On Mon, Aug 22, 2016 at 06:15:50PM +0200, Vladimir Vassilev wrote:
> On 08/22/2016 06:10 PM, Juergen Schoenwaelder wrote:
> > On Mon, Aug 22, 2016 at 05:59:37PM +0200, Vladimir Vassilev wrote:
> >
> > > Which of the 3 issues pointed in the conclusion you don't agree with and
> > > why
> > > {1. limited validation expression flexibility, 2. higher validation
> > > workload, 3. broken NACM}? Difficult to not agree with 2. And 1 is
> > > predetermined from the fact of the reduced entropy attributed to a
> > > non-presence container - namely its existence now is determined by the
> > > existence of its parent (which reduces flexibility in a very certain way).
> > Can someone explain to me what exactly breaks NACM? An example would
> > help me.
> >
> > /js (as contributor)
> >
> "It is absolutely legal to configure "update" rights to /interfaces to a
> group of users reserving the "create" right to the superuser. How is this
> scenario handled by servers ignoring empty non-presence containers?" (this
> is excerpt from an earlier post on that thread)
>
> If a non-presence container always exits in YANG 1.1 this usage example is
> not possible.
Should I read 'ignoring empty non-presence containers' as 'removing empty
non-presence containers (form the XML encoding)'?
Isn't the idea that non-presence container always exits in YANG 1.1
for the purpose of validation, that is in the XPATH context.
Back to your example, what is the client going to update in
/interfaces if /interfaces is empty? Or is the scenario that the group
of users have create and update rights within /interfaces but no
create right on /interfaces? I am trying to understand what exactly
the situation is that you think causes problems.
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
