Dear Benjamin, Thanks for your input. We believe that relationship between an object and an organization should be 1-to-1, one organization ID with just one role. 1-to-many is an exception for the organization extension. Indeed that is our concern, "the multiple examples may be overkill". Many thanks. Regards, Linlin
Linlin Zhou From: Benjamin Kaduk Date: 2018-10-31 09:05 To: Linlin Zhou CC: regext-chairs; Pieter Vandepitte; iesg; regext; draft-ietf-regext-org-ext Subject: Re: Re: [regext] Benjamin Kaduk's Discuss on draft-ietf-regext-org-ext-09: (with DISCUSS and COMMENT) On Tue, Oct 30, 2018 at 10:16:05AM +0800, Linlin Zhou wrote: > Dear Benjamin, > I've included my feedbacks inline and removed the clarified items. > > Regards, > Linlin > > > Linlin Zhou > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > Second, I am unsure of the semantics relating to role types, especially as > > they interact with the <update> command. Various aspects of the examples > > seem to imply that it is only permitted to have at most one organization > > mapping of a given role type (i.e., one reseller, one proxy, etc.). In > > particular, the <orgext:chg> element seems to be using the <orgext:id> role > > attribute to determine which <orgext:id> is being changed (with the new > > value being provided in the element body), and the <orgext:rem> element is > > providing <orgext:id> with only the role attribute and no body to identify > > a specific organization to remove. If this reading of the document is > > correct, then I would expect the limitation to be called out more clearly, > > especially as it would seem to prevent a domain owner from (e.g.) using > > multiple DNS service operators. > > [Linlin] In the normal business model, for example a domain should have one > > reseller, one registrar etc. How about adding some text like "One > > <orgext:id> element is suggested for each role type." in the element > > description. > > I don't think that addresses my core concern (though it is probably worth > doing in its own right). > > In particular, if it is allowed by the protocol/registry to have more than > one <orgext:id> element of a given role type, then several of the protocol > exchanges this document defines within <update> are not fully defined in an > interoperable fashion. For example, what if I receive a > <orgext:chg><orgext:id role="dns-operator>dns872</orgext:id></orgext:chg> > and there are currently two dns-operators defined? Do I remove both > existing entries and add the one new one? Do I remove just one existing > entry and replace it with the new one? If the latter, how do I pick which > one is to be removed? I just don't see how the operation is fully > specified for these cases. > [Linlin] We have discussed the error cases, but may lack of this situation. > If there are already multiple IDs exist with a particular role, I suggest not > changing the object and returning an error code 2305 which means "Object > association prohibits operation". That seems reasonable to me, given that we expect this situation to be uncommon, and a combination of <orgext:add> and <orgext:rem> should allow the desired changes to be made more precisely. > Maybe some words like "An attempt to change an organization ID with a > particular role value, when multiple IDs exist with the same role value, does > not change the object at all. A server SHOULD notify clients that object > relationships need to be checked by sending a 2305 error response code. " > > I would suggest a little more lead-in text, maybe like: It is expected to generally be the case that any given object will have at most one associated organization ID for any given role value, though the registry semantics do permit two or more associated organizations for a given role. In such cases, certain <orgext:chg> and <orgext:rem> elements may not uniquely specify an operation to perform (e.g., which of two organizations to replace via <orgext:chg>, or which of two organizations to remove via an <orgext:rem> with empty body). An attempt to change an organization ID with a particular role value, when multiple IDs exist with the same role value, does not change the object at all. A server SHOULD notify clients that object relationships need to be checked by sending a 2305 error response code. Feel free to edit as you see fit; my only concern is that the expected behavior is specified, not how it is written. (In particular, given how uncommon this situation is expected to be, the multiple examples may be overkill.) -Benjamin
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
