Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07

2016-05-11 Thread William Ivory 
Thanks - had forgotten those YANG 1.1 extensions.

William

-Original Message-
From: Juergen Schoenwaelder [mailto:j.schoenwael...@jacobs-university.de] 
Sent: 11 May 2016 09:28
To: William Ivory 
Cc: Robert Wilton ; Linda Dunbar ; 
draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org' 
Subject: Re: [netmod] Can you remove the "Identity acl-base" defined in 
draft-ietf-netmod-acl-model-07

YANG 1.1 introduces special functions for identities such as
derived-from() or derived-from-or-self(), for more details see section
10.4 of draft-ietf-netmod-rfc6020bis-12.

/js

On Wed, May 11, 2016 at 08:19:01AM +, William Ivory wrote:
> Hi Rob,
> 
> Probably a stupid question but how would you write a 'when' statement that 
> checks identity type?  What XPATH function / expression would allow you to 
> access the YANG type?
> 
> Thanks,
> 
> William
> 
> -Original Message-
> From: netmod [mailto:netmod-boun...@ietf.org] On Behalf Of Robert Wilton
> Sent: 10 May 2016 18:27
> To: Linda Dunbar 
> Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org' 
> Subject: Re: [netmod] Can you remove the "Identity acl-base" defined in 
> draft-ietf-netmod-acl-model-07
> 
> Hi Linda,
> 
> I think that having the base identity makes the model safer and more 
> extensible in future.  I think that the general idea of a base identity is 
> fairly standard and is perhaps a bit like defining an abstract base class in 
> an OO language.
> 
> So, in YANG, rather than a when statement having to explicitly check for 
> ipv4-acl or ipv6-acl it can just check for any type derived from acl-base, 
> which allows for new types of ACL to be defined in future (potentially in 
> different modules).
> 
> Conversely, it also helps prevent someone from using a completely 
> inappropriate identity, e.g. say trying to use an interface type identity 
> such as ift:ethernetCsmacd where a type of ACL identity is required.
> 
> Thanks,
> Rob
> 
> 
> On 10/05/2016 17:55, Linda Dunbar wrote:
> > Juergen,
> >
> > Of course, it is not confusing to you because you are in the box (vs. many 
> > of us are outside the box looking in).
> >
> > RFC 6020 doesn't say all identities have to have a sub-identity.
> >
> >
> > My opinion only.
> >
> >
> > Linda
> >   
> >
> > -Original Message-
> > From: Juergen Schoenwaelder 
> > [mailto:j.schoenwael...@jacobs-university.de]
> > Sent: Tuesday, May 10, 2016 10:38 AM
> > To: Linda Dunbar
> > Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D. 
> > Nadeau
> > Subject: Re: Can you remove the "Identity acl-base" defined in 
> > draft-ietf-netmod-acl-model-07
> >
> > On Tue, May 10, 2016 at 03:07:30PM +, Linda Dunbar wrote:
> >> Juergen,
> >>
> >> If "acl-base" has some content more than the comment (i.e. the 
> >> description), then it makes sense.
> >>
> >> The comments in the "identity ipv4-acl" is enough to describe the 
> >> identity. Same with the identity ipv6-acl.
> >>
> >> I find it is very confusing to have the recursive reference of identity 
> >> (all of them are simply the description).
> >>
> > I fail to see anything confusing here. Did you read the relevant sections 
> > of RFC 6020? What is unclear about identities and how they work?
> >
> > /js
> >
> 
> ___
> netmod mailing list
> netmod@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod=CwICAg=IL_XqQWOjubgfqINi2jTzg=GByLeg9jZvOv_AlgBo9uvdDrxizlOR7l_SnTXowyJU8=MlQZEKdXoP4IwlPcElVo_hIsmcgPxkS1AvAc3uGRU_E=iht1ryWsM95ONkVXCHgLCn-rGgsZVjmO0P_Hnhg2llM=
>  
> 
> ___
> netmod mailing list
> netmod@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod=CwIBAg=IL_XqQWOjubgfqINi2jTzg=GByLeg9jZvOv_AlgBo9uvdDrxizlOR7l_SnTXowyJU8=9SqA4lSC3_C0sr1ZX9Wd7wI8KYym05LqlsRSMn9nS0k=VTDyjdlJ_E4CVhRCNWy3hNeKwtWozq2hfJn5IvnwR7g=
>  

-- 
Juergen Schoenwaelder   Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103 


___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07

2016-05-11 Thread Juergen Schoenwaelder 
YANG 1.1 introduces special functions for identities such as
derived-from() or derived-from-or-self(), for more details see section
10.4 of draft-ietf-netmod-rfc6020bis-12.

/js

On Wed, May 11, 2016 at 08:19:01AM +, William Ivory wrote:
> Hi Rob,
> 
> Probably a stupid question but how would you write a 'when' statement that 
> checks identity type?  What XPATH function / expression would allow you to 
> access the YANG type?
> 
> Thanks,
> 
> William
> 
> -Original Message-
> From: netmod [mailto:netmod-boun...@ietf.org] On Behalf Of Robert Wilton
> Sent: 10 May 2016 18:27
> To: Linda Dunbar 
> Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org' 
> Subject: Re: [netmod] Can you remove the "Identity acl-base" defined in 
> draft-ietf-netmod-acl-model-07
> 
> Hi Linda,
> 
> I think that having the base identity makes the model safer and more 
> extensible in future.  I think that the general idea of a base identity is 
> fairly standard and is perhaps a bit like defining an abstract base class in 
> an OO language.
> 
> So, in YANG, rather than a when statement having to explicitly check for 
> ipv4-acl or ipv6-acl it can just check for any type derived from acl-base, 
> which allows for new types of ACL to be defined in future (potentially in 
> different modules).
> 
> Conversely, it also helps prevent someone from using a completely 
> inappropriate identity, e.g. say trying to use an interface type identity 
> such as ift:ethernetCsmacd where a type of ACL identity is required.
> 
> Thanks,
> Rob
> 
> 
> On 10/05/2016 17:55, Linda Dunbar wrote:
> > Juergen,
> >
> > Of course, it is not confusing to you because you are in the box (vs. many 
> > of us are outside the box looking in).
> >
> > RFC 6020 doesn't say all identities have to have a sub-identity.
> >
> >
> > My opinion only.
> >
> >
> > Linda
> >   
> >
> > -Original Message-
> > From: Juergen Schoenwaelder 
> > [mailto:j.schoenwael...@jacobs-university.de]
> > Sent: Tuesday, May 10, 2016 10:38 AM
> > To: Linda Dunbar
> > Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D. 
> > Nadeau
> > Subject: Re: Can you remove the "Identity acl-base" defined in 
> > draft-ietf-netmod-acl-model-07
> >
> > On Tue, May 10, 2016 at 03:07:30PM +, Linda Dunbar wrote:
> >> Juergen,
> >>
> >> If "acl-base" has some content more than the comment (i.e. the 
> >> description), then it makes sense.
> >>
> >> The comments in the "identity ipv4-acl" is enough to describe the 
> >> identity. Same with the identity ipv6-acl.
> >>
> >> I find it is very confusing to have the recursive reference of identity 
> >> (all of them are simply the description).
> >>
> > I fail to see anything confusing here. Did you read the relevant sections 
> > of RFC 6020? What is unclear about identities and how they work?
> >
> > /js
> >
> 
> ___
> netmod mailing list
> netmod@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod=CwICAg=IL_XqQWOjubgfqINi2jTzg=GByLeg9jZvOv_AlgBo9uvdDrxizlOR7l_SnTXowyJU8=MlQZEKdXoP4IwlPcElVo_hIsmcgPxkS1AvAc3uGRU_E=iht1ryWsM95ONkVXCHgLCn-rGgsZVjmO0P_Hnhg2llM=
>  
> 
> ___
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

-- 
Juergen Schoenwaelder   Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod