Hi Dong,
Many thanks for your review. Please see my response inline.
Thanks,
Jensen
On Fri, May 19, 2023 at 11:33 PM wrote:
> Dear ALTOers and authors of draft-ietf-alto-oam-yang,
>
> Below is my review for draft-ietf-alto-oam-yang-07.
>
> Since I'm new to ALTO, please consider my review comments as suggestions
> for reference purposes.
> If you believe any of my comments are irrelevant, please feel free to
> ignore them.
>
> Best regards,
> Dong
>
>
> ==
>
>
> Section 4.4., paragraph 11:
>
> > Figure 1: A Reference ALTO Server Architecture and YANG Modules
>
> In Figure 1, the arrow labels marked with "write" and "read"
> for the Data Broker can be confusing. If we follow the semantic
> of the "write" arrow, then the "read" arrow can be understood as
> Data Broker reads Algorithm Plugin. It would be better to maintain
> consistency in the semantic of the arrows by following the "src as
> subject, dst as object, and label as predicate" convention. This
> would help to clarify the direction and purpose of the data flow
> between components in the architecture.
>
Good catch. We will fix the arrow directions.
> 5. Design of ALTO O Data Model
>
>
> Section 5.1., paragraph 2:
>
> >As shown in Figure 2, the top-level container 'alto' in the "ietf-
> >alto" module contains a single 'alto-server' and a list of 'alto-
> >client' that are uniquely identified.
>
> The document uses both single and double quotation marks (e.g.,
> 'alto', "ietf-alto", 'alto-server'), are they written by design? Or
> a consistent format is possible?
>
All the quotation marks should be double. We will fix this.
> >The list 'alto-client' defines a list of configurations for other
> >applications to bootstrap an ALTO client. These data nodes can also
> >be used by data sources and information resource creation algorithms
> >that are configured by an ALTO server instance.
>
>
> Section 5.3.2., paragraph 1:
>
> >To satisfy R2 in Section 4.2, the ALTO server instance contains the
> >the logging data nodes shonw in Figure 7.
>
> s/shonw/shown
>
Fixed.
> >The 'logging-system' data node provides configuration to select a
> >logging system to capture log messages generated by an ALTO server.
>
>
> Section 5.4.1., paragraph 5:
>
> >* A unique `source-id' for resource creation algorithms to
> > reference.
>
> s\`source-id'\'source-id'
>
Fixed.
> >* The 'source-type' attribute to declare the type of the data
> > source.
>
>
> Section 7., paragraph 0:
>
> > 7. ALTO OAM YANG Modules
>
> This section has no description, or if the YANG spec has already
> explained everything, just ignore this comment.
> > 7.1. The "ietf-alto" YANG Module
>
>
> Section 8., paragraph 8:
>
> >The "ietf-alto" supports an HTTP listen mode to cover cases where the
> >ALTO server stack does not handle the TLS termination itself, but is
> >handled by a separate component. Special care should be considered
> >when such mode is enabled. Note that the default listen mode is
> >"https".
>
> s/"https"/HTTPS
>
"https" is a case node of the "transport" choice under
"alto-server-listen-stack" grouping. This is not a nit.
>
> What is the HTTP listen mode and TLS termination? I think they refer to
> the implementation of an HTTP(s) server and closing HTTPS connection by
> server.
> If so, they are general processes which are out of the scope of OAM
> security,
> so I feel there is no need to list it here.
>
The security considerations are not only limited to OAM but all the
operations of the YANG data model. But thanks for the comment. We will
clarify this.
> >Also, please be aware that these modules include choice nodes that
> >can be augmented by other extended modules. The augmented data nodes
> >may be considered sensitive or vulnerable in some network
> >environments. For instance, an augmented case of the "source-params"
> >choice in "data-source" may include authentication information about
> >how to access a data source including private network information.
> >The "yang-datastore" case in Appendix A.3 is such an example. The
> >"restconf" and "netconf" nodes in it may reveal the access to a
> >private YANG datastore. Thus, those extended modules may have the
> >NACM extension "default-deny-all" set.
>
>
> ___
> alto mailing list
> alto@ietf.org
> https://www.ietf.org/mailman/listinfo/alto
>
___
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto