Thomas C. Schmidt
2016-11-03 15:45:32 UTC
Hi Ben,
thanks for your comments. Please see inline.
In this case, you receive a store request along with a certificate. In
step 1, you resolve the user name of the requester, i.e., the user name
that corresponds to the certificate in the request.
... then you identify the user in the ACL and walk up the delegation
chain.
In step 5, you have arrived at the root of the delegation tree. This is
the case, when the to_user equals the signer equals the owner of the
resources (see see Figure 1). This is also how it terminates - the owner
of the resource is the root of the trust chain.
right. Changed to "...based on a trust delegation mechanism that
transfers the authorization .."
Authorized..".
So the user is not required to use an array for sharing, but if an array
is used, write conflicts MUST not be produced.
So we replace the may by a "can".
behavior of the storing peer. When receiving a store request, this peer
should not behave according to its own application semantic, but to the
common overlay rule.
(a), then write ... otherwise try (b), then write ... +++ ... otherwise
refuse.
Cheers,
Thomas
thanks for your comments. Please see inline.
Ben Campbell has entered the following ballot position for
draft-ietf-p2psip-share-09: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
https://datatracker.ietf.org/doc/draft-ietf-p2psip-share/
----------------------------------------------------------------------
----------------------------------------------------------------------
I have a one set of substantive comments/questions, and some editorial
- I'm confused about the validation procedure. In step one, is this the
user name of the user attempting to write the resource? In step 5, I do
not understand how this terminates. Which ACL item is the "previously
selected" one. If that refers to the one selected in the last iteration
of steps 3 and 4, how do you know there are not more ACL items to iterate
through?
You are referring to 6.3 "validating writ access"?draft-ietf-p2psip-share-09: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
https://datatracker.ietf.org/doc/draft-ietf-p2psip-share/
----------------------------------------------------------------------
----------------------------------------------------------------------
I have a one set of substantive comments/questions, and some editorial
- I'm confused about the validation procedure. In step one, is this the
user name of the user attempting to write the resource? In step 5, I do
not understand how this terminates. Which ACL item is the "previously
selected" one. If that refers to the one selected in the last iteration
of steps 3 and 4, how do you know there are not more ACL items to iterate
through?
In this case, you receive a store request along with a certificate. In
step 1, you resolve the user name of the requester, i.e., the user name
that corresponds to the certificate in the request.
... then you identify the user in the ACL and walk up the delegation
chain.
In step 5, you have arrived at the root of the delegation tree. This is
the case, when the to_user equals the signer equals the owner of the
resources (see see Figure 1). This is also how it terminates - the owner
of the resource is the root of the trust chain.
-1, first paragraph, first sentence: s/that/, which
-- recurring singular plural mismatch "resources with a variable name".
Thanks, fixed.-- recurring singular plural mismatch "resources with a variable name".
-1, 2nd paragraphs: "It transfers the authorization..."
What is the antecedent for "it"?
We meant the "trust delegation mechanism" - but it's ambiguous, you'reWhat is the antecedent for "it"?
right. Changed to "...based on a trust delegation mechanism that
transfers the authorization .."
missing article.
Thanks, fixed.-3.1, 3rd paragraph: Is the SHALL appropriate? Is an authorized user
actually required to access the array in the first place?
It says "If the data model of the Shared Resource is an array, eachactually required to access the array in the first place?
Authorized..".
So the user is not required to use an array for sharing, but if an array
is used, write conflicts MUST not be produced.
- 6.5, first paragraph: Does the MAY grant permission, or is it a
statement of fact?
Good point. The actual statement means that users are enabled to do so.statement of fact?
So we replace the may by a "can".
-6.6, paragraphs 3 and 4: Are the MUSTs appropriate? Are there not other
(perhaps application specific) reasons one might choose not to write the
value?
I believe the MUST is correct: we're in a section that describes the(perhaps application specific) reasons one might choose not to write the
value?
behavior of the storing peer. When receiving a store request, this peer
should not behave according to its own application semantic, but to the
common overlay rule.
-- 2nd paragraph from end: The MUST seems more like a statement of fact.
(E.g. "The resulting ... integer is used...")
Mhmm, I don't think so. These are all iterative decision steps: try(E.g. "The resulting ... integer is used...")
(a), then write ... otherwise try (b), then write ... +++ ... otherwise
refuse.
- 4.1, last paragraph: s/implementations/implementors
Thanks, fixed.- 4.2, definition of res_name_ext: The sentence starting with "This name
serves..." is hard to parse.
O.K., changed to "This name is used by the storing peer for validating..."serves..." is hard to parse.
-5.1, 4th paragraph (paragraph after example) : s/witch/which
Yep, this document was full of witches, but they have been banned now.Cheers,
Thomas
--
Prof. Dr. Thomas C. Schmidt
° Hamburg University of Applied Sciences Berliner Tor 7 °
° Dept. Informatik, Internet Technologies Group 20099 Hamburg, Germany °
° http://www.haw-hamburg.de/inet Fon: +49-40-42875-8452 °
° http://www.informatik.haw-hamburg.de/~schmidt Fax: +49-40-42875-8409 °
Prof. Dr. Thomas C. Schmidt
° Hamburg University of Applied Sciences Berliner Tor 7 °
° Dept. Informatik, Internet Technologies Group 20099 Hamburg, Germany °
° http://www.haw-hamburg.de/inet Fon: +49-40-42875-8452 °
° http://www.informatik.haw-hamburg.de/~schmidt Fax: +49-40-42875-8409 °