Fully agree with John. ACL is essentiallt about permission, though in some languages (including my mother one) "filter" may be associated with the concept of selectively allowing some access...
-- Likely to be brief and not very elaborate as sent from my mobile Diego R. Lopez Telefonica I+D On 13 Sep 2016, at 02:40, John Strassner <[email protected]<mailto:[email protected]>> wrote: Thanks Bob, completely agree. Fundamentally, "filter" implies "remove" (at least in English). ACLs are permissions. Removing something (or forwarding, or whatever) is simply an action dictated by the permission. regards, John On Mon, Sep 12, 2016 at 10:27 AM, Natale, Bob <[email protected]<mailto:[email protected]>> wrote: Hi Linda, It seems to me that the RFC4949 definition is more general and that ietf-netmod-acl-model defines one compatible specific variation. Some of the specifics of that definition might not apply in all cases. In fact, I am somewhat surprised that the latter document did not, evidently, reference RFC4949 ... at least for a baseline definition. True, it's a bit dated, but I think that mostly affects concepts and constructs introduced since its publication ... the widespread use of ACLs predates RFC4949 by a lot. For reference, the fairly recent CNSSI 4009, Committee on National Security Systems (CNSS) Glossary (Apr 6, 2015) also uses a more general definition: access control list (ACL) A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. Avanti, BobN From: I2nsf [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Linda Dunbar Sent: Monday, September 12, 2016 1:07 PM To: John Strassner <[email protected]<mailto:[email protected]>>; Susan Hares <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: [I2nsf] I2NSF Terminology's definition on "ACL" is different from ietf-netmod-acl-model John, et al, The "ietf-netmod-acl-model" has "ACL" defined as: An ACL is an ordered set of rules that is used to filter traffic on a networking device. Each rule is represented by an Access Control Entry (ACE). The "draft-ietf-i2nsf-terminology-01" has ACL as: ACL (Acess Control List): This is a mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity [RFC4949]. A YANG description is defined in [I-D.ietf-netmod-acl-model]. Can we make I2NSF's ACL definition consistent with the ""ietf-netmod-acl-model"? Thanks, Linda -- regards, John _______________________________________________ I2nsf mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/i2nsf
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
