Document: draft-ietf-opsawg-ucl-acl-11 Reviewer: Acee Lindem Review Date: 2026-01-26 IETF LC End Date: 2026-01-26 Intended Status: STANDARD TRACK
This is a YANG doctor review on the YANG data module ietf-ucl-acl.yang.
I have one major concern with this document. The YANG model adds
generalized schedule-based ACEs, yet this is not reflected in the
YANG model name, draft title, or abstract. This should at least
be in a separate YANG model and possibly in a separate draft since it appears
to have been added as an afterthought and, IMO, it is much more
important than the group-based access control.
The following issues/questions also have to be addressed:
1. In section 2, the formatting of "device group" and "application group"
are messed up. Also, there is an unresolved reference to {{sec-dg}} and
{{sec-ag}}. I guess you are not using the standard XML source.
2. Section 4.2.2 - I've never used a printer to send emails ;^)
3. Section 4.3 - I believe you want to change "not differentiating" to
"differentiating" as this is prefaced by "run without requiring".
4. Throughout, you hyphenate end-user but not end-device? I changed this
in my suggested edits.
5. How did you decide on 64 octets for the group identifier string
maximum?
6. In section 6, I would have expected the attribute to be the first
column in table 4.
7. In section 8.1, I guess the PEP wouldn't need to implement anything
beyond standard ACLs, as long as the SDN controller maps the
group-id-based rule ACE to one or more standard ACEs - correct?
8. In section 9, source-group-id and destination-group-id should both
in ACEs should both be addressed.
9. If the schedule-based ACEs are retained in this document, write access
could facilitate multiple attacks.
Consider:
I have some editorial suggestions for the draft that I've attached.
Thanks,
Acee
<<< text/html; x-unix-mode=0644; name="draft-ietf-opsawg-ucl-acl-11.orig.diff.html": Unrecognized >>>
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
