On Mon, Aug 22, 2016 at 06:15:50PM +0200, Vladimir Vassilev wrote: > On 08/22/2016 06:10 PM, Juergen Schoenwaelder wrote: > > On Mon, Aug 22, 2016 at 05:59:37PM +0200, Vladimir Vassilev wrote: > > > > > Which of the 3 issues pointed in the conclusion you don't agree with and > > > why > > > {1. limited validation expression flexibility, 2. higher validation > > > workload, 3. broken NACM}? Difficult to not agree with 2. And 1 is > > > predetermined from the fact of the reduced entropy attributed to a > > > non-presence container - namely its existence now is determined by the > > > existence of its parent (which reduces flexibility in a very certain way). > > Can someone explain to me what exactly breaks NACM? An example would > > help me. > > > > /js (as contributor) > > > "It is absolutely legal to configure "update" rights to /interfaces to a > group of users reserving the "create" right to the superuser. How is this > scenario handled by servers ignoring empty non-presence containers?" (this > is excerpt from an earlier post on that thread) > > If a non-presence container always exits in YANG 1.1 this usage example is > not possible.
Should I read 'ignoring empty non-presence containers' as 'removing empty non-presence containers (form the XML encoding)'? Isn't the idea that non-presence container always exits in YANG 1.1 for the purpose of validation, that is in the XPATH context. Back to your example, what is the client going to update in /interfaces if /interfaces is empty? Or is the scenario that the group of users have create and update rights within /interfaces but no create right on /interfaces? I am trying to understand what exactly the situation is that you think causes problems. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod