Hi, thanks for the response. Also see inline. I removed text that
doesn't seem to need further discussion.
Ben.
On 3 Nov 2016, at 10:45, Thomas C. Schmidt wrote:
Hi Ben,
thanks for your comments. Please see inline.
On 01.11.2016 23:42, Ben Campbell wrote:
[...]
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
I have a one set of substantive comments/questions, and some
editorial
comments:
Substantive:
- I'm confused about the validation procedure. In step one, is this
the
user name of the user attempting to write the resource? In step 5, I
do
not understand how this terminates. Which ACL item is the "previously
selected" one. If that refers to the one selected in the last
iteration
of steps 3 and 4, how do you know there are not more ACL items to
iterate
through?
You are referring to 6.3 "validating writ access"?
In this case, you receive a store request along with a certificate. In
step 1, you resolve the user name of the requester, i.e., the user
name that corresponds to the certificate in the request.
Adding something to the effect of "This is the user requesting the write
operation" would be helpful.
... then you identify the user in the ACL and walk up the delegation
chain.
In step 5, you have arrived at the root of the delegation tree. This
is the case, when the to_user equals the signer equals the owner of
the resources (see see Figure 1). This is also how it terminates - the
owner of the resource is the root of the trust chain.
I'm probably being dense here, but my confusion is in the phrasing of
"the "to_user" value user name of the signer of the previously selected
ACL item". Won't that always be true for every ACL item up the chain
after the first?
As an example, Lets say I have a delegation chain of A,B,C,D, where A is
the owner. Would the ACL chain look like the following (in leave-to-root
order )?
signer to_user
1 C D
2 B C
3 A B
4 A A
If so, then ACL 2 seems to have a to_user that matches the signer of ACL
1 (the previously selected ACL), which seems to terminate early.
Again, I'm sure I'm missing something.
[...]
-3.1, 3rd paragraph: Is the SHALL appropriate? Is an authorized user
actually required to access the array in the first place?
It says "If the data model of the Shared Resource is an array, each
Authorized..".
So the user is not required to use an array for sharing, but if an
array is used, write conflicts MUST not be produced.
This is pedantic, but my issue is that the SHALL does not leave the
authorized peer the opportunity to choose not to write anything at all.
Being granted permission to write does not imply a decision to write.
Perhaps something like "...each Authorized Peer that chooses to write
data SHALL..."
-6.6, paragraphs 3 and 4: Are the MUSTs appropriate? Are there not
other
(perhaps application specific) reasons one might choose not to write
the
value?
I believe the MUST is correct: we're in a section that describes the
behavior of the storing peer. When receiving a store request, this
peer should not behave according to its own application semantic, but
to the common overlay rule.
(pedantic again): So the storing peer couldn't have an application
policy that, for example, chooses not to honor a write that violates
some data validation rule? It seems to me that this section is saying
that you MUST deny the request unless one of the listed is true, which
is not the same as saying you MUST accept if one of the conditions is
true.
-- 2nd paragraph from end: The MUST seems more like a statement of
fact.
(E.g. "The resulting ... integer is used...")
Mhmm, I don't think so. These are all iterative decision steps: try
(a), then write ... otherwise try (b), then write ... +++ ...
otherwise refuse.
That was a cut and paste error on my part--I meant the 2nd to last
paragraph of 3.1.
[...]
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
