Hi, Joe Thanks for the follow-up and further review, much appreciated. Please also see my reply inline.
[JMC] This flexibility does make sense. That said, now it seems that the augmentations in this draft could apply both to the SDN controller and the PEP, correct? [Qiufang] Yes, that is exactly what have been proposed in the current version of the draft. I get the former as part of the new Step 1. But the latter wasn't clear to me in Step 5. Ultimately, I think an example of both cases (MAC/IP and group) could be helpful along with some additional text to indicate what type of ACL config may exist on the PEP. [Qiufang] Good suggestion. Will expand step 5 and add an example of how both cases could be used in the next version. Thank you. [JMC] Additionally, a few comments: What is iSchedule? I see one reference to it, and it is not explained (in the new schedule YANG module). [Qiufang] It's supposed to be iCalendar (Internet Calendaring and Scheduling Core Object Specification), as defined in RFC5545. We will fix this and add more clarification. I would add values to the days of the week (perhaps use the same numeric values as cron). [Qiufang] Do you mean add the "value" statement for the enumeration weekday type? And as cron, use 0 for Sunday, 1 for Monday...,6 for Saturday, right? That's a good comment. Will add in the next version. Why is bysecond 0..60 whereas byminute 0..59. I would think both would be 0..59. [Qiufang] I think that the range from 0 to 60 is because of a leap second, which is a one-second adjustment very occasionally applied to UTC. E.g., the latest leap second occurred at 07:59:59 on January 1, 2017, which is Beijing time: 07:59:60. RFC5545 also defines that implementations that do not support leap seconds SHOULD interpret the second 60 as equivalent to the second 59. Will explain this exception in the description. Ultimately, this draft yearns for examples, especially of this schedule mechanism which, while more complete than the initial draft, brings a lot of complexity. [Qiufang] Yes, the current draft defines the complete and general schedule mechanism which complies with recurrence rule in RFC5545, with the intention that this could not only be used to apply time condition based ACL policies here, but may also be useful for future recurrence-based schedule or event definition. I agree that more examples are really needed, this is what we are working on now, will try to submit a new version in the near future before the submission window closes. Best Regards, Qiufang
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
