Hi Med, Sorry for the late reply.
On Tue, May 9, 2023 at 9:39 PM <mohamed.boucad...@orange.com> wrote: > Hi Jensen, > > > > Thanks for drafting that text. I do still that some sensitive data nodes > have to be listed. For example, > > > > - Access to all authentication-related data nodes should be protected; > those that are inherited from other models have already > “nacm:default-deny-write” statement, while there is no such protected from > the data node that are added in the draft. > > Thanks for the suggestion. I agree. But I think the only authentication-related data nodes explicitly added in the current document are "http-auth-client/user-id" and "https-auth-client/user-id" under "auth-client". The leaf nodes referenced by them have already been protected. Shall the leafrefs themselves be also protected? > > - Consider the example of “poll-interval”: a misbehaving node can set > a very large value that would lead to maintaining stale data. Setting very > low values can also be considered as a misbehavior. > > It is a very interesting point. I agree that the range of "poll-interval" should be limited. But the accepted range may depend on the data sources and implementations. It is hard to define a fixed range in the module. Do you have any suggestions about it? Or we just explain this consideration without any concrete solution? Thanks, Jensen
_______________________________________________ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto