30 - 5:30pm (120 minutes) 1. Intro/Objectives/Milestones: Joel , 10 minutes 2. Agenda Bash: Ed, 5 minutes 3. QDDIM: Bob Moore, Editor. Total: 30 minutes (20 minutes issues presentation, plus 10 min. for discussion) 4. QPIM: QPIM Author(s) Total: 30 minutes (20 minutes issues presentation, plus 10 min. for discussion) 5. QDIM/QPIM compatibility with DiffServ: Total 30 minutes (Conceptual Model, MIB, and PIB Issues discussion) 6. Wrap-up: Ed and Joel, 15 minutes. (Summary and short re-review of Wed agenda) Wednesday Morning, Dec. 13: 9:00 - 11:30am (150 minutes) 1. Intro/News since Monday: Ed and Joel, 5 minutes 2. IPSP's PCIM-based Model: Lee Rafalow/IPSP Participants: Total 30 minutes (20 minutes issues presentation, plus 10 for discussion) 3. Applying/Linking Policy to QDDIM, QPIM, IPSP: 30 minutes (Issues: Packet Classification, Priority, Policy/Configuration Linkage, Other) 4. PCLS Update: PCLS Author(s): 10 minutes, Ed Ellesson: 10 minutes: Total 20 minutes (General PCLS issues update, plus Security Considerations issues): 5. Terminology Draft Update/Issues and harmonization discussion: Andrea: 20 minutes 6. (If time permits) AAA Architecture: Use of policy framework in context of AAA Architecture: Cees deLaat, and John Vollbrecht: 10 minutes 7. (If time permits) MPLS: MPLS Policy Draft Author(s): Use of policy framework in context of MPLS: 10 minute update 8. Wrap-up, and charter milestones re-visit: 25 minutes, Ed, Joel and Bert ********************* Thanks, Ed and Joel Ed Ellesson ellesson@tivoli.com Office at Tivoli: 919-224-2111 Office at home: 919-644-3977 From majordomo@raleigh.ibm.com Tue Dec 5 11:04:31 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA25803 for ; Tue, 5 Dec 2000 11:04:30 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA40524; Tue, 5 Dec 2000 10:47:32 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id KAA33528; Tue, 5 Dec 2000 10:47:28 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA52510; Tue, 5 Dec 2000 08:04:16 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA35726; Tue, 5 Dec 2000 08:04:03 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id IAA29182 for ; Tue, 5 Dec 2000 08:04:04 -0500 Received: from mx-relay2.treas.gov (mx-relay2.treas.gov [199.196.144.6]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id IAA19994 for ; Tue, 5 Dec 2000 08:04:01 -0500 Received: from tias4.treas.gov (tias-gw4.treas.gov [199.196.144.14]) by mx-relay2.treas.gov (8.9.1b+Sun/8.9.3) with SMTP id IAA22792; Tue, 5 Dec 2000 08:04:27 -0500 (EST) Received: from mailhub.net.treas.gov by tias4.treas.gov via smtpd (for mx-relay.treas.gov [199.196.144.6]) with SMTP; 5 Dec 2000 13:04:27 UT Received: from mears.indy.cr.irs.gov (mailhub-3.net.treas.gov [10.7.8.11]) by mailhub-3.net.treas.gov (8.9.3+Sun/8.9.3) with ESMTP id IAA26070; Tue, 5 Dec 2000 08:02:32 -0500 (EST) Received: from parnelli.indy.cr.irs.gov (IDENT:lsbart35@localhost [127.0.0.1]) by mears.indy.cr.irs.gov (8.9.3/8.9.3) with ESMTP id IAA17714; Tue, 5 Dec 2000 08:04:11 -0500 Message-Id: <3A2CE7CB.F8C3EE9C@parnelli.indy.cr.irs.gov> Date: Tue, 05 Dec 2000 08:04:11 -0500 From: "Larry S. Bartz" X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en Mime-Version: 1.0 To: rmoats@coreon.net Cc: "Quevedo, Felix" , IETF Policy WG LIST , ietf-ldapbis@openldap.org, ietf-ldapext@netscape.com Subject: matching rules for directoryString [was: Re: CIM24 schema tweaks] References: <200012020059.AAO48966@mail.coreon.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Larry S. Bartz" Content-Transfer-Encoding: 7bit rmoats@coreon.net wrote: > .[snip] > What do you suggest as the > equality match? Based on my reading of the X.500-series and > LDAP RFCs the only option for Directory Strings is > caseIgnoreMatch, and I'm not at all comfortable with > declaring that as the matching rule for a syntax that holds > UTF-8 strings. [snip] > I'm reading X.501 and X.520 from ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your copy). Although these are drafts from the 4th edition of the X.500 series, it does not appear that the sections which apply to this immediate issue are new or different from current/previous documents. X.501 requires that the assertion syntax of the matching rule and the syntax of attributes to which the matching rule is applied must be equivalent. See section 13.5. X.520 defines a caseExactMatch rule which applies to directoryString attributes. See section 6.1.4. Section 8 of RFC2252 does not mention a caseExactMatch rule which applies to directoryString attributes. But neither does it appear that section 8 was intended to describe the entire universe of allowable or appropriate matching rules. Nothing in RFC2252's section 8 precludes a Directory implementation from supporting matching rules beyond those which are enumerated. Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the requirement for LDAP servers to support the X.500 data and service models. Based on these facts, think it is reasonable to specify caseExactMatch for directoryString attributes. Further, I think it is reasonable to expect that Directory implementations will support it. Also see http://www.alvestrand.no/objectid/2.5.13.5.html Note that the specification of caseExactMatch for directoryString attributes did not prevent RFCs 2713 and 2714 from obtaining. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Tue Dec 5 11:04:49 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA25871 for ; Tue, 5 Dec 2000 11:04:49 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA23374; Tue, 5 Dec 2000 10:55:06 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id KAA29374; Tue, 5 Dec 2000 10:54:57 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA36182; Tue, 5 Dec 2000 10:25:13 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA24648; Tue, 5 Dec 2000 10:25:09 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id KAA20364 for ; Tue, 5 Dec 2000 10:25:10 -0500 Received: from mail.coreon.net (IDENT:mirapoint@mail.coreon.net [216.74.131.6]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id KAA28360 for ; Tue, 5 Dec 2000 10:15:08 -0500 Received: from rmoats2 (node-64-248-71-118.dslspeed.zyan.com [64.248.71.118]) by mail.coreon.net (Mirapoint) with ESMTP id AAO53092 (AUTH rmoats); Tue, 5 Dec 2000 10:15:29 -0500 (EST) From: "Ryan Moats" To: "Larry S. Bartz" Cc: "Quevedo, Felix" , "IETF Policy WG LIST" Subject: RE: matching rules for directoryString [was: Re: CIM24 schema tweaks] Date: Tue, 5 Dec 2000 09:21:36 -0600 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <3A2CE7CB.F8C3EE9C@parnelli.indy.cr.irs.gov> X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Ryan Moats" Content-Transfer-Encoding: 7bit Thank you, Thank you, Thank you! Having looked at the relevant section, I am MUCH more comfortable with this than with caseIgnoreMatch. I think caseExactMatch should be used for - orderedCimKeys in the 2.4 Mapping - policyKeywords, policyGroupName, policyRuleName, policyConditionName, policyActionName, policyInstanceName, policyRepositoryName in the PCLS (Hey Bob, there's going to be a -09 isn't there ;-) Ryan -----Original Message----- From: lsbart35@mears.indy.cr.irs.gov [mailto:lsbart35@mears.indy.cr.irs.gov]On Behalf Of Larry S. Bartz Sent: Tuesday, December 05, 2000 7:04 AM To: rmoats@coreon.net Cc: Quevedo, Felix; IETF Policy WG LIST; ietf-ldapbis@openldap.org; ietf-ldapext@netscape.com Subject: matching rules for directoryString [was: Re: CIM24 schema tweaks] rmoats@coreon.net wrote: > .[snip] > What do you suggest as the > equality match? Based on my reading of the X.500-series and > LDAP RFCs the only option for Directory Strings is > caseIgnoreMatch, and I'm not at all comfortable with > declaring that as the matching rule for a syntax that holds > UTF-8 strings. [snip] > I'm reading X.501 and X.520 from ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your copy). Although these are drafts from the 4th edition of the X.500 series, it does not appear that the sections which apply to this immediate issue are new or different from current/previous documents. X.501 requires that the assertion syntax of the matching rule and the syntax of attributes to which the matching rule is applied must be equivalent. See section 13.5. X.520 defines a caseExactMatch rule which applies to directoryString attributes. See section 6.1.4. Section 8 of RFC2252 does not mention a caseExactMatch rule which applies to directoryString attributes. But neither does it appear that section 8 was intended to describe the entire universe of allowable or appropriate matching rules. Nothing in RFC2252's section 8 precludes a Directory implementation from supporting matching rules beyond those which are enumerated. Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the requirement for LDAP servers to support the X.500 data and service models. Based on these facts, think it is reasonable to specify caseExactMatch for directoryString attributes. Further, I think it is reasonable to expect that Directory implementations will support it. Also see http://www.alvestrand.no/objectid/2.5.13.5.html Note that the specification of caseExactMatch for directoryString attributes did not prevent RFCs 2713 and 2714 from obtaining. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Tue Dec 5 13:23:51 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA00062 for ; Tue, 5 Dec 2000 13:23:51 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id NAA22924; Tue, 5 Dec 2000 13:14:39 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id NAA23500; Tue, 5 Dec 2000 13:14:34 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA46598; Tue, 5 Dec 2000 10:44:27 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA61168; Tue, 5 Dec 2000 10:44:23 -0500 Received: from southrelay02.raleigh.ibm.com (southrelay02.raleigh.ibm.com [9.37.3.209]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id KAA29784 for ; Tue, 5 Dec 2000 10:44:24 -0500 Received: from d04nm200.raleigh.ibm.com (d04nm200.raleigh.ibm.com [9.67.228.37]) by southrelay02.raleigh.ibm.com (8.8.8m3/NCO v4.95) with ESMTP id KAA127238; Tue, 5 Dec 2000 10:44:22 -0500 Importance: Normal Subject: RE: matching rules for directoryString [was: Re: CIM24 schema tweaks] To: wg-ldap@www.dmtf.org Cc: "Larry S. Bartz" , "Quevedo, Felix" , "IETF Policy WG LIST" X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-Id: From: "Robert Moore" Date: Tue, 5 Dec 2000 10:48:48 -0500 X-Mimetrack: Serialize by Router on D04NM200/04/M/IBM(Release 5.0.3 (Intl)|21 March 2000) at 12/05/2000 10:44:47 AM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Robert Moore" Yes, there's going to be an -09 version. Does this mean we also need to add a reference to X.520 in the References section? Regards, Bob Bob Moore IBM Networking Software +1-919-254-4436 remoore@us.ibm.com "Ryan Moats" @www.dmtf.org on 12/05/2000 10:21:36 AM Please respond to wg-ldap@www.dmtf.org Sent by: wg-ldap-owner@www.dmtf.org To: "Larry S. Bartz" cc: "Quevedo, Felix" , "IETF Policy WG LIST" Subject: RE: matching rules for directoryString [was: Re: CIM24 schema tweaks] Thank you, Thank you, Thank you! Having looked at the relevant section, I am MUCH more comfortable with this than with caseIgnoreMatch. I think caseExactMatch should be used for - orderedCimKeys in the 2.4 Mapping - policyKeywords, policyGroupName, policyRuleName, policyConditionName, policyActionName, policyInstanceName, policyRepositoryName in the PCLS (Hey Bob, there's going to be a -09 isn't there ;-) Ryan -----Original Message----- From: lsbart35@mears.indy.cr.irs.gov [mailto:lsbart35@mears.indy.cr.irs.gov]On Behalf Of Larry S. Bartz Sent: Tuesday, December 05, 2000 7:04 AM To: rmoats@coreon.net Cc: Quevedo, Felix; IETF Policy WG LIST; ietf-ldapbis@openldap.org; ietf-ldapext@netscape.com Subject: matching rules for directoryString [was: Re: CIM24 schema tweaks] rmoats@coreon.net wrote: > .[snip] > What do you suggest as the > equality match? Based on my reading of the X.500-series and > LDAP RFCs the only option for Directory Strings is > caseIgnoreMatch, and I'm not at all comfortable with > declaring that as the matching rule for a syntax that holds > UTF-8 strings. [snip] > I'm reading X.501 and X.520 from ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your copy). Although these are drafts from the 4th edition of the X.500 series, it does not appear that the sections which apply to this immediate issue are new or different from current/previous documents. X.501 requires that the assertion syntax of the matching rule and the syntax of attributes to which the matching rule is applied must be equivalent. See section 13.5. X.520 defines a caseExactMatch rule which applies to directoryString attributes. See section 6.1.4. Section 8 of RFC2252 does not mention a caseExactMatch rule which applies to directoryString attributes. But neither does it appear that section 8 was intended to describe the entire universe of allowable or appropriate matching rules. Nothing in RFC2252's section 8 precludes a Directory implementation from supporting matching rules beyond those which are enumerated. Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the requirement for LDAP servers to support the X.500 data and service models. Based on these facts, think it is reasonable to specify caseExactMatch for directoryString attributes. Further, I think it is reasonable to expect that Directory implementations will support it. Also see http://www.alvestrand.no/objectid/2.5.13.5.html Note that the specification of caseExactMatch for directoryString attributes did not prevent RFCs 2713 and 2714 from obtaining. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Tue Dec 5 14:23:41 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA20603 for ; Tue, 5 Dec 2000 14:23:40 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA25166; Tue, 5 Dec 2000 14:14:31 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id OAA25450; Tue, 5 Dec 2000 14:14:29 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA52800; Tue, 5 Dec 2000 11:17:28 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA53048; Tue, 5 Dec 2000 11:17:24 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id LAA29552 for ; Tue, 5 Dec 2000 11:17:26 -0500 Received: from mail.coreon.net (IDENT:mirapoint@mail.coreon.net [216.74.131.6]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id LAA18836 for ; Tue, 5 Dec 2000 11:17:23 -0500 Received: from rmoats2 (node-64-248-71-118.dslspeed.zyan.com [64.248.71.118]) by mail.coreon.net (Mirapoint) with ESMTP id AAO53269 (AUTH rmoats); Tue, 5 Dec 2000 11:18:04 -0500 (EST) From: "Ryan Moats" To: "IETF Policy WG LIST" Subject: RE: matching rules for directoryString [was: Re: CIM24 schema tweaks] Date: Tue, 5 Dec 2000 10:24:09 -0600 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Ryan Moats" Content-Transfer-Encoding: 7bit Wouldn't be a bad idea at that :-) I'm not sure what the exact relevant information have. My guess would be ITU, "Information Technology - Open System Interconnection - The Directory: Selected Attribute Types," X.520 (11/93), 1995. But I think I have an old copy. Ryan -----Original Message----- From: wg-ldap-owner@www.dmtf.org [mailto:wg-ldap-owner@www.dmtf.org]On Behalf Of Robert Moore Sent: Tuesday, December 05, 2000 9:49 AM To: wg-ldap@www.dmtf.org Cc: Larry S. Bartz; Quevedo, Felix; IETF Policy WG LIST Subject: RE: matching rules for directoryString [was: Re: CIM24 schema tweaks] Yes, there's going to be an -09 version. Does this mean we also need to add a reference to X.520 in the References section? Regards, Bob Bob Moore IBM Networking Software +1-919-254-4436 remoore@us.ibm.com "Ryan Moats" @www.dmtf.org on 12/05/2000 10:21:36 AM Please respond to wg-ldap@www.dmtf.org Sent by: wg-ldap-owner@www.dmtf.org To: "Larry S. Bartz" cc: "Quevedo, Felix" , "IETF Policy WG LIST" Subject: RE: matching rules for directoryString [was: Re: CIM24 schema tweaks] Thank you, Thank you, Thank you! Having looked at the relevant section, I am MUCH more comfortable with this than with caseIgnoreMatch. I think caseExactMatch should be used for - orderedCimKeys in the 2.4 Mapping - policyKeywords, policyGroupName, policyRuleName, policyConditionName, policyActionName, policyInstanceName, policyRepositoryName in the PCLS (Hey Bob, there's going to be a -09 isn't there ;-) Ryan -----Original Message----- From: lsbart35@mears.indy.cr.irs.gov [mailto:lsbart35@mears.indy.cr.irs.gov]On Behalf Of Larry S. Bartz Sent: Tuesday, December 05, 2000 7:04 AM To: rmoats@coreon.net Cc: Quevedo, Felix; IETF Policy WG LIST; ietf-ldapbis@openldap.org; ietf-ldapext@netscape.com Subject: matching rules for directoryString [was: Re: CIM24 schema tweaks] rmoats@coreon.net wrote: > .[snip] > What do you suggest as the > equality match? Based on my reading of the X.500-series and > LDAP RFCs the only option for Directory Strings is > caseIgnoreMatch, and I'm not at all comfortable with > declaring that as the matching rule for a syntax that holds > UTF-8 strings. [snip] > I'm reading X.501 and X.520 from ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your copy). Although these are drafts from the 4th edition of the X.500 series, it does not appear that the sections which apply to this immediate issue are new or different from current/previous documents. X.501 requires that the assertion syntax of the matching rule and the syntax of attributes to which the matching rule is applied must be equivalent. See section 13.5. X.520 defines a caseExactMatch rule which applies to directoryString attributes. See section 6.1.4. Section 8 of RFC2252 does not mention a caseExactMatch rule which applies to directoryString attributes. But neither does it appear that section 8 was intended to describe the entire universe of allowable or appropriate matching rules. Nothing in RFC2252's section 8 precludes a Directory implementation from supporting matching rules beyond those which are enumerated. Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the requirement for LDAP servers to support the X.500 data and service models. Based on these facts, think it is reasonable to specify caseExactMatch for directoryString attributes. Further, I think it is reasonable to expect that Directory implementations will support it. Also see http://www.alvestrand.no/objectid/2.5.13.5.html Note that the specification of caseExactMatch for directoryString attributes did not prevent RFCs 2713 and 2714 from obtaining. -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Tue Dec 5 15:02:38 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA04218 for ; Tue, 5 Dec 2000 15:02:38 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA34540; Tue, 5 Dec 2000 14:48:57 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id OAA07216; Tue, 5 Dec 2000 14:48:57 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA39184; Tue, 5 Dec 2000 12:21:06 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA53504; Tue, 5 Dec 2000 12:21:02 -0500 Received: from southrelay02.raleigh.ibm.com (southrelay02.raleigh.ibm.com [9.37.3.209]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id MAA35692 for ; Tue, 5 Dec 2000 12:21:04 -0500 Received: from d04nm200.raleigh.ibm.com (d04nm200.raleigh.ibm.com [9.67.228.37]) by southrelay02.raleigh.ibm.com (8.8.8m3/NCO v4.95) with ESMTP id MAA118802; Tue, 5 Dec 2000 12:21:02 -0500 Importance: Normal Subject: DSCP marking versus DSCP remarking To: "'diffserv@ietf.org'" , policy@raleigh.ibm.com X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-Id: From: "Robert Moore" Date: Tue, 5 Dec 2000 12:25:30 -0500 X-Mimetrack: Serialize by Router on D04NM200/04/M/IBM(Release 5.0.3 (Intl)|21 March 2000) at 12/05/2000 12:21:28 PM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Robert Moore" In the DiffServ Informal Model, MIB, and PIB, there is a distinction drawn between a marker that marks unmarked packets, and one that remarks packets that had been marked previously. This distinction appears most clearly in section 6.1 of the Informal Model. The MIB and the PIB make it implicitly, by importing the terms "mark" and "remark" from the Informal Model. This distinction presupposes that among the packets coming into a marker, some can be identified as already marked, and others can be identified as unmarked. I don't believe that this is the case. In QDDIM, we have come down squarely on the side that says there is no such thing as an unmarked packet, and thus no distinction between packet marking and packet remarking. Every packet has one of 64 values, decimal 0 - 63, in the DSCP field. Each of these values, including 0, is a legitimate DSCP. So a DSCP marker always takes in a packet that is already marked with a DSCP, and marks (or remarks - which word we choose isn't important) the packet with another DSCP, which may or may not be the same DSCP as the one the packet had when it came into the marker. Based on this view, we removed from the MarkerService class in QDDIM a boolean property CanRemark, which said whether a marker was allowed to mark all packets, or only packets that were not already marked when they got to it. This is *almost* just a question of wordsmithing in the three diffserv WG documents. But not quite. If there is actual disagreement in the WG about whether there is such a thing as an unmarked packet, that is, a packet that's not marked with any DSCP, then the question should be discussed until the WG reaches a consensus one way or the other. Does everybody agree with the QDDIM team that there is no such thing as a packet unmarked with any DSCP? Regards, Bob Bob Moore IBM Networking Software +1-919-254-4436 remoore@us.ibm.com From majordomo@raleigh.ibm.com Tue Dec 5 19:59:30 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA28534 for ; Tue, 5 Dec 2000 19:59:30 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id TAA38896; Tue, 5 Dec 2000 19:50:30 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id TAA24846; Tue, 5 Dec 2000 19:50:25 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA48352; Tue, 5 Dec 2000 16:28:29 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA44248; Tue, 5 Dec 2000 16:28:26 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id QAA32808 for ; Tue, 5 Dec 2000 16:28:29 -0500 Received: from mailmaestro.smartpipes.com (mailmaestro.smartpipes.com [63.98.224.170]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id QAA32198 for ; Tue, 5 Dec 2000 16:28:25 -0500 Received: by mailmaestro.smartpipes.com with Internet Mail Service (5.5.2650.21) id ; Tue, 5 Dec 2000 21:28:14 -0000 Message-Id: <8E1E94178828D143B34A560A7A6F2C0B0199AB41@mailmaestro.smartpipes.com> From: "Wang, Cliff" To: "'Ed_Ellesson@tivoli.com'" Cc: policy@raleigh.ibm.com, "Joel M. Halpern" , "Wijnen, Bert (Bert)" Subject: RE: Policy Framework WG Agendapolicy@raleigh.ibm.com Date: Tue, 5 Dec 2000 21:28:13 -0000 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Wang, Cliff" Ed, Can you give the doc name/location with respect to QDDIM, QPIM, and all other items listed in the agenda? I am sure that the meeting goers would benefit if they have read the latest documents before attending the meeting. The other working group typically put the draft name in the agenda. Thanks! -----Original Message----- From: Ed_Ellesson@tivoli.com [mailto:Ed_Ellesson@tivoli.com] Sent: Monday, December 04, 2000 4:28 PM To: agenda@ietf.org Cc: policy@raleigh.ibm.com; Joel M. Halpern; Wijnen, Bert (Bert) Subject: Policy Framework WG Agendapolicy@raleigh.ibm.com We are still negotiating some of the specifics, but this is the agenda we are posting for the IETF Working Group and BOF Agendas page: Proposed Policy Framework Agenda: Monday Afternoon, Dec. 11: 3:30 - 5:30pm (120 minutes) 1. Intro/Objectives/Milestones: Joel , 10 minutes 2. Agenda Bash: Ed, 5 minutes 3. QDDIM: Bob Moore, Editor. Total: 30 minutes (20 minutes issues presentation, plus 10 min. for discussion) 4. QPIM: QPIM Author(s) Total: 30 minutes (20 minutes issues presentation, plus 10 min. for discussion) 5. QDIM/QPIM compatibility with DiffServ: Total 30 minutes (Conceptual Model, MIB, and PIB Issues discussion) 6. Wrap-up: Ed and Joel, 15 minutes. (Summary and short re-review of Wed agenda) Wednesday Morning, Dec. 13: 9:00 - 11:30am (150 minutes) 1. Intro/News since Monday: Ed and Joel, 5 minutes 2. IPSP's PCIM-based Model: Lee Rafalow/IPSP Participants: Total 30 minutes (20 minutes issues presentation, plus 10 for discussion) 3. Applying/Linking Policy to QDDIM, QPIM, IPSP: 30 minutes (Issues: Packet Classification, Priority, Policy/Configuration Linkage, Other) 4. PCLS Update: PCLS Author(s): 10 minutes, Ed Ellesson: 10 minutes: Total 20 minutes (General PCLS issues update, plus Security Considerations issues): 5. Terminology Draft Update/Issues and harmonization discussion: Andrea: 20 minutes 6. (If time permits) AAA Architecture: Use of policy framework in context of AAA Architecture: Cees deLaat, and John Vollbrecht: 10 minutes 7. (If time permits) MPLS: MPLS Policy Draft Author(s): Use of policy framework in context of MPLS: 10 minute update 8. Wrap-up, and charter milestones re-visit: 25 minutes, Ed, Joel and Bert ********************* Thanks, Ed and Joel Ed Ellesson ellesson@tivoli.com Office at Tivoli: 919-224-2111 Office at home: 919-644-3977 From majordomo@raleigh.ibm.com Wed Dec 6 11:20:48 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA11559 for ; Wed, 6 Dec 2000 11:20:47 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id LAA23846; Wed, 6 Dec 2000 11:10:11 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id LAA31452; Wed, 6 Dec 2000 11:10:02 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA28222; Wed, 6 Dec 2000 10:31:04 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA28210; Wed, 6 Dec 2000 10:31:00 -0500 Received: from lmr (dyn9-37-48-47.raleigh.ibm.com [9.37.48.47]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id KAA35382; Wed, 6 Dec 2000 10:31:02 -0500 Message-Id: <005701c05f99$45de3780$2f302509@raleigh.ibm.com> From: "Lee Rafalow" To: Cc: References: Subject: Re: matching rules for directoryString [was: Re: CIM24 schema tweaks] Date: Wed, 6 Dec 2000 10:29:05 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-Mimeole: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Lee Rafalow" Content-Transfer-Encoding: 7bit So, now that we've resolved the question of what matching rules are possible, let's address what matching rules we want to use. Although the attributes listed below have been thought of as case exact in the past (e.g., earlier drafts of PCLS when they were IA5string syntax), I'm not sure we should stay with that interpretation. The attributes listed below are intended for search and/or rdn usage and requiring case exact seems restrictive to me. In most uses there's nothing about policyGroupName=Atlanta Routers that's different from policyGroupName=atlanta routers or policyRepositoryName=Southeast and policyRepositoryName=southeast. Further, if you look at other typically used search and/or rdn attributes (e.g., cn, ou, o, l, etc.) they're cis. Cheers, Lee ----- Original Message ----- From: "Ryan Moats" To: "Larry S. Bartz" Cc: "Quevedo, Felix" ; "IETF Policy WG LIST" Sent: Tuesday, December 05, 2000 10:21 AM Subject: RE: matching rules for directoryString [was: Re: CIM24 schema tweaks] > Thank you, Thank you, Thank you! > > Having looked at the relevant section, I am MUCH more comfortable > with this than with caseIgnoreMatch. > > I think caseExactMatch should be used for > > - orderedCimKeys in the 2.4 Mapping > - policyKeywords, policyGroupName, policyRuleName, policyConditionName, > policyActionName, policyInstanceName, policyRepositoryName in the PCLS > (Hey Bob, there's going to be a -09 isn't there ;-) > > Ryan > > -----Original Message----- > From: lsbart35@mears.indy.cr.irs.gov > [mailto:lsbart35@mears.indy.cr.irs.gov]On Behalf Of Larry S. Bartz > Sent: Tuesday, December 05, 2000 7:04 AM > To: rmoats@coreon.net > Cc: Quevedo, Felix; IETF Policy WG LIST; ietf-ldapbis@openldap.org; > ietf-ldapext@netscape.com > Subject: matching rules for directoryString [was: Re: CIM24 schema > tweaks] > > > rmoats@coreon.net wrote: > > > .[snip] > > What do you suggest as the > > equality match? Based on my reading of the X.500-series and > > LDAP RFCs the only option for Directory Strings is > > caseIgnoreMatch, and I'm not at all comfortable with > > declaring that as the matching rule for a syntax that holds > > UTF-8 strings. > [snip] > > > > I'm reading X.501 and X.520 from > ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your > copy). Although these are drafts from the 4th edition of the X.500 > series, it does not appear that the sections which apply to this > immediate issue are new or different from current/previous documents. > > X.501 requires that the assertion syntax of the matching rule and > the syntax of attributes to which the matching rule is applied > must be equivalent. See section 13.5. > > X.520 defines a caseExactMatch rule which applies to directoryString > attributes. See section 6.1.4. > > Section 8 of RFC2252 does not mention a caseExactMatch rule which > applies to directoryString attributes. But neither does it appear that > section 8 was intended to describe the entire universe of allowable > or appropriate matching rules. Nothing in RFC2252's section 8 precludes > a Directory implementation from supporting matching rules beyond those > which are enumerated. > > Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the > requirement for LDAP servers to support the X.500 data and service > models. > > Based on these facts, think it is reasonable to specify caseExactMatch > for directoryString attributes. Further, I think it is reasonable to > expect that Directory implementations will support it. > > Also see http://www.alvestrand.no/objectid/2.5.13.5.html > > Note that the specification of caseExactMatch for directoryString > attributes did not prevent RFCs 2713 and 2714 from obtaining. > > -- > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| > # Larry Bartz | | > # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | > # | Ooo, ooo, oooooo! | > # | I've got a gnu attitude! | > # voice (317) 226-7060 | | > # FAX (317) 226-6378 | | > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| > From majordomo@raleigh.ibm.com Wed Dec 6 13:48:56 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA15024 for ; Wed, 6 Dec 2000 13:48:54 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id NAA23584; Wed, 6 Dec 2000 13:39:47 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id NAA27062; Wed, 6 Dec 2000 13:39:05 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA52750; Wed, 6 Dec 2000 13:04:16 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA52460; Wed, 6 Dec 2000 13:04:09 -0500 Received: from lmr (dyn9-37-48-47.raleigh.ibm.com [9.37.48.47]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id NAA22566; Wed, 6 Dec 2000 13:04:11 -0500 Message-Id: <008301c05fae$7719c660$2f302509@raleigh.ibm.com> From: "Lee Rafalow" To: "Jean Christophe Martin" , , References: <3A1AEFAD.41055193@sun.com> Subject: QoS/IPSEC alignment questions Date: Wed, 6 Dec 2000 13:00:47 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-Mimeole: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Lee Rafalow" Content-Transfer-Encoding: 7bit Jean, 1. I think the difference between the condition representations can be justified. The IETF QDDIM and IPSP models (and their corresponding DMTF QoS and IPsec models)are device-level models, i.e., in the PEP. In these device-level models, the intent is to create an object model that is reasonably close to implementation structures and yet independent of any specific implementation. Filters are commonly used to determine packet handling and, therefore, are used in these device-level models. The QPIM model, on the other hand, is a domain-level model (i.e., in the PMT, repository and/or PDP). The approach taken in the current draft is very general in its capability. Without discussing the merits of the "atoms" approach in the QPIM, for a domain-level policy specification this generality might be seen as very beneficial. But it's not likely that a Diffserv PEP or an IKE service are going to have data structures that are going to sacrifice the efficiency of filters in favor of that generality. The question, then, comes down to how closely do we want the model and the application of the model to be to one another. So, this is not to say that we shouldn't explore convergence here, it's just that we haven't to date because of the perceived affinity to implementations at the two different levels. I hope this helps. 2. There's another divergence that you didn't mention that I've noticed and that I'm less comfortable with. It's in the handling of the rule priorities as they're aggregated in policy groups. Specifically, in the soon to be released DMTF IPsec model (and presumably in Jamie's revision of the IPsec Configuration Policy Model when it's posted) the IPsecPolicyGroupInPolicyGroup aggregation of groups has a GroupPriority property that is used to assign absolute priorities to rules within groups of groups. The model uses the PolicyRule.RulePriority for the rule and, for simplicity, we limit a rule to be in a single group. But since groups can be in multiple groups, it is the relationship between the groups that assign the relative priorities of the contained rules to those contained in other groups. In QPIM, however, PolicyGroup subclasses are limited to a single parent in the aggregation hierarchy. With that limitation in mind, the gpPriority property has been placed in the gpsPolicyGroup class instead of in the aggregating relationship. I believe that we should settle on a single way of prioritizing groups within groups and that generality would lead to putting that priority into the PolicyGroupInPolicyGroup subclasses. There may be other alignment concerns but this is what I've spotted so far. Lee ----- Original Message ----- From: "Jean Christophe Martin" To: Sent: Tuesday, November 21, 2000 4:57 PM Subject: QoS/IPSEC alignement questions > > > I'm trying to understand how the QoS drafts are relating to the > IPSEC drafts , and so far, I have little succes. For example : > > > The IPSEC Policy Model is defining : > > PolicyCondition > | > SACondition <----FilterofSACondition--->FilterList > > > > That should map, for the QoS, into : > > PolicyCondition > | > QoSCondition <---FilterofQosCondition-->FilterList > > > The FilterList is a list of FilterEntryBase that can either be > QoS specific Filter Entries or plain FilterEntry as defined in > CIM network model. > > However, in draft-ietf-policy-qos-info-model-01.txt, the Condition > is using a complete different model. > > Is there any plan to update the documents : Policy Framework QoS > Information Model and QoS Policy Schema to use a model like the > IPSEC model that seems closer to the DMTF model ? > > Thanks > > JC. From majordomo@raleigh.ibm.com Wed Dec 6 14:43:35 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA26575 for ; Wed, 6 Dec 2000 14:43:33 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA25050; Wed, 6 Dec 2000 14:34:22 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id OAA06418; Wed, 6 Dec 2000 14:34:20 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA43114; Wed, 6 Dec 2000 14:01:45 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA37730; Wed, 6 Dec 2000 14:01:42 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id OAA26208; Wed, 6 Dec 2000 14:01:45 -0500 Received: from mx-relay1.treas.gov (mx-relay1.treas.gov [199.196.144.5]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id OAA18808; Wed, 6 Dec 2000 14:01:41 -0500 Received: from tias4.treas.gov (tias-gw4.treas.gov [199.196.144.14]) by mx-relay1.treas.gov (8.9.1b+Sun/8.9.3) with SMTP id OAA21680; Wed, 6 Dec 2000 14:02:10 -0500 (EST) Received: from mailhub.net.treas.gov by tias4.treas.gov via smtpd (for mx-relay.treas.gov [199.196.144.5]) with SMTP; 6 Dec 2000 19:02:10 UT Received: from mears.indy.cr.irs.gov (mailhub-2.net.treas.gov [10.7.8.10]) by mailhub-2.net.treas.gov (8.9.1b+Sun/8.9.3) with ESMTP id OAA06215; Wed, 6 Dec 2000 14:02:04 -0500 (EST) Received: from parnelli.indy.cr.irs.gov (IDENT:lsbart35@localhost [127.0.0.1]) by mears.indy.cr.irs.gov (8.9.3/8.9.3) with ESMTP id OAA20350; Wed, 6 Dec 2000 14:01:59 -0500 Message-Id: <3A2E8D27.688DC79D@parnelli.indy.cr.irs.gov> Date: Wed, 06 Dec 2000 14:01:59 -0500 From: "Larry S. Bartz" X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en Mime-Version: 1.0 To: Lee Rafalow Cc: policy@raleigh.ibm.com, wg-ldap@dmtf.org Subject: Re: matching rules for directoryString [was: Re: CIM24 schema tweaks] References: <005701c05f99$45de3780$2f302509@raleigh.ibm.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Larry S. Bartz" Content-Transfer-Encoding: 7bit Lee, I think the answer depends in part on how much we care about supporting internationalization, and for which attributes. "Ignore case" is meaningless (maybe dangerous) if the string is a UTF-8 representation of a non-ASCII character set. I inferred from the draft's initial assignment of octetStringMatch to the orderedCimKeys attribute that there was a significant potential for non-ASCII characters in the value. Did I infer correctly? Is internationalization an issue for orderedCimKeys or any other directoryString attribute? If not, then I agree with you, Lee. caseIgnoreMatch makes the data easier to use. How about substring matching rules? Several attributes will possess meaningful substrings in their values. The schema should facilitate discovering those substrings. The following attribute descriptions should designate caseIgnoreSubstringsMatch in addition to the existing caseIgnoreMatch designation: - policyRoles - ptpConditionTime - ptpConditionTimeOfDayMask Depending upon whether "exact" or "ignore" is applied to orderedCimKeys, it should also be assigned the corresponding substring matching rule. Lee Rafalow wrote: > > So, now that we've resolved the question of what matching rules are > possible, let's address what matching rules we want to use. > > Although the attributes listed below have been thought of as case exact in > the past (e.g., earlier drafts of PCLS when they were IA5string syntax), I'm > not sure we should stay with that interpretation. The attributes listed > below are intended for search and/or rdn usage and requiring case exact > seems restrictive to me. In most uses there's nothing about > policyGroupName=Atlanta Routers that's different from > policyGroupName=atlanta routers or policyRepositoryName=Southeast and > policyRepositoryName=southeast. Further, if you look at other typically > used search and/or rdn attributes (e.g., cn, ou, o, l, etc.) they're cis. > > Cheers, Lee > > ----- Original Message ----- > From: "Ryan Moats" > To: "Larry S. Bartz" > Cc: "Quevedo, Felix" ; "IETF Policy WG LIST" > > Sent: Tuesday, December 05, 2000 10:21 AM > Subject: RE: matching rules for directoryString [was: Re: CIM24 schema > tweaks] > > > Thank you, Thank you, Thank you! > > > > Having looked at the relevant section, I am MUCH more comfortable > > with this than with caseIgnoreMatch. > > > > I think caseExactMatch should be used for > > > > - orderedCimKeys in the 2.4 Mapping > > - policyKeywords, policyGroupName, policyRuleName, policyConditionName, > > policyActionName, policyInstanceName, policyRepositoryName in the PCLS > > (Hey Bob, there's going to be a -09 isn't there ;-) > > > > Ryan > > > > -----Original Message----- > > From: lsbart35@mears.indy.cr.irs.gov > > [mailto:lsbart35@mears.indy.cr.irs.gov]On Behalf Of Larry S. Bartz > > Sent: Tuesday, December 05, 2000 7:04 AM > > To: rmoats@coreon.net > > Cc: Quevedo, Felix; IETF Policy WG LIST; ietf-ldapbis@openldap.org; > > ietf-ldapext@netscape.com > > Subject: matching rules for directoryString [was: Re: CIM24 schema > > tweaks] > > > > > > rmoats@coreon.net wrote: > > > > > .[snip] > > > What do you suggest as the > > > equality match? Based on my reading of the X.500-series and > > > LDAP RFCs the only option for Directory Strings is > > > caseIgnoreMatch, and I'm not at all comfortable with > > > declaring that as the matching rule for a syntax that holds > > > UTF-8 strings. > > [snip] > > > > > > > I'm reading X.501 and X.520 from > > ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your > > copy). Although these are drafts from the 4th edition of the X.500 > > series, it does not appear that the sections which apply to this > > immediate issue are new or different from current/previous documents. > > > > X.501 requires that the assertion syntax of the matching rule and > > the syntax of attributes to which the matching rule is applied > > must be equivalent. See section 13.5. > > > > X.520 defines a caseExactMatch rule which applies to directoryString > > attributes. See section 6.1.4. > > > > Section 8 of RFC2252 does not mention a caseExactMatch rule which > > applies to directoryString attributes. But neither does it appear that > > section 8 was intended to describe the entire universe of allowable > > or appropriate matching rules. Nothing in RFC2252's section 8 precludes > > a Directory implementation from supporting matching rules beyond those > > which are enumerated. > > > > Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the > > requirement for LDAP servers to support the X.500 data and service > > models. > > > > Based on these facts, think it is reasonable to specify caseExactMatch > > for directoryString attributes. Further, I think it is reasonable to > > expect that Directory implementations will support it. > > > > Also see http://www.alvestrand.no/objectid/2.5.13.5.html > > > > Note that the specification of caseExactMatch for directoryString > > attributes did not prevent RFCs 2713 and 2714 from obtaining. > > > > -- > > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| > > # Larry Bartz | | > > # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | > > # | Ooo, ooo, oooooo! | > > # | I've got a gnu attitude! | > > # voice (317) 226-7060 | | > > # FAX (317) 226-6378 | | > > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| > > -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Wed Dec 6 17:04:46 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA08738 for ; Wed, 6 Dec 2000 17:04:46 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id QAA19046; Wed, 6 Dec 2000 16:55:34 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id QAA30564; Wed, 6 Dec 2000 16:55:23 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA59586; Wed, 6 Dec 2000 16:24:56 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA53678; Wed, 6 Dec 2000 16:24:50 -0500 Received: from corp.tivoli.com (corp.tivoli.com [146.84.104.1]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id QAA32990 for ; Wed, 6 Dec 2000 16:24:53 -0500 From: Ed_Ellesson@tivoli.com Received: from schub.tivoli.com (schub.tivoli.com [146.84.104.17]) by corp.tivoli.com (8.9.3/8.9.0) with ESMTP id PAA18260; Wed, 6 Dec 2000 15:25:20 -0600 (CST) Importance: Normal Subject: Drafts (RE: Policy Framework WG Agenda) To: policy@raleigh.ibm.com, "Wang, Cliff" Cc: "'Ed_Ellesson@tivoli.com'" , "Joel M. Halpern" , "Wijnen, Bert (Bert)" Date: Wed, 6 Dec 2000 16:19:36 -0500 Message-Id: X-Mimetrack: Serialize by Router on SCHub/Tivoli Systems(Release 5.0.4a |July 24, 2000) at 12/06/2000 03:24:17 PM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Ed_Ellesson@tivoli.com Cliff, >Can you give the doc name/location with respect to QDDIM, QPIM, and all >other items listed in the agenda? Yes, I can. Sorry, that I did not include this info on the agenda. By the way, many of these are linked via the working group's charter web page, but not all of them: http://www.ietf.org/html.charters/policy-charter.html If anyone sees anything that I missed, please comment to the list. 1. Documents directly related to Policy Framework WG agenda: PCIM: http://www.ietf.org/internet-drafts/draft-ietf-policy-core-info-model-08.txt QDDIM: http://www.ietf.org/internet-drafts/draft-ietf-policy-qos-device-info-model-02.txt QPIM: http://www.ietf.org/internet-drafts/draft-ietf-policy-qos-info-model-02.txt IPSP: (see note 1) http://www.ietf.org/internet-drafts/draft-ietf-ipsp-config-policy-model-01.txt PCLS: http://www.ietf.org/internet-drafts/draft-ietf-policy-core-info-model-08.txt Policy Terminology: http://www.ietf.org/internet-drafts/draft-ietf-policy-terminology-01.txt DiffServ MIB: http://www.ietf.org/internet-drafts/draft-ietf-diffserv-mib-06.txt DiffServ PIB: http://www.ietf.org/internet-drafts/draft-ietf-diffserv-pib-02.txt DiffServ Conceptual Model: http://www.ietf.org/internet-drafts/draft-ietf-diffserv-model-05.txt 2. Requirements and Use Cases Drafts: (see note 2, below) Requirements: http://www.ietf.org/internet-drafts/draft-ietf-policy-req-02.txt Use Cases: http://www.ietf.org/internet-drafts/draft-mahon-policy-use-00.txt Managing Policy: http://www.ietf.org/internet-drafts/draft-mahon-policy-mgmt-00.txt 3. AAA Architecture and MPLS application of Policy: (see note 3, below) Policy for AAA: http://www.ietf.org/internet-drafts/draft-irtf-aaaarch-aaa-pol-00.txt Generic Policy for AAA: http://www.ietf.org/internet-drafts/draft-taal-aaaarch-generic-pol-00.txt Policy for Accounting: http://www.ietf.org/internet-drafts/draft-irtf-aaaarch-pol-acct-01.txt MPLS: http://www.ietf.org/internet-drafts/draft-chadha-policy-mpls-te-01.txt Notes: 1. I think some work has been done on the ipsp model, since the ipsp draft listed here, was issued. I expect there will be another draft posted to the ietf internet-draft repository, after the San Diego meeting, which will reflect this additional work. 2. The requirements, and use cases drafts will be mentioned during the charter discussion at the beginning of the first session, but we don't expect detailed discussions on the content of these drafts, at these IETF sessions. 3. We may not have time to get to the discussion of the AAA Architecture and MPLS drafts, depending on how long the discussion of the QOS and IPsec issues goes on. We will make that call in the second session on Wednesday. Ed Ellesson Tivoli Systems Durham, NC ellesson@tivoli.com Office at Tivoli: 919-224-2111 Office at home: 919-644-3977 From majordomo@raleigh.ibm.com Wed Dec 6 17:36:38 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA18345 for ; Wed, 6 Dec 2000 17:36:37 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id RAA35994; Wed, 6 Dec 2000 17:25:29 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id RAA35458; Wed, 6 Dec 2000 17:25:30 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA37710; Wed, 6 Dec 2000 15:40:47 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA33094; Wed, 6 Dec 2000 15:40:44 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id PAA26934; Wed, 6 Dec 2000 15:40:38 -0500 Received: from cisco.com (csi-admin1.cisco.com [144.254.91.12]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id PAA27276; Wed, 6 Dec 2000 15:39:55 -0500 Received: from user-53.cisco.com ([144.254.95.35]) by cisco.com (8.8.5-Cisco.2-SunOS.5.5.1.sun4/8.8.8) with ESMTP id WAA20748; Wed, 6 Dec 2000 22:39:44 +0200 (IST) Message-Id: <4.3.2.7.2.20001206122857.00b37100@csi-admin1> X-Sender: ronc@csi-admin1 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 06 Dec 2000 12:39:00 -0800 To: "Lee Rafalow" , "Jean Christophe Martin" , , From: Ron Cohen Subject: Re: QoS/IPSEC alignment questions In-Reply-To: <008301c05fae$7719c660$2f302509@raleigh.ibm.com> References: <3A1AEFAD.41055193@sun.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Ron Cohen Lee, I fully agree with point 1. For the second point, in the QPIM 02 draft we explain the reuse of policy groups, i.e. we allow having more than one parent for each policy group. We have a section that discuss how to use priority in this case. The PolicyGroupInPolicyGroup aggregation is defined in PCIM, not in QPIM, without the additional priority property. I think that your proposal to include the priority in the aggregation is much more elegant. We might still do it by defining a new aggregation, or a derived one. Lets talk about this in the IETF and find the right solution. Thanks Ron >Jean, > >1. I think the difference between the condition representations can be >justified. > >The IETF QDDIM and IPSP models (and their corresponding DMTF QoS and IPsec >models)are device-level models, i.e., in the PEP. In these device-level >models, the intent is to create an object model that is reasonably close to >implementation structures and yet independent of any specific >implementation. Filters are commonly used to determine packet handling and, >therefore, are used in these device-level models. > >The QPIM model, on the other hand, is a domain-level model (i.e., in the >PMT, repository and/or PDP). The approach taken in the current draft is >very general in its capability. Without discussing the merits of the >"atoms" approach in the QPIM, for a domain-level policy specification this >generality might be seen as very beneficial. But it's not likely that a >Diffserv PEP or an IKE service are going to have data structures that are >going to sacrifice the efficiency of filters in favor of that generality. > >The question, then, comes down to how closely do we want the model and the >application of the model to be to one another. So, this is not to say that >we shouldn't explore convergence here, it's just that we haven't to date >because of the perceived affinity to implementations at the two different >levels. > >I hope this helps. > >2. There's another divergence that you didn't mention that I've noticed and >that I'm less comfortable with. It's in the handling of the rule priorities >as they're aggregated in policy groups. > >Specifically, in the soon to be released DMTF IPsec model (and presumably in >Jamie's revision of the IPsec Configuration Policy Model when it's posted) >the IPsecPolicyGroupInPolicyGroup aggregation of groups has a GroupPriority >property that is used to assign absolute priorities to rules within groups >of groups. The model uses the PolicyRule.RulePriority for the rule and, for >simplicity, we limit a rule to be in a single group. But since groups can >be in multiple groups, it is the relationship between the groups that assign >the relative priorities of the contained rules to those contained in other >groups. > >In QPIM, however, PolicyGroup subclasses are limited to a single parent in >the aggregation hierarchy. With that limitation in mind, the gpPriority >property has been placed in the gpsPolicyGroup class instead of in the >aggregating relationship. > >I believe that we should settle on a single way of prioritizing groups >within groups and that generality would lead to putting that priority into >the PolicyGroupInPolicyGroup subclasses. > >There may be other alignment concerns but this is what I've spotted so far. > >Lee > >----- Original Message ----- >From: "Jean Christophe Martin" >To: >Sent: Tuesday, November 21, 2000 4:57 PM >Subject: QoS/IPSEC alignement questions > > > > > > > > I'm trying to understand how the QoS drafts are relating to the > > IPSEC drafts , and so far, I have little succes. For example : > > > > > > The IPSEC Policy Model is defining : > > > > PolicyCondition > > | > > SACondition <----FilterofSACondition--->FilterList > > > > > > > > That should map, for the QoS, into : > > > > PolicyCondition > > | > > QoSCondition <---FilterofQosCondition-->FilterList > > > > > > The FilterList is a list of FilterEntryBase that can either be > > QoS specific Filter Entries or plain FilterEntry as defined in > > CIM network model. > > > > However, in draft-ietf-policy-qos-info-model-01.txt, the Condition > > is using a complete different model. > > > > Is there any plan to update the documents : Policy Framework QoS > > Information Model and QoS Policy Schema to use a model like the > > IPSEC model that seems closer to the DMTF model ? > > > > Thanks > > > > JC. From majordomo@raleigh.ibm.com Wed Dec 6 18:38:14 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA05740 for ; Wed, 6 Dec 2000 18:38:13 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id SAA30900; Wed, 6 Dec 2000 18:28:59 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id SAA24560; Wed, 6 Dec 2000 18:28:57 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA51404; Wed, 6 Dec 2000 17:52:11 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA37572; Wed, 6 Dec 2000 17:52:08 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id RAA37468 for ; Wed, 6 Dec 2000 17:52:13 -0500 Received: from zcars04e.ca.nortel.com (h56s242a129n47.user.nortelnetworks.com [47.129.242.56]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id RAA29990 for ; Wed, 6 Dec 2000 17:52:08 -0500 Received: from zcard015.ca.nortel.com by zcars04e.ca.nortel.com; Wed, 6 Dec 2000 17:51:41 -0500 Received: by zcard015.ca.nortel.com with Internet Mail Service (5.5.2652.35) id ; Wed, 6 Dec 2000 17:51:43 -0500 Message-Id: <28560036253BD41191A10000F8BCBD11841D27@zcard00g.ca.nortel.com> From: "Mircea Pana" To: "'policy@raleigh.ibm.com'" Subject: cardinality of policyRuleSequencedActions Date: Wed, 6 Dec 2000 17:51:35 -0500 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2652.35) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C05FD7.15B191E0" X-Orig: Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Mircea Pana" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C05FD7.15B191E0 Content-Type: text/plain; charset="iso-8859-1" Wrt. the cardinality of some LDAP attributes defined in "draft-ietf-policy-core-schema-08": 1. Isn't the "policyRuleSequencedActions" attribute supposed to be single-valued (in "policyRule")? The document does not specify this attribute's cardinality, which implies as default: multi-value. 2. Same comment for "ptpConditionTimeOfDayMask" attribute (in "policyTimePeriodConditionAuxClass"). However, if this last one should be multi-valued, by extrapolation, shouldn't the "ptpConditionTime" be multi-valued as well? Thanks, Mircea Pana. ------_=_NextPart_001_01C05FD7.15B191E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable cardinality of policyRuleSequencedActions

Wrt. the cardinality of some LDAP attributes defined = in "draft-ietf-policy-core-schema-08":

1. Isn't the "policyRuleSequencedActions" = attribute supposed to be single-valued (in "policyRule")? The = document does not specify this attribute's cardinality, which implies = as default: multi-value.

2. Same comment for = "ptpConditionTimeOfDayMask" attribute (in = "policyTimePeriodConditionAuxClass").
However, if this last one should be multi-valued, by = extrapolation, shouldn't the "ptpConditionTime" be = multi-valued as well?

Thanks,
Mircea Pana.

------_=_NextPart_001_01C05FD7.15B191E0-- From majordomo@raleigh.ibm.com Wed Dec 6 19:16:33 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA14160 for ; Wed, 6 Dec 2000 19:16:33 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id TAA33954; Wed, 6 Dec 2000 19:06:02 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id TAA33534; Wed, 6 Dec 2000 19:05:57 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA52688; Wed, 6 Dec 2000 18:32:10 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA41672; Wed, 6 Dec 2000 18:32:07 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id SAA24426; Wed, 6 Dec 2000 18:32:10 -0500 Received: from mailmaestro.smartpipes.com (mailmaestro.smartpipes.com [63.98.224.170]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id SAA31110; Wed, 6 Dec 2000 18:32:07 -0500 Received: by mailmaestro.smartpipes.com with Internet Mail Service (5.5.2650.21) id ; Wed, 6 Dec 2000 23:32:04 -0000 Message-Id: <8E1E94178828D143B34A560A7A6F2C0B01A6A115@mailmaestro.smartpipes.com> From: "Quevedo, Felix" To: "'Larry S. Bartz'" , Lee Rafalow Cc: policy@raleigh.ibm.com, wg-ldap@dmtf.org Subject: RE: matching rules for directoryString [was: Re: CIM24 schema twe aks] Date: Wed, 6 Dec 2000 23:32:04 -0000 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Quevedo, Felix" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id TAA14160 Larry, Lee, I like the proposal for caseIgnoreMatch. Per the DSP0100 the content of orderedCimKeys looks a lot like a DN. The DN Match is not a trivial MR to implement. I can see developers validating components of the attribute following similar rules as the ones for a DN. This means that string pre-validation may well be base on the MR of the components. The next question, is the usage. How will we build search filters? Does a DirectoryString meet our need? I bet somebody thought about this. For a orderedCimKeys of: DLM_Rack.CreationClassName=DLM_Rack,Tag=AcmeRack4279B A valid filter for a caseIgnoreMatch DirectoryString would be: OrderedCimKeys=*_Rack.creationClass*b Is this valid? Would there be a search per orderedCimKeys? Will all the components be known for an exact match? Would the expected usage is that we will always know exactly how an orderedCimKeys look like? Quite interesting. Félix E Quevedo :) Smile, everything is possible! E-Mail: fquevedo@smartpipes.com Voice: 614 923 6242 Fax: 614 923 6299 -----Original Message----- From: Larry S. Bartz [mailto:lbartz@parnelli.indy.cr.irs.gov] Sent: Wednesday, December 06, 2000 14:02 To: Lee Rafalow Cc: policy@raleigh.ibm.com; wg-ldap@dmtf.org Subject: Re: matching rules for directoryString [was: Re: CIM24 schema tweaks] Lee, I think the answer depends in part on how much we care about supporting internationalization, and for which attributes. "Ignore case" is meaningless (maybe dangerous) if the string is a UTF-8 representation of a non-ASCII character set. I inferred from the draft's initial assignment of octetStringMatch to the orderedCimKeys attribute that there was a significant potential for non-ASCII characters in the value. Did I infer correctly? Is internationalization an issue for orderedCimKeys or any other directoryString attribute? If not, then I agree with you, Lee. caseIgnoreMatch makes the data easier to use. How about substring matching rules? Several attributes will possess meaningful substrings in their values. The schema should facilitate discovering those substrings. The following attribute descriptions should designate caseIgnoreSubstringsMatch in addition to the existing caseIgnoreMatch designation: - policyRoles - ptpConditionTime - ptpConditionTimeOfDayMask Depending upon whether "exact" or "ignore" is applied to orderedCimKeys, it should also be assigned the corresponding substring matching rule. Lee Rafalow wrote: > > So, now that we've resolved the question of what matching rules are > possible, let's address what matching rules we want to use. > > Although the attributes listed below have been thought of as case exact in > the past (e.g., earlier drafts of PCLS when they were IA5string syntax), I'm > not sure we should stay with that interpretation. The attributes listed > below are intended for search and/or rdn usage and requiring case exact > seems restrictive to me. In most uses there's nothing about > policyGroupName=Atlanta Routers that's different from > policyGroupName=atlanta routers or policyRepositoryName=Southeast and > policyRepositoryName=southeast. Further, if you look at other typically > used search and/or rdn attributes (e.g., cn, ou, o, l, etc.) they're cis. > > Cheers, Lee > > ----- Original Message ----- > From: "Ryan Moats" > To: "Larry S. Bartz" > Cc: "Quevedo, Felix" ; "IETF Policy WG LIST" > > Sent: Tuesday, December 05, 2000 10:21 AM > Subject: RE: matching rules for directoryString [was: Re: CIM24 schema > tweaks] > > > Thank you, Thank you, Thank you! > > > > Having looked at the relevant section, I am MUCH more comfortable > > with this than with caseIgnoreMatch. > > > > I think caseExactMatch should be used for > > > > - orderedCimKeys in the 2.4 Mapping > > - policyKeywords, policyGroupName, policyRuleName, policyConditionName, > > policyActionName, policyInstanceName, policyRepositoryName in the PCLS > > (Hey Bob, there's going to be a -09 isn't there ;-) > > > > Ryan > > > > -----Original Message----- > > From: lsbart35@mears.indy.cr.irs.gov > > [mailto:lsbart35@mears.indy.cr.irs.gov]On Behalf Of Larry S. Bartz > > Sent: Tuesday, December 05, 2000 7:04 AM > > To: rmoats@coreon.net > > Cc: Quevedo, Felix; IETF Policy WG LIST; ietf-ldapbis@openldap.org; > > ietf-ldapext@netscape.com > > Subject: matching rules for directoryString [was: Re: CIM24 schema > > tweaks] > > > > > > rmoats@coreon.net wrote: > > > > > .[snip] > > > What do you suggest as the > > > equality match? Based on my reading of the X.500-series and > > > LDAP RFCs the only option for Directory Strings is > > > caseIgnoreMatch, and I'm not at all comfortable with > > > declaring that as the matching rule for a syntax that holds > > > UTF-8 strings. > > [snip] > > > > > > > I'm reading X.501 and X.520 from > > ftp://ftp.bull.com/pub/OSIdirectory/4thEditionTexts/ (hurry for your > > copy). Although these are drafts from the 4th edition of the X.500 > > series, it does not appear that the sections which apply to this > > immediate issue are new or different from current/previous documents. > > > > X.501 requires that the assertion syntax of the matching rule and > > the syntax of attributes to which the matching rule is applied > > must be equivalent. See section 13.5. > > > > X.520 defines a caseExactMatch rule which applies to directoryString > > attributes. See section 6.1.4. > > > > Section 8 of RFC2252 does not mention a caseExactMatch rule which > > applies to directoryString attributes. But neither does it appear that > > section 8 was intended to describe the entire universe of allowable > > or appropriate matching rules. Nothing in RFC2252's section 8 precludes > > a Directory implementation from supporting matching rules beyond those > > which are enumerated. > > > > Section 3.3 of RFC2251 asserts LDAP's relationship to X.500 and the > > requirement for LDAP servers to support the X.500 data and service > > models. > > > > Based on these facts, think it is reasonable to specify caseExactMatch > > for directoryString attributes. Further, I think it is reasonable to > > expect that Directory implementations will support it. > > > > Also see http://www.alvestrand.no/objectid/2.5.13.5.html > > > > Note that the specification of caseExactMatch for directoryString > > attributes did not prevent RFCs 2713 and 2714 from obtaining. > > > > -- > > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| > > # Larry Bartz | | > > # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | > > # | Ooo, ooo, oooooo! | > > # | I've got a gnu attitude! | > > # voice (317) 226-7060 | | > > # FAX (317) 226-6378 | | > > #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| > > -- #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| # Larry Bartz | | # lbartz@parnelli.indy.cr.irs.gov | Ooo, ooo, | # | Ooo, ooo, oooooo! | # | I've got a gnu attitude! | # voice (317) 226-7060 | | # FAX (317) 226-6378 | | #::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::| From majordomo@raleigh.ibm.com Thu Dec 7 00:41:46 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id AAA20916 for ; Thu, 7 Dec 2000 00:41:45 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id AAA38680; Thu, 7 Dec 2000 00:32:14 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id AAA28650; Thu, 7 Dec 2000 00:32:11 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA33030; Wed, 6 Dec 2000 23:52:49 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA56300; Wed, 6 Dec 2000 23:52:44 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id XAA34200 for ; Wed, 6 Dec 2000 23:52:48 -0500 Received: from arnie.adacel.com.au (arnie.adacel.com.au [203.36.26.147]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with SMTP id XAA19978 for ; Wed, 6 Dec 2000 23:52:44 -0500 Received: (qmail 14458 invoked from network); 7 Dec 2000 04:55:08 -0000 Received: from unknown (HELO osmium) (203.8.85.176) by arnie.adacel.com.au with SMTP; 7 Dec 2000 04:55:08 -0000 From: "Steven Legg" To: Cc: "'Quevedo, Felix'" , "'Larry S. Bartz'" , "'IETF Policy WG LIST'" , Subject: RE: CIM24 schema tweaks Date: Thu, 7 Dec 2000 15:53:41 +1100 Message-Id: <000301c06009$acad61f0$b05508cb@osmium.adacel.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 In-Reply-To: <200012020059.AAO48966@mail.coreon.net> X-Mimeole: Produced By Microsoft MimeOLE V4.72.2120.0 Importance: Normal Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Steven Legg" Content-Transfer-Encoding: 7bit Ryan, > -----Original Message----- > From: owner-ietf-ldapbis@OpenLDAP.org > [mailto:owner-ietf-ldapbis@OpenLDAP.org]On Behalf Of rmoats@coreon.net > Sent: Saturday, 2 December 2000 12:13 > To: Larry S. Bartz > Cc: Quevedo, Felix; IETF Policy WG LIST; ietf-ldapbis@OpenLDAP.org; > ietf-ldapext@netscape.com > Subject: Re: CIM24 schema tweaks [snip] > >I've spotted another potential difficulty with the schema of > DSP0117. > > > >See this description: > > > >attributetype ( 1.3.6.1.4.1.412.100.1.2.1 > > NAME 'orderedCimKeys' > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE > > EQUALITY octetStringMatch > > ) > > > >The matching rule syntax does not match the attribute's > syntax. This > >must be corrected. > > Well, as an editor, I get to play the "no complaints without > making a suggestion" card. What do you suggest as the > equality match? Based on my reading of the X.500-series and > LDAP RFCs the only option for Directory Strings is > caseIgnoreMatch, and I'm not at all comfortable with > declaring that as the matching rule for a syntax that holds > UTF-8 strings. > > Actually, the more I think about this, I think this is a > bigger issue than just Policy, so I'm cross posting to > ldapext and the newly minted ldapbis to see what those > folks can add. It was attributes like orderedCimKeys that motivated me to write the component matching rules draft (draft-legg-ldapext-component-matching-00.txt). The content of the orderedCimKeys attribute is structured data with a well defined format, rather than free text, so a specific new attribute syntax is warranted. Stuffing highly structured data into attributes with the Directory String syntax means that the directory can do nothing more than treat values as opaque blobs of bytes. Almost inevitably the question of a suitable equality matching rule is raised because the existing string matching rules are not designed for matching structured data. The component matching rules are intended to provide convenient default equality matching rules for structured data, as well as a generic capability (that is more expressive than simple substring matching) to filter match component parts of the structured attribute values. The key to all this is a formal way to describe the structure of the data, which for the component matching rules is ASN.1 type notation. I note that the structure of an LDAP string encoded value of orderedCimKeys is described by: .=[,=]* Without looking into the details, I'm guessing that something like the following ASN.1 type would adequately describe the conceptual structure of the syntax. OrderedCIMKeys ::= SEQUENCE { className UTF8String, keys SEQUENCE SIZE (1..MAX) OF { key UTF8String, value UTF8String } } This is enough to completely define the behaviour of the directoryComponentsMatch matching rule (a component by component equality match) on a value of orderedCimKeys. If the default matching of directoryComponentsMatch doesn't quite suit a particular application then there is an easy way of extending it to define, for example, a policyComponentsMatch matching rule that is more generally suitable for policy attribute syntaxes. The ASN.1 type definition for the syntax is also sufficient to completely define the behaviour of the componentFilterMatch matching rule. This matching rule would provide the ability to search for orderCimKeys values with particular class names, particular key types, or particular (key, value) pairs, etc, in whatever filter combinations a user might want. These matching capabilities are completely specified just by writing down an ASN.1 definition of a syntax. Having that definition also opens up the possibility of the directory doing other useful things with values. For example, in the not too distant future directory servers may be receiving and returning XML encoded versions of attribute values. If the attribute syntax is a bland directory string then the XML encoding of, say, a value of orderedCimKeys will look something like this: whatever.abc=vvvv,def=wwww whereas a knowledge of the structure of the data will allow the directory to produce XML encodings that are more meaningfully marked up (and more verbose of course) as in the following: whatever abc vvvv def wwww The component matching rules make it easy for applications to define powerful matching capabilities, but the directory servers have to implement those capabilities, so there is an initial implementation barrier on the directory server side. My hope is that directory server vendors will take advantage of the fact that the component matching framework lends itself to high levels of automation, whereby exotic new application syntaxes can be easily and quickly accommodated (through run-time interpretation or compiled plug-ins). Regards, Steven > > Ryan Moats > From majordomo@raleigh.ibm.com Thu Dec 7 02:26:48 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA11296 for ; Thu, 7 Dec 2000 02:26:48 -0500 (EST) Received: from rtpmail03.raleigh.ibm.com (rtpmail03.raleigh.ibm.com [9.37.172.47]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id CAA38770; Thu, 7 Dec 2000 02:17:09 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id CAA29136; Thu, 7 Dec 2000 02:17:06 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA58466; Thu, 7 Dec 2000 01:36:38 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA36950; Thu, 7 Dec 2000 01:36:34 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id BAA28704 for ; Thu, 7 Dec 2000 01:36:39 -0500 Received: from web10501.mail.yahoo.com (web10501.mail.yahoo.com [216.136.130.151]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with SMTP id BAA37252 for ; Thu, 7 Dec 2000 01:36:37 -0500 Message-Id: <20001207063636.22236.qmail@web10501.mail.yahoo.com> Received: from [198.206.187.100] by web10501.mail.yahoo.com; Wed, 06 Dec 2000 22:36:36 PST Date: Wed, 6 Dec 2000 22:36:36 -0800 (PST) From: Mahadevan Iyer Subject: gpsPolicyGroup class in qos info model To: policy@raleigh.ibm.com, ipsec-policy@vpnc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Mahadevan Iyer I would like to suggest an update to the gpsPolicyGroup class. This also relates to the PolicyRuleInPolicyRule usage. I need to indicate that a group of policy rules should be checked only if the traffic matches some aggregate conditions. These aggregate conditions summarize the conditions within the policy rules. I would like to specify the aggregate conditions at the level of the gpsPolicyGroup. An alternative is to use the PolicyRule + PolicyRuleInPolicyRule instead of the gpsPolicyGroup. However I prefer to use the gpsPolicyGroup. I would suggest adding an aggregate policy condition to the gpsPolicyGroup. This condition would typically be a gpsPolicyCompoundCondition. Thanks __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ From majordomo@raleigh.ibm.com Thu Dec 7 04:28:53 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA12585 for ; Thu, 7 Dec 2000 04:28:53 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id EAA26716; Thu, 7 Dec 2000 04:16:52 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id EAA18772; Thu, 7 Dec 2000 04:16:51 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA31688; Thu, 7 Dec 2000 03:34:33 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA31728; Thu, 7 Dec 2000 03:34:11 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id DAA35242 for ; Thu, 7 Dec 2000 03:34:11 -0500 Received: from cisco.com (csi-admin1.cisco.com [144.254.91.12]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id DAA33014 for ; Thu, 7 Dec 2000 03:34:08 -0500 Received: from user-53.cisco.com (telaviv3-dhcp153.cisco.com [144.254.93.91]) by cisco.com (8.8.5-Cisco.2-SunOS.5.5.1.sun4/8.8.8) with ESMTP id KAA05329; Thu, 7 Dec 2000 10:34:00 +0200 (IST) Message-Id: <4.3.2.7.2.20001207003148.00b3a240@csi-admin1> X-Sender: ronc@csi-admin1 X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 07 Dec 2000 00:33:15 -0800 To: Mahadevan Iyer , policy@raleigh.ibm.com, ipsec-policy@vpnc.org From: Ron Cohen Subject: Re: gpsPolicyGroup class in qos info model In-Reply-To: <20001207063636.22236.qmail@web10501.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Ron Cohen Mahadevan, Can you provide more details why you prefer to change the gpsPolicyGroup than using the current policyRuleInPolicyRule method? Thanks Ron >I would like to suggest an update to the >gpsPolicyGroup class. >This also relates to the PolicyRuleInPolicyRule usage. > >I need to indicate that a group of policy rules should >be checked only if the traffic matches some aggregate >conditions. These aggregate conditions summarize the >conditions within the policy rules. > >I would like to specify the aggregate conditions at >the level of the gpsPolicyGroup. An alternative is to >use the PolicyRule + PolicyRuleInPolicyRule instead of >the gpsPolicyGroup. However I prefer to use the >gpsPolicyGroup. > >I would suggest adding an aggregate policy condition >to the gpsPolicyGroup. This condition would typically >be a gpsPolicyCompoundCondition. > > >Thanks > >__________________________________________________ >Do You Yahoo!? >Yahoo! Shopping - Thousands of Stores. Millions of Products. >http://shopping.yahoo.com/ From majordomo@raleigh.ibm.com Thu Dec 7 08:40:54 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id IAA18116 for ; Thu, 7 Dec 2000 08:40:54 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id IAA31048; Thu, 7 Dec 2000 08:30:53 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id IAA33984; Thu, 7 Dec 2000 08:30:47 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA46110; Thu, 7 Dec 2000 07:52:24 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA62742; Thu, 7 Dec 2000 07:52:20 -0500 Received: from southrelay02.raleigh.ibm.com (southrelay02.raleigh.ibm.com [9.37.3.209]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id HAA31526 for ; Thu, 7 Dec 2000 07:52:22 -0500 Received: from d04nm200.raleigh.ibm.com (d04nm200.raleigh.ibm.com [9.67.228.37]) by southrelay02.raleigh.ibm.com (8.8.8m3/NCO v4.95) with ESMTP id HAA48430; Thu, 7 Dec 2000 07:52:19 -0500 Importance: Normal Subject: Re: Drafts (RE: Policy Framework WG Agenda) To: Ed_Ellesson@tivoli.com Cc: policy@raleigh.ibm.com, "Wang, Cliff" , "'Ed_Ellesson@tivoli.com'" , "Joel M. Halpern" , "Wijnen, Bert (Bert)" X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-Id: From: "Robert Moore" Date: Thu, 7 Dec 2000 07:56:52 -0500 X-Mimetrack: Serialize by Router on D04NM200/04/M/IBM(Release 5.0.3 (Intl)|21 March 2000) at 12/07/2000 07:52:47 AM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Robert Moore" Ed, I spotted a typo in your note. The correct URL for the PCLS is http://ietf-mirror.raleigh.ibm.com/internet-drafts/draft-ietf-policy-core-schema-08.txt Regards, Bob Bob Moore IBM Networking Software +1-919-254-4436 remoore@us.ibm.com From majordomo@raleigh.ibm.com Thu Dec 7 09:38:08 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA24953 for ; Thu, 7 Dec 2000 09:38:07 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id JAA24392; Thu, 7 Dec 2000 09:19:37 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id JAA28684; Thu, 7 Dec 2000 09:19:35 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA23810; Thu, 7 Dec 2000 08:45:57 -0500 Received: from rtpmail02.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA58848; Thu, 7 Dec 2000 08:45:53 -0500 Received: from corp.tivoli.com (corp.tivoli.com [146.84.104.1]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id IAA25274 for ; Thu, 7 Dec 2000 08:45:54 -0500 From: Ed_Ellesson@tivoli.com Received: from schub.tivoli.com (schub.tivoli.com [146.84.104.17]) by corp.tivoli.com (8.9.3/8.9.0) with ESMTP id HAA16808; Thu, 7 Dec 2000 07:46:17 -0600 (CST) Importance: Normal Subject: Re: Drafts (RE: Policy Framework WG Agenda) To: "Robert Moore" Cc: Ed_Ellesson@tivoli.com, policy@raleigh.ibm.com, "Wang, Cliff" , "'Ed_Ellesson@tivoli.com'" , "Joel M. Halpern" , "Wijnen, Bert (Bert)" Date: Thu, 7 Dec 2000 08:40:28 -0500 Message-Id: X-Mimetrack: Serialize by Router on SCHub/Tivoli Systems(Release 5.0.4a |July 24, 2000) at 12/07/2000 07:45:12 AM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: Ed_Ellesson@tivoli.com Bob, Yes, thank you....I had the info model url rather than the schema url listed for pcls. The url from the ietf repository is: http://www.ietf.org/internet-drafts/draft-ietf-policy-core-schema-08.txt Ed Ellesson Tivoli Systems Durham, NC ellesson@tivoli.com Office at Tivoli: 919-224-2111 Office at home: 919-644-3977 "Robert Moore" on 12/07/2000 07:56:52 AM To: Ed_Ellesson@tivoli.com cc: policy@raleigh.ibm.com, "Wang, Cliff" , "'Ed_Ellesson@tivoli.com'" , "Joel M. Halpern" , "Wijnen, Bert (Bert)" Subject: Re: Drafts (RE: Policy Framework WG Agenda) Ed, I spotted a typo in your note. The correct URL for the PCLS is http://ietf-mirror.raleigh.ibm.com/internet-drafts/draft-ietf-policy-core-schema-08.txt Regards, Bob Bob Moore IBM Networking Software +1-919-254-4436 remoore@us.ibm.com From majordomo@raleigh.ibm.com Thu Dec 7 12:36:20 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA29974 for ; Thu, 7 Dec 2000 12:36:20 -0500 (EST) Received: from rtpmail02.raleigh.ibm.com (rtpmail02.raleigh.ibm.com [9.37.172.48]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id MAA32316; Thu, 7 Dec 2000 12:21:45 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail02.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id MAA29878; Thu, 7 Dec 2000 12:21:36 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA54894; Thu, 7 Dec 2000 11:47:20 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA30054; Thu, 7 Dec 2000 11:47:17 -0500 Received: from fwns2.raleigh.ibm.com (fwns2.raleigh.ibm.com [9.37.0.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id LAA22838 for ; Thu, 7 Dec 2000 11:47:19 -0500 Received: from mail.coreon.net (IDENT:mirapoint@mail.coreon.net [216.74.131.6]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id LAA30312 for ; Thu, 7 Dec 2000 11:47:15 -0500 Received: from rmoats2 (node-64-248-71-118.dslspeed.zyan.com [64.248.71.118]) by mail.coreon.net (Mirapoint) with ESMTP id AAO58934 (AUTH rmoats); Thu, 7 Dec 2000 11:47:44 -0500 (EST) From: "Ryan Moats" To: Cc: "'IETF Policy WG LIST'" , Subject: RE: CIM24 schema tweaks Date: Thu, 7 Dec 2000 10:54:04 -0600 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6700 In-Reply-To: <000301c06009$acad61f0$b05508cb@osmium.adacel.com.au> Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Ryan Moats" Content-Transfer-Encoding: 7bit Since this is a standards track document, I do not want to use something that creates a dependency and will hold up the document. Ryan -----Original Message----- Ryan, > -----Original Message----- [snip] > >I've spotted another potential difficulty with the schema of > DSP0117. > > > >See this description: > > > >attributetype ( 1.3.6.1.4.1.412.100.1.2.1 > > NAME 'orderedCimKeys' > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE > > EQUALITY octetStringMatch > > ) > > > >The matching rule syntax does not match the attribute's > syntax. This > >must be corrected. > > Well, as an editor, I get to play the "no complaints without > making a suggestion" card. What do you suggest as the > equality match? Based on my reading of the X.500-series and > LDAP RFCs the only option for Directory Strings is > caseIgnoreMatch, and I'm not at all comfortable with > declaring that as the matching rule for a syntax that holds > UTF-8 strings. > > Actually, the more I think about this, I think this is a > bigger issue than just Policy, so I'm cross posting to > ldapext and the newly minted ldapbis to see what those > folks can add. It was attributes like orderedCimKeys that motivated me to write the component matching rules draft (draft-legg-ldapext-component-matching-00.txt). The content of the orderedCimKeys attribute is structured data with a well defined format, rather than free text, so a specific new attribute syntax is warranted. Stuffing highly structured data into attributes with the Directory String syntax means that the directory can do nothing more than treat values as opaque blobs of bytes. Almost inevitably the question of a suitable equality matching rule is raised because the existing string matching rules are not designed for matching structured data. The component matching rules are intended to provide convenient default equality matching rules for structured data, as well as a generic capability (that is more expressive than simple substring matching) to filter match component parts of the structured attribute values. The key to all this is a formal way to describe the structure of the data, which for the component matching rules is ASN.1 type notation. I note that the structure of an LDAP string encoded value of orderedCimKeys is described by: .=[,=]* Without looking into the details, I'm guessing that something like the following ASN.1 type would adequately describe the conceptual structure of the syntax. OrderedCIMKeys ::= SEQUENCE { className UTF8String, keys SEQUENCE SIZE (1..MAX) OF { key UTF8String, value UTF8String } } This is enough to completely define the behaviour of the directoryComponentsMatch matching rule (a component by component equality match) on a value of orderedCimKeys. If the default matching of directoryComponentsMatch doesn't quite suit a particular application then there is an easy way of extending it to define, for example, a policyComponentsMatch matching rule that is more generally suitable for policy attribute syntaxes. The ASN.1 type definition for the syntax is also sufficient to completely define the behaviour of the componentFilterMatch matching rule. This matching rule would provide the ability to search for orderCimKeys values with particular class names, particular key types, or particular (key, value) pairs, etc, in whatever filter combinations a user might want. These matching capabilities are completely specified just by writing down an ASN.1 definition of a syntax. Having that definition also opens up the possibility of the directory doing other useful things with values. For example, in the not too distant future directory servers may be receiving and returning XML encoded versions of attribute values. If the attribute syntax is a bland directory string then the XML encoding of, say, a value of orderedCimKeys will look something like this: whatever.abc=vvvv,def=wwww whereas a knowledge of the structure of the data will allow the directory to produce XML encodings that are more meaningfully marked up (and more verbose of course) as in the following: whatever abc vvvv def wwww The component matching rules make it easy for applications to define powerful matching capabilities, but the directory servers have to implement those capabilities, so there is an initial implementation barrier on the directory server side. My hope is that directory server vendors will take advantage of the fact that the component matching framework lends itself to high levels of automation, whereby exotic new application syntaxes can be easily and quickly accommodated (through run-time interpretation or compiled plug-ins). Regards, Steven > > Ryan Moats > From majordomo@raleigh.ibm.com Thu Dec 7 13:35:43 2000 Received: from fwns2.raleigh.ibm.com (fwns2d.raleigh.ibm.com [204.146.167.236]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA08352 for ; Thu, 7 Dec 2000 13:35:38 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns2.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id NAA28720; Thu, 7 Dec 2000 13:05:00 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id NAA33604; Thu, 7 Dec 2000 13:02:55 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA35598; Thu, 7 Dec 2000 12:30:18 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA54788; Thu, 7 Dec 2000 12:30:14 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id MAA24496 for ; Thu, 7 Dec 2000 12:30:17 -0500 Received: from zcars04f.ca.nortel.com (h57s242a129n47.user.nortelnetworks.com [47.129.242.57]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id MAA15086 for ; Thu, 7 Dec 2000 12:30:12 -0500 Received: from zcard015.ca.nortel.com by zcars04f.ca.nortel.com; Thu, 7 Dec 2000 12:29:34 -0500 Received: by zcard015.ca.nortel.com with Internet Mail Service (5.5.2652.35) id ; Thu, 7 Dec 2000 12:29:35 -0500 Message-Id: <28560036253BD41191A10000F8BCBD11841D29@zcard00g.ca.nortel.com> From: "Mircea Pana" To: "'Robert Moore'" Cc: "'policy@raleigh.ibm.com'" Subject: RE: cardinality of policyRuleSequencedActions Date: Thu, 7 Dec 2000 12:29:33 -0500 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2652.35) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C06073.43855150" X-Orig: Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Mircea Pana" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C06073.43855150 Content-Type: text/plain; charset="iso-8859-1" Bob, For consistency I would have both attributes (ptpConditionTime and ptpConditionTimeOfDayMask) with the same cardinality. If these attributes are single-value, this may lead to a higher number of policyTimePeriodCondition[AuxClass] entries necessary to specify the validity period. On the other hand, if they are multi-valued, the semantics of the policyTimePeriodCondition[AuxClass] are overloaded. Therefore, an increase in complexity of the provisioning and consumption activities. I tend to be in favor of the single-valued option due to its reduced complexity. However, in an environment where the "LDAP Control for a Duplicate Entry Representation of Search Results" (http://www.ietf.org/internet-drafts/draft-ietf-ldapext-ldapv3-dupent-06.txt ) is used, the client experience could be similar in both cases. Regards, Mircea. > -----Original Message----- > From: Robert Moore [mailto:remoore@us.ibm.com] > Sent: Thursday, December 07, 2000 10:38 AM > To: Pana, Mircea [CAR:5E10:EXCH] > Cc: 'policy@raleigh.ibm.com' > Subject: Re: cardinality of policyRuleSequencedActions > > > Mircea, > > You're definitely right about #1 -- I've already changed > this in the PCLS source file. > > For #2, I *think* that having it multi-valued was > intentional, but I'm not really sure. The idea would be > to allow us to represent in a single object a schedule > like 0800 to 1200 AND 1300 to 1700. I don't know if such > schedules will be common enough to warrant the extra > complexity. > > One further factor: both of the ptpCondition properties > in PCIM that correspond to these two attributes are > single-valued. So we either need to change > ptpConditionTimeOfDayMask to single-valued (and leave > ptpConditionTime single-valued), or else make one or both > of them multi-valued, and track the corresponding change > to PCIM as our first piece of Proposed Standard > implementation experience. I could go either way, but my > vote would be to make the two attributes single-valued, > on the grounds that in general we've applied more careful > thought to PCIM than we have to PCLS. > > Regards, > Bob > > Bob Moore > IBM Networking Software > +1-919-254-4436 > remoore@us.ibm.com > > > > "Mircea Pana" @raleigh.ibm.com on 12/06/2000 > 05:51:35 PM > > Please respond to "Mircea Pana" > > Sent by: policy-owner@raleigh.ibm.com > > > To: "'policy@raleigh.ibm.com'" > cc: > Subject: cardinality of policyRuleSequencedActions > > > > > > Wrt. the cardinality of some LDAP attributes defined in > "draft-ietf-policy-core-schema-08": > > 1. Isn't the "policyRuleSequencedActions" attribute supposed to be > single-valued (in "policyRule")? The document does not specify this > attribute's cardinality, which implies as default: multi-value. > > 2. Same comment for "ptpConditionTimeOfDayMask" attribute (in > "policyTimePeriodConditionAuxClass"). > However, if this last one should be multi-valued, by extrapolation, > shouldn't the "ptpConditionTime" be multi-valued as well? > > Thanks, > Mircea Pana. > > > > ------_=_NextPart_001_01C06073.43855150 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: cardinality of policyRuleSequencedActions

Bob,

For consistency I would have both attributes = (ptpConditionTime and ptpConditionTimeOfDayMask) with the same = cardinality.

If these attributes are single-value, this may lead = to a higher number of policyTimePeriodCondition[AuxClass] entries = necessary to specify the validity period.

On the other hand, if they are multi-valued, the = semantics of the policyTimePeriodCondition[AuxClass] are overloaded. = Therefore, an increase in complexity of the provisioning and = consumption activities.

I tend to be in favor of the single-valued option due = to its reduced complexity.

However, in an environment where the "LDAP = Control for a Duplicate Entry Representation of Search Results" = (http://www.ietf.org/internet-drafts/draft-ietf-ldapext= -ldapv3-dupent-06.txt) is used, the client experience could be = similar in both cases.

Regards,
Mircea.

> -----Original Message-----
> From: Robert Moore [mailto:remoore@us.ibm.com]=
> Sent: Thursday, December 07, 2000 10:38 = AM
> To: Pana, Mircea [CAR:5E10:EXCH]
> Cc: 'policy@raleigh.ibm.com'
> Subject: Re: cardinality of = policyRuleSequencedActions
>
>
> Mircea,
>
> You're definitely right about #1 -- I've = already changed
> this in the PCLS source file.
>
> For #2, I *think* that having it multi-valued = was
> intentional, but I'm not really sure. The = idea would be
> to allow us to represent in a single object a = schedule
> like 0800 to 1200 AND 1300 to 1700. I = don't know if such
> schedules will be common enough to warrant the = extra
> complexity.
>
> One further factor: both of the = ptpCondition properties
> in PCIM that correspond to these two attributes = are
> single-valued. So we either need to = change
> ptpConditionTimeOfDayMask to single-valued (and = leave
> ptpConditionTime single-valued), or else make = one or both
> of them multi-valued, and track the = corresponding change
> to PCIM as our first piece of Proposed = Standard
> implementation experience. I could go = either way, but my
> vote would be to make the two attributes = single-valued,
> on the grounds that in general we've applied = more careful
> thought to PCIM than we have to PCLS.
>
> Regards,
> Bob
>
> Bob Moore
> IBM Networking Software
> +1-919-254-4436
> remoore@us.ibm.com
>
>
>
> "Mircea Pana" = <mpana@nortelnetworks.com>@raleigh.ibm.com on 12/06/2000
> 05:51:35 PM
>
> Please respond to "Mircea Pana" = <mpana@nortelnetworks.com>
>
> Sent by: = policy-owner@raleigh.ibm.com
>
>
> To: = "'policy@raleigh.ibm.com'" = <policy@raleigh.ibm.com>
> cc:
> Subject: cardinality of = policyRuleSequencedActions
>
>
>
>
>
> Wrt. the cardinality of some LDAP attributes = defined in
> = "draft-ietf-policy-core-schema-08":
>
> 1. Isn't the = "policyRuleSequencedActions" attribute supposed to be
> single-valued (in "policyRule")? The = document does not specify this
> attribute's cardinality, which implies as = default: multi-value.
>
> 2. Same comment for = "ptpConditionTimeOfDayMask" attribute (in
> = "policyTimePeriodConditionAuxClass").
> However, if this last one should be = multi-valued, by extrapolation,
> shouldn't the "ptpConditionTime" be = multi-valued as well?
>
> Thanks,
> Mircea Pana.
>
>
>
>

------_=_NextPart_001_01C06073.43855150-- From majordomo@raleigh.ibm.com Thu Dec 7 16:58:11 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA14122 for ; Thu, 7 Dec 2000 16:58:11 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id QAA25496; Thu, 7 Dec 2000 16:47:39 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id QAB25796; Thu, 7 Dec 2000 16:47:36 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA38824; Thu, 7 Dec 2000 16:13:04 -0500 Received: from rtpmail03.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA33182; Thu, 7 Dec 2000 16:13:00 -0500 Received: from fwns1.raleigh.ibm.com (fwns1.raleigh.ibm.com [9.37.0.3]) by rtpmail03.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id QAA29096 for ; Thu, 7 Dec 2000 16:13:04 -0500 Received: from longsys.com (dmz.longsys.com [63.111.150.5]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id QAA25570 for ; Thu, 7 Dec 2000 16:12:59 -0500 Received: from joel (discordian.longsys.com [63.111.150.74]) by longsys.com (8.10.0/8.10.0) with ESMTP id eB7LDGI15038; Thu, 7 Dec 2000 21:13:17 GMT Message-Id: <4.2.2.20001207160640.00b32220@localhost> X-Sender: joel@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 07 Dec 2000 16:11:05 -0500 To: Brian E Carpenter , Kathleen Nichols From: "Joel M. Halpern" Subject: Re: [Diffserv] DSCP marking versus DSCP remarking Cc: "'diffserv@ietf.org'" , policy@raleigh.ibm.com In-Reply-To: <3A2FB980.14BEAD33@hursley.ibm.com> References: <3A2D4EE0.EBFEAE43@packetdesign.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Joel M. Halpern" Actually, I believe that this misses the point of the issue Bob is raising. From the point of view of the processing elements, I can find no difference between a marker and a remarker. If one places the processing element on a data path such that the packet is coming from outside diffserv, then it is a marker. If it could have been previously remarked. The problem is that the informal model actually says that one might have a processing element that was allowed to be a marker, but not a remarker. That would require the processing element to know the history of the packet. It would need to know whether the packet arrived over an interface considered to be inside or outside the diffserv domain. For those arriving over an outside interface that was not considered to be applying useful diffserv markings, it would have to know if the current value in the DSCP came from the input or was put there by an earlier marker in the processing stream. These are things that the "marker" element has no way to determine. The human being placing it there may have a way to tell. But then, the human being can put in a classifier if he is concerned about what value is in the field. It is NOT up to a marker to look at the packet and decide if it should stamp the value. If the packet gets to the marker, mark it. Yours, Joel M. Halpern At 10:23 AM 12/7/00 -0600, Brian E Carpenter wrote: >I believe this is quite clearly discussed in RFC 2474/5. >Packets arriving from a non-DS domain can't be regarded >as containing a meaningful DSCP value until they have >been classified and marked. > >I don't think that Policy WG documents should be in the >business of tweaking the diffserv architecture. > > Brian > >Kathleen Nichols wrote: > > > > Robert Moore wrote: > > > > > ... > > > > > > This is *almost* just a question of wordsmithing in the > > > three diffserv WG documents. But not quite. If there is > > > actual disagreement in the WG about whether there is such > > > a thing as an unmarked packet, that is, a packet that's > > > not marked with any DSCP, then the question should be > > > discussed until the WG reaches a consensus one way or the > > > other. Does everybody agree with the QDDIM team that > > > there is no such thing as a packet unmarked with any DSCP? > > > > > > > With my WG co-chair hat OFF, I agree that we should just have > > a "marker" as a primitive element. I would not phrase this as > > saying "there is no such thing as a packet unmarked with any > > DSCP". If someone chooses to use that phrase to describe > > packets marked with an unknown, illegal, or unverified DSCP, > > it should not have any architectural effect. > > > > Kathie > > > > _______________________________________________ > > diffserv mailing list > > diffserv@ietf.org > > http://www1.ietf.org/mailman/listinfo/diffserv > > Archive: > http://www2.ietf.org/mail-archive/working-groups/diffserv/current/maillist.html > >_______________________________________________ >diffserv mailing list >diffserv@ietf.org >http://www1.ietf.org/mailman/listinfo/diffserv >Archive: >http://www2.ietf.org/mail-archive/working-groups/diffserv/current/maillist.html From majordomo@raleigh.ibm.com Thu Dec 7 17:21:45 2000 Received: from fwns1.raleigh.ibm.com (fwns1d.raleigh.ibm.com [204.146.167.235]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA17832 for ; Thu, 7 Dec 2000 17:21:43 -0500 (EST) Received: from rtpmail01.raleigh.ibm.com (rtpmail01.raleigh.ibm.com [9.37.172.24]) by fwns1.raleigh.ibm.com (8.9.0/8.9.0/RTP-FW-1.2) with ESMTP id RAA19332; Thu, 7 Dec 2000 17:12:32 -0500 Received: from rtpaix11.raleigh.ibm.com (rtpaix11.raleigh.ibm.com [9.37.172.4]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with SMTP id RAA32742; Thu, 7 Dec 2000 17:12:31 -0500 Received: by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA61742; Thu, 7 Dec 2000 10:33:16 -0500 Received: from rtpmail01.raleigh.ibm.com by rtpaix11.raleigh.ibm.com (AIX 4.1/UCB 5.64/4.03-RAL) id AA61732; Thu, 7 Dec 2000 10:33:13 -0500 Received: from southrelay02.raleigh.ibm.com (southrelay02.raleigh.ibm.com [9.37.3.209]) by rtpmail01.raleigh.ibm.com (8.8.5/8.8.5/RTP-ral-1.1) with ESMTP id KAA26232 for ; Thu, 7 Dec 2000 10:33:15 -0500 Received: from d04nm200.raleigh.ibm.com (d04nm200.raleigh.ibm.com [9.67.228.37]) by southrelay02.raleigh.ibm.com (8.8.8m3/NCO v4.95) with ESMTP id KAA42526; Thu, 7 Dec 2000 10:33:13 -0500 Importance: Normal Subject: Re: cardinality of policyRuleSequencedActions To: "Mircea Pana" Cc: "'policy@raleigh.ibm.com'" X-Mailer: Lotus Notes Release 5.0.3 (Intl) 21 March 2000 Message-Id: From: "Robert Moore" Date: Thu, 7 Dec 2000 10:37:47 -0500 X-Mimetrack: Serialize by Router on D04NM200/04/M/IBM(Release 5.0.3 (Intl)|21 March 2000) at 12/07/2000 10:33:41 AM Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: policy-owner@raleigh.ibm.com Precedence: bulk Reply-To: "Robert Moore" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id RAA17832 Mircea, You're definitely right about #1 -- I've already changed this in the PCLS source file. For #2, I *think* that having it multi-valued was intentional, but I'm not really sure. The idea would be to allow us to represent in a single object a schedule like 0800 to 1200 AND 1300 to 1700. I don't know if such schedules will be common enough to warrant the extra complexity. One further factor: both of the ptpCondition properties in PCIM that correspond to these two attributes are single-valued. So we either need to change ptpConditionTimeOfDayMask to single-valued (and leave ptpConditionTime single-valued), or else make one or both of them multi-valued, and track the corresponding change to PCIM as our first piece of Proposed Standard implementation experience. I could go either way, but my vote would be to make the two attributes single-valued, on the grounds that in general we've applied more careful thought to PCIM than we have to PCLS. Regards, Bob Bob Moore IBM Networking Software +1-919-254-4436 remoore@us.ibm.com "Mircea Pana" @raleigh.ibm.com on 12/06/2000 05:51:35 PM Please respond to "Mircea Pana"