Thanks - had forgotten those YANG 1.1 extensions. William
-----Original Message----- From: Juergen Schoenwaelder [mailto:j.schoenwael...@jacobs-university.de] Sent: 11 May 2016 09:28 To: William Ivory <wiv...@brocade.com> Cc: Robert Wilton <rwil...@cisco.com>; Linda Dunbar <linda.dun...@huawei.com>; draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org' <netmod@ietf.org> Subject: Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07 YANG 1.1 introduces special functions for identities such as derived-from() or derived-from-or-self(), for more details see section 10.4 of draft-ietf-netmod-rfc6020bis-12. /js On Wed, May 11, 2016 at 08:19:01AM +0000, William Ivory wrote: > Hi Rob, > > Probably a stupid question but how would you write a 'when' statement that > checks identity type? What XPATH function / expression would allow you to > access the YANG type? > > Thanks, > > William > > -----Original Message----- > From: netmod [mailto:netmod-boun...@ietf.org] On Behalf Of Robert Wilton > Sent: 10 May 2016 18:27 > To: Linda Dunbar <linda.dun...@huawei.com> > Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org' <netmod@ietf.org> > Subject: Re: [netmod] Can you remove the "Identity acl-base" defined in > draft-ietf-netmod-acl-model-07 > > Hi Linda, > > I think that having the base identity makes the model safer and more > extensible in future. I think that the general idea of a base identity is > fairly standard and is perhaps a bit like defining an abstract base class in > an OO language. > > So, in YANG, rather than a when statement having to explicitly check for > ipv4-acl or ipv6-acl it can just check for any type derived from acl-base, > which allows for new types of ACL to be defined in future (potentially in > different modules). > > Conversely, it also helps prevent someone from using a completely > inappropriate identity, e.g. say trying to use an interface type identity > such as ift:ethernetCsmacd where a type of ACL identity is required. > > Thanks, > Rob > > > On 10/05/2016 17:55, Linda Dunbar wrote: > > Juergen, > > > > Of course, it is not confusing to you because you are in the box (vs. many > > of us are outside the box looking in). > > > > RFC 6020 doesn't say all identities have to have a sub-identity. > > > > > > My opinion only. > > > > > > Linda > > > > > > -----Original Message----- > > From: Juergen Schoenwaelder > > [mailto:j.schoenwael...@jacobs-university.de] > > Sent: Tuesday, May 10, 2016 10:38 AM > > To: Linda Dunbar > > Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D. > > Nadeau > > Subject: Re: Can you remove the "Identity acl-base" defined in > > draft-ietf-netmod-acl-model-07 > > > > On Tue, May 10, 2016 at 03:07:30PM +0000, Linda Dunbar wrote: > >> Juergen, > >> > >> If "acl-base" has some content more than the comment (i.e. the > >> description), then it makes sense. > >> > >> The comments in the "identity ipv4-acl" is enough to describe the > >> identity. Same with the identity ipv6-acl. > >> > >> I find it is very confusing to have the recursive reference of identity > >> (all of them are simply the description). > >> > > I fail to see anything confusing here. Did you read the relevant sections > > of RFC 6020? What is unclear about identities and how they work? > > > > /js > > > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod&d=CwICAg&c=IL_XqQWOjubgfqINi2jTzg&r=GByLeg9jZvOv_AlgBo9uvdDrxizlOR7l_SnTXowyJU8&m=MlQZEKdXoP4IwlPcElVo_hIsmcgPxkS1AvAc3uGRU_E&s=iht1ryWsM95ONkVXCHgLCn-rGgsZVjmO0P_Hnhg2llM&e= > > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod&d=CwIBAg&c=IL_XqQWOjubgfqINi2jTzg&r=GByLeg9jZvOv_AlgBo9uvdDrxizlOR7l_SnTXowyJU8&m=9SqA4lSC3_C0sr1ZX9Wd7wI8KYym05LqlsRSMn9nS0k&s=VTDyjdlJ_E4CVhRCNWy3hNeKwtWozq2hfJn5IvnwR7g&e= > -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.jacobs-2Duniversity.de_&d=CwIBAg&c=IL_XqQWOjubgfqINi2jTzg&r=GByLeg9jZvOv_AlgBo9uvdDrxizlOR7l_SnTXowyJU8&m=9SqA4lSC3_C0sr1ZX9Wd7wI8KYym05LqlsRSMn9nS0k&s=7LK8I-xuJJL1uj0aFRdbOMusbTZca15C8vQj8wDcs0U&e= > _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod