Re: [netmod] identityref with multiple base statements (follow-up question)
Lada: thanks a lot for the clarification. Tom: my understanding is that the 'derived from all' would mean derived from ((aa and bb) or (aa and bb and something else)). As a non-native English speaker, I would have said 'derived at least from all'. Anyway, I am satisfied with the mail clarification. Thanks again Italo > -Original Message- > From: tom petch [mailto:ie...@btconnect.com] > Sent: giovedì 24 settembre 2020 11:01 > To: Ladislav Lhotka ; Italo Busi > ; netmod@ietf.org > Cc: Joey Boyd > Subject: Re: [netmod] identityref with multiple base statements (follow-up > question) > > From: netmod on behalf of Ladislav Lhotka > > Sent: 23 September 2020 15:28 > > Italo Busi writes: > > > I have a follow-up question about this topic > > > > Considering the same identities defined below, what would be the valid > values the following references? > > > > leaf reference-1 { > > type identityref { > > base base-1; > > } > > description > > "Reference to an identity #1."; > > } > > > > leaf reference-2 { > > type identityref { > > base base-2; > > } > > description > > "Reference to an identity #2."; > > } > > > > My understanding, is that: > > - valid values for the reference-1 would be 'a' and 'b' > > - valid values for the reference-2 would be 'b' and 'c' > > > > Is my understanding correct? > > Yes, this should be pretty clear from sec. 9.10.2 of RFC 7950. > > > Well, may be. I saw this come up some time ago and read RFC7950 and was > unsure. > > It is 'derived from all' that gave me pause. With aa and bb as base, does > that > mean derived from aa and bb or derived from aa or bb? Should that be > 'derived from any'? > > Tom Petch > > Lada > > > > > Thanks, Italo > > > >> -Original Message- > >> From: Ladislav Lhotka [mailto:ladislav.lho...@nic.cz] > >> Sent: lunedì 3 agosto 2020 10:45 > >> To: Joey Boyd ; netmod@ietf.org > >> Subject: Re: [netmod] identityref with multiple base statements > >> > >> Joey Boyd writes: > >> > >> > Hi, > >> > > >> > I am looking for some clarification regarding RFC 7950 section 9.10.2, > >> specifically this statement. > >> > > >> > Valid values for an identityref are any identities derived from all the > >> identityref's base identities. > >> > > >> > Example: > >> > > >> > identity base-1 { > >> > description > >> > "Base identity #1."; > >> > } > >> > > >> > identity base-2 { > >> > description > >> > "Base identity #2."; > >> > } > >> > > >> > identity a { > >> > base base-1; > >> > description > >> > "Identity A."; > >> > } > >> > > >> > identity b { > >> > base base-1; > >> > base base-2; > >> > description > >> > "Identity B."; > >> > } > >> > > >> > identity c { > >> > base base-2; > >> > description > >> > "Identity C."; > >> > } > >> > > >> > leaf reference { > >> > type identityref { > >> > base base-1; > >> > base base-2; > >> > } > >> > description > >> > "Reference to an identity."; > >> > } > >> > > >> > The question is how to determine the value space for this identityref. > >> > > >> > Option #1: > >> > The value space is any identity which is derived from both base > >> > identities. > >> This means the only valid value in the example would be 'b'. > >> > > >> > Option #2: > >> > The value space is any identity which is derived from either base > >> > identity. > >> This means the valid values are 'a', 'b' and 'c'. > >> > > >> > The phrasing "...derived from all the identityref's base identities." > >> > tends > to > >> point to Option #1 but I would like clarification on the intent. > >> > >> Yes, #1 is correct. > >> > >> Lada > >> > >> > > >> > Best regards, > >> > Joey > >> > > >> > ___ > >> > netmod mailing list > >> > netmod@ietf.org > >> > https://www.ietf.org/mailman/listinfo/netmod > >> > >> -- > >> Ladislav Lhotka > >> Head, CZ.NIC Labs > >> PGP Key ID: 0xB8F92B08A9F76C67 > >> > > > > -- > Ladislav Lhotka > Head, CZ.NIC Labs > PGP Key ID: 0xB8F92B08A9F76C67 > > ___ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod ___ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
Re: [netmod] identityref with multiple base statements (follow-up question)
From: netmod on behalf of Ladislav Lhotka Sent: 23 September 2020 15:28 Italo Busi writes: > I have a follow-up question about this topic > > Considering the same identities defined below, what would be the valid values > the following references? > > leaf reference-1 { > type identityref { > base base-1; > } > description > "Reference to an identity #1."; > } > > leaf reference-2 { > type identityref { > base base-2; > } > description > "Reference to an identity #2."; > } > > My understanding, is that: > - valid values for the reference-1 would be 'a' and 'b' > - valid values for the reference-2 would be 'b' and 'c' > > Is my understanding correct? Yes, this should be pretty clear from sec. 9.10.2 of RFC 7950. Well, may be. I saw this come up some time ago and read RFC7950 and was unsure. It is 'derived from all' that gave me pause. With aa and bb as base, does that mean derived from aa and bb or derived from aa or bb? Should that be 'derived from any'? Tom Petch Lada > > Thanks, Italo > >> -Original Message- >> From: Ladislav Lhotka [mailto:ladislav.lho...@nic.cz] >> Sent: lunedì 3 agosto 2020 10:45 >> To: Joey Boyd ; netmod@ietf.org >> Subject: Re: [netmod] identityref with multiple base statements >> >> Joey Boyd writes: >> >> > Hi, >> > >> > I am looking for some clarification regarding RFC 7950 section 9.10.2, >> specifically this statement. >> > >> > Valid values for an identityref are any identities derived from all the >> identityref's base identities. >> > >> > Example: >> > >> > identity base-1 { >> > description >> > "Base identity #1."; >> > } >> > >> > identity base-2 { >> > description >> > "Base identity #2."; >> > } >> > >> > identity a { >> > base base-1; >> > description >> > "Identity A."; >> > } >> > >> > identity b { >> > base base-1; >> > base base-2; >> > description >> > "Identity B."; >> > } >> > >> > identity c { >> > base base-2; >> > description >> > "Identity C."; >> > } >> > >> > leaf reference { >> > type identityref { >> > base base-1; >> > base base-2; >> > } >> > description >> > "Reference to an identity."; >> > } >> > >> > The question is how to determine the value space for this identityref. >> > >> > Option #1: >> > The value space is any identity which is derived from both base identities. >> This means the only valid value in the example would be 'b'. >> > >> > Option #2: >> > The value space is any identity which is derived from either base identity. >> This means the valid values are 'a', 'b' and 'c'. >> > >> > The phrasing "...derived from all the identityref's base identities." >> > tends to >> point to Option #1 but I would like clarification on the intent. >> >> Yes, #1 is correct. >> >> Lada >> >> > >> > Best regards, >> > Joey >> > >> > ___ >> > netmod mailing list >> > netmod@ietf.org >> > https://www.ietf.org/mailman/listinfo/netmod >> >> -- >> Ladislav Lhotka >> Head, CZ.NIC Labs >> PGP Key ID: 0xB8F92B08A9F76C67 >> > -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67 ___ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod ___ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
Re: [netmod] identityref with multiple base statements (follow-up question)
Italo Busi writes: > I have a follow-up question about this topic > > Considering the same identities defined below, what would be the valid values > the following references? > > leaf reference-1 { > type identityref { > base base-1; > } > description > "Reference to an identity #1."; > } > > leaf reference-2 { > type identityref { > base base-2; > } > description > "Reference to an identity #2."; > } > > My understanding, is that: > - valid values for the reference-1 would be 'a' and 'b' > - valid values for the reference-2 would be 'b' and 'c' > > Is my understanding correct? Yes, this should be pretty clear from sec. 9.10.2 of RFC 7950. Lada > > Thanks, Italo > >> -Original Message- >> From: Ladislav Lhotka [mailto:ladislav.lho...@nic.cz] >> Sent: lunedì 3 agosto 2020 10:45 >> To: Joey Boyd ; netmod@ietf.org >> Subject: Re: [netmod] identityref with multiple base statements >> >> Joey Boyd writes: >> >> > Hi, >> > >> > I am looking for some clarification regarding RFC 7950 section 9.10.2, >> specifically this statement. >> > >> > Valid values for an identityref are any identities derived from all the >> identityref's base identities. >> > >> > Example: >> > >> > identity base-1 { >> > description >> > "Base identity #1."; >> > } >> > >> > identity base-2 { >> > description >> > "Base identity #2."; >> > } >> > >> > identity a { >> > base base-1; >> > description >> > "Identity A."; >> > } >> > >> > identity b { >> > base base-1; >> > base base-2; >> > description >> > "Identity B."; >> > } >> > >> > identity c { >> > base base-2; >> > description >> > "Identity C."; >> > } >> > >> > leaf reference { >> > type identityref { >> > base base-1; >> > base base-2; >> > } >> > description >> > "Reference to an identity."; >> > } >> > >> > The question is how to determine the value space for this identityref. >> > >> > Option #1: >> > The value space is any identity which is derived from both base identities. >> This means the only valid value in the example would be 'b'. >> > >> > Option #2: >> > The value space is any identity which is derived from either base identity. >> This means the valid values are 'a', 'b' and 'c'. >> > >> > The phrasing "...derived from all the identityref's base identities." >> > tends to >> point to Option #1 but I would like clarification on the intent. >> >> Yes, #1 is correct. >> >> Lada >> >> > >> > Best regards, >> > Joey >> > >> > ___ >> > netmod mailing list >> > netmod@ietf.org >> > https://www.ietf.org/mailman/listinfo/netmod >> >> -- >> Ladislav Lhotka >> Head, CZ.NIC Labs >> PGP Key ID: 0xB8F92B08A9F76C67 >> > -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67 ___ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
Re: [netmod] identityref with multiple base statements (follow-up question)
I have a follow-up question about this topic Considering the same identities defined below, what would be the valid values the following references? leaf reference-1 { type identityref { base base-1; } description "Reference to an identity #1."; } leaf reference-2 { type identityref { base base-2; } description "Reference to an identity #2."; } My understanding, is that: - valid values for the reference-1 would be 'a' and 'b' - valid values for the reference-2 would be 'b' and 'c' Is my understanding correct? Thanks, Italo > -Original Message- > From: Ladislav Lhotka [mailto:ladislav.lho...@nic.cz] > Sent: lunedì 3 agosto 2020 10:45 > To: Joey Boyd ; netmod@ietf.org > Subject: Re: [netmod] identityref with multiple base statements > > Joey Boyd writes: > > > Hi, > > > > I am looking for some clarification regarding RFC 7950 section 9.10.2, > specifically this statement. > > > > Valid values for an identityref are any identities derived from all the > identityref's base identities. > > > > Example: > > > > identity base-1 { > > description > > "Base identity #1."; > > } > > > > identity base-2 { > > description > > "Base identity #2."; > > } > > > > identity a { > > base base-1; > > description > > "Identity A."; > > } > > > > identity b { > > base base-1; > > base base-2; > > description > > "Identity B."; > > } > > > > identity c { > > base base-2; > > description > > "Identity C."; > > } > > > > leaf reference { > > type identityref { > > base base-1; > > base base-2; > > } > > description > > "Reference to an identity."; > > } > > > > The question is how to determine the value space for this identityref. > > > > Option #1: > > The value space is any identity which is derived from both base identities. > This means the only valid value in the example would be 'b'. > > > > Option #2: > > The value space is any identity which is derived from either base identity. > This means the valid values are 'a', 'b' and 'c'. > > > > The phrasing "...derived from all the identityref's base identities." tends > > to > point to Option #1 but I would like clarification on the intent. > > Yes, #1 is correct. > > Lada > > > > > Best regards, > > Joey > > > > ___ > > netmod mailing list > > netmod@ietf.org > > https://www.ietf.org/mailman/listinfo/netmod > > -- > Ladislav Lhotka > Head, CZ.NIC Labs > PGP Key ID: 0xB8F92B08A9F76C67 > ___ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
Re: [netmod] identityref with multiple base statements
Joey Boyd writes: > Hi, > > I am looking for some clarification regarding RFC 7950 section 9.10.2, > specifically this statement. > > Valid values for an identityref are any identities derived from all the > identityref's base identities. > > Example: > > identity base-1 { > description > "Base identity #1."; > } > > identity base-2 { > description > "Base identity #2."; > } > > identity a { > base base-1; > description > "Identity A."; > } > > identity b { > base base-1; > base base-2; > description > "Identity B."; > } > > identity c { > base base-2; > description > "Identity C."; > } > > leaf reference { > type identityref { > base base-1; > base base-2; > } > description > "Reference to an identity."; > } > > The question is how to determine the value space for this identityref. > > Option #1: > The value space is any identity which is derived from both base identities. > This means the only valid value in the example would be 'b'. > > Option #2: > The value space is any identity which is derived from either base identity. > This means the valid values are 'a', 'b' and 'c'. > > The phrasing "...derived from all the identityref's base identities." tends > to point to Option #1 but I would like clarification on the intent. Yes, #1 is correct. Lada > > Best regards, > Joey > > ___ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67 ___ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
[netmod] identityref with multiple base statements
Hi, I am looking for some clarification regarding RFC 7950 section 9.10.2, specifically this statement. Valid values for an identityref are any identities derived from all the identityref's base identities. Example: identity base-1 { description "Base identity #1."; } identity base-2 { description "Base identity #2."; } identity a { base base-1; description "Identity A."; } identity b { base base-1; base base-2; description "Identity B."; } identity c { base base-2; description "Identity C."; } leaf reference { type identityref { base base-1; base base-2; } description "Reference to an identity."; } The question is how to determine the value space for this identityref. Option #1: The value space is any identity which is derived from both base identities. This means the only valid value in the example would be 'b'. Option #2: The value space is any identity which is derived from either base identity. This means the valid values are 'a', 'b' and 'c'. The phrasing "...derived from all the identityref's base identities." tends to point to Option #1 but I would like clarification on the intent. Best regards, Joey ___ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod