Hi Jim,See my response to Mario's Email for my take on semantic versioning itself. TL;DR; Not fully against it but aware that the value is more limited than is assumed. But keep it the only variant.
And yes, building versioning into the main protocol and declaring it rdap-1.1 would be an approach I would support. As this would be a non-breaking change it should not break any client, shouldn't it? This way we may also define the same versioning schema for rdap itself, which is now not a part of the draft.
Kind Regards. Pawel On 14.11.24 17:15, Gould, James wrote:
Jasdip,I believe that we can agree to disagree on the value of semantic versioning. There are some within the working group that do believe that there is a need for semantic versioning in support of implementing new versions of RDAP extensions while they’re not finalized and introducing new RDAP extension versions that may not be backward compatible. The semantic versioning provides for the needed level of isolation and having the meta-data and support within RDAP has value. There is nothing forcing an RDAP extension author to support semantic versioning, but if they do support semantic versioning, it’s completely backward compatible to what’s defined within the base RDAP RFCs. If I foresee many revs of the extension during development, I recommend semantic versioning to encourage development with the needed client features (meta-data and providing their preference in the query). That is my recommendation, which is not included in the versioning draft. We’ve even discussed bumping of RDAP itself (rdap_level_0 to rdap_level_1 or better yet rdap with semantic versioning rdap-0.X moving to rdap-1.0 or rdap-1.X moving to rdap-2.0).The versioning draft supports both opaque and semantic versioning for the extension authors to decide on. Should we add the third “temporal” versioning type that we discussed at IETF-121 now in the versioning draft or wait to define it if and when its needed? I get the sense that if we’re discussing the use of semantic versioning, adding a third versioning type is unneeded. Thoughts?Thanks, -- JG cid87442*image001.png@01D960C5.C631DA40 *James Gould *Fellow Engineerjgo...@verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgo...@verisign.com>703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> *From: *"kowa...@denic.de" <kowa...@denic.de> *Date: *Thursday, November 14, 2024 at 10:01 AM*To: *Mario Loffredo <mario.loffr...@iit.cnr.it>, James Gould <jgo...@verisign.com>, "jasd...@arin.net" <jasd...@arin.net>, "regext@ietf.org" <regext@ietf.org>*Subject: *[EXTERNAL] Re: [regext] Re: RDAP versioning draft feedback Hi Mario,I would really like to see how many versions we envision to be facing in the lifecycle of an extension.We are talking here not of version of an application software, but of a specification. So not every server change would lead to deprecation process. The specifications do not rotate that often to justify semantic versioning. Especially the draft defines own semantic versioning instead of taking just the one from https://semver.org/ <https://secure-web.cisco.com/19t6tkaB5-w46rJG4AqdwU7thmx8de8AX_4wTdz2v4lU1KJSxdPY7Hh1Lg52kzSuMNoAwLzhck0UKX0AEiuDTLGYcShsc5AZxvzOXhQXCNL66kPTxkz2latb0_DjxiinA9qIy_W3dN-GlPO2ZLdjLwGXSiV18kbBvQMqgE3hbdQHHxpR-AFuDDWR_ln7IXOu-pUsihvhAtama9sMtsBCKnUicbxaeWmwkCOpoxCtM5-sbi6TpjOgW_bTAloEZf-SP0nV0tu6E99TP_kEchTJwgdtHnamZzERUofukJ9YuVsw/https%3A%2F%2Fsemver.org%2F> which means custom development to be compliant.If there is no-braking change then the version is just informational for the client.If there is a breaking change then the client must be aware of the version it supports and this can be covered likely with the same effect by taking new extension identifier. Also here range compatibility, that semantic versioning brings, is likely more than needed for the use case.Kind Regards, Pawel On 12.11.24 12:18, Mario Loffredo wrote: Hi Pawel, Il 12/11/2024 08:27, kowa...@denic.de ha scritto: Hi Jim, Looking forward to more motivation information from the authors then and Andy. Adding yet another versioning type seems to me going into direction of even more complexity. My argument was rather to just stay with opaque and restrain from defining anything beyond that. Based on the fact that the use of opaque versioning results in managing a deprecation process at every server change, I believe that semantic versioning goes into direction of less complexity. AFAIK changes on REST APIs are most likelty additive as the must is to avoid breaks as much as possible, likewise I expect the same trend in RDAP. Hence, IMO semantic versioning would be preferable. Best, Mario I would like also to feedback on this particular issue of normative MUSTs in "start" and "end" attributes. > [JG] I’m not clear why removing an expired version from the list of returned with a normative MUST poses an issue. A client would know based > on the normative MUST that any “end” extension version identifiers would not have already expired. Clients will know in-band when an > extension version identifier is going to be supported or going to be removed. This does come into play when a server is implementing an > Internet Draft that goes through many versions. An example is changing the versioning extension from version “0.2” to “0.3” in draft-ietf-> > regext-rdap-versioning-02. From the draft: "start:" - [...] Once the date and time has passed, the "start" member MUST be removed. "end" - [...] Once the date and time has passed, the extension version object MUST be removed and the extension object MUST be removed if the last extension version object is removed. There seems to be a lot of focus put on time as the prime dimension when the versions are phased in or out. I would argue it is the only way of doing it or even if this is the common operational practice these days. In case of "end" it shall communicate, that after this date the extension version may not be available anymore. It should remain purely informative and tell the client: "if you are using this extension, you likely have a problem beyond this date. Take care to move to a newer version or other functionally equivalent extension". No more than that. Operationally the operator may for example want deploy a new version of RDAP server without support for this particular extension version after this date, not to break this promise, so it should be just OK to have a version supported beyond the date announced as "end". Similar for "start", if this ought to be an information when operator would start supporting the version and be an indicator that the version is not yet there, but will be... eventually. The operator should be able and allowed to deploy it even before this date or also after. Other aspect is if the operator will even have enough information to provide "start" date if the RDAP server software would be coming from a third party and the software provider wouldn't be able to tell when the operator would deploy the new version, so it would have to be a kind of configuration option that the operator would have to maintain. So if the new version of the extension is deployed, the "start" date would just disappear. So I would rather state the "start" MUST NOT be announced for an already supported extension version. Or would that also not always be true? For example if the operator would like to have an extension version supported, but as "preview" or "beta"? Would "start" then indicate an official support? Just don't get me wrong - I'm not trying to add even more features, rather to state that "start" is either operationally difficult, misleading or semantically not precise enough to be useful. So let's rather drop it. Just a proposal: maybe the whole lifecycle could be done much easier just providing a simple status field to the extension version: "deprecated", "productive" (default if not provided), "beta". For "deprecated" maybe "supportedUntil" could be useful. And one more thing. The draft is about extension versioning. How about RDAP version itself? If the argument would be that clients need all of those functionality of versioning for interoperability, wouldn't it be to the same way applicable to the protocol itself? It would be useful for the clients if there would be one mechanism same for protocol and extensions, not two. Kind Regards, Pawel On 11.11.24 18:52, Gould, James wrote: Pawel, Pawel, thank you for your feedback. The co-editors of the versioning and x-media drafts met at IETF-121 and agreed to the following: 1. Add reason language to the semantic versioning section. Andy Newton is going to provide the use case information that is associated with his experience with investigating RDAP issues. 2. Look to add more meta-data in the /help response. Andy Newton to provide sample JSON for the additional meta-data. 3. Update x-media to reference the Extension Version Identifier ABNF in versioning, which will ensure compatibility. 4. Add support for temporal versioning, based on RFC 3339 <https://secure-web.cisco.com/1KefTmY9x7qHmzIVAJVnx41CkQ0r8JQVrIsH5Xp2hPlbyOwip3EIa2nXQmI-1qz_EkZkTkmxDKsDoDpxkLgmOZk6LwjfHuIqp2k6pvwKWwnF0g2elA7HfVa5aHMeeeKbAPGiuQqHnifg_wRxTeowbbVAoUoNmzuK2vGWOcP1d1TrBCCBJbBAjnepS7b3DqnEB5cvm5qO17l9GUrkk6_fCBZfvL6mdciDhKhUoj2qBt9stT1ibcfkiWO4LM65jly8aav_otFzH5sRp_6ddxXZkzQmI3wtsC9pMNg-yVr-jcow/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc3339>. 1. It would be good to get your feedback with adding a third versioning type, since you asked the question about the need to define and register the versioning types. 2. To answer your question, we know that there are two types of versioning (opaque and semantic) discussed thus far, but there may be other types considered in the future. Adding the temporal version type would provide another example. 5. “rdapx” to be added in the RDAP Extensions Registry for x-media. 6. x-media to look to use “rdap-x+json” in the accept header and to use the existing “rdap+json” in the content-type header. Andy Newton will check with SMEs on this. 7. Agreed to keep the x-media and versioning drafts separate with normative reference between them. I provide additional responses to your feedback embedded below, prefixed with “[JG]”.--JG cid87442*image001.png@01D960C5.C631DA40 *James Gould *Fellow Engineer jgo...@verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgo...@verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://secure-web.cisco.com/1fa6zxWFjes8yVno3pZMPDu-7wyyuqTdtaYxGJWfKE3ak75bJsfGAvfZAcfSYB4t5O6XQx8xkuAw0ykXRhiJZctpRU0PNqhv9b8SbEQ_JCZR716qz7b7K7pq3ObTSPM7WpjNdbOinQ1ZcV3ne_3mO7DrdVZgBCqEs2sQMReZ9sk9Nsr-9SN-sq4pld72HPjBZwm0b8tB-4vbQX-KLuJyMkX3zE6GVkLmwEHxelhqus2929QSGCOuPIX4WYFC-WxH6OV2vC1Fmg0oFu5-V9mLUS7mu0rcaAfgNVnlxTuO2Qhc/http%3A%2F%2Fverisigninc.com%2F> *From: *"kowa...@denic.de" <mailto:kowa...@denic.de> <kowa...@denic.de> <mailto:kowa...@denic.de> *Date: *Monday, November 11, 2024 at 12:02 PM *To: *James Gould <jgo...@verisign.com> <mailto:jgo...@verisign.com>, "jasd...@arin.net" <mailto:jasd...@arin.net> <jasd...@arin.net> <mailto:jasd...@arin.net>, "regext@ietf.org" <mailto:regext@ietf.org> <regext@ietf.org> <mailto:regext@ietf.org> *Subject: *[EXTERNAL] Re: [regext] Re: RDAP versioning draft feedback Hi Jim, To recap on what we discussed in Dublin and to also have input from the working group. Jasdip stated a very valid question. Reading through the draft in more detail I also have a feeling that we are trying to use a sledgehammer to crack a nut. The problem to solve was that RDAP was lacking of clear way of signalling that there is a different version of the same extension, so the client would know that foo1 and foo99 are indeed version of the same extension and not different unrelated extensions. What the draft proposes is very feature reach, but does not tell a lot about why clients and servers should spend time implementing all of its features. Do we expect an RDAP extensions to have tens or hundreds of versions, so that the clients would need to apply a logic of semantic versioning to work on ranges of versions and distinguishing major and minor versions? If we talk about extensions from IETF control this is not likely to happen, just because of how IETF process works. Why do we need extensibility to even support more versioning semantics (Versioning Type)? [JG] We will be adding the reason language for the semantic versioning, but providing the meta-data in the /help response would help for software clients and client users trying to troubleshoot issues. The versioning type definition and registration makes sense for what we know today. Other forms of versioning could be created in the future with the temporal type in, based on RFC 3339 <https://secure-web.cisco.com/1KefTmY9x7qHmzIVAJVnx41CkQ0r8JQVrIsH5Xp2hPlbyOwip3EIa2nXQmI-1qz_EkZkTkmxDKsDoDpxkLgmOZk6LwjfHuIqp2k6pvwKWwnF0g2elA7HfVa5aHMeeeKbAPGiuQqHnifg_wRxTeowbbVAoUoNmzuK2vGWOcP1d1TrBCCBJbBAjnepS7b3DqnEB5cvm5qO17l9GUrkk6_fCBZfvL6mdciDhKhUoj2qBt9stT1ibcfkiWO4LM65jly8aav_otFzH5sRp_6ddxXZkzQmI3wtsC9pMNg-yVr-jcow/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc3339>, may being added to the draft as well. Please let us know whether you support adding the temporal type. I know from implementing EPP extensions that are not RFCs, having versioning provides isolation and the ability for the co-editors to encourage implementation without risking breaking clients. What we expect clients to do with all the related lifecycle information (start/end/default)? I can make some usefulness for the "end" attribute (like warning about using deprecated interface), but mandating the server (normative MUST) to remove the support exactly at this time seems like a void requirement, as operationally quite hard to fulfil unless the server would implement special logic for management of versions of extensions. A bit of overhead for very little gain if you ask me. "start" is something with even less usefulness as we are talking about future version. Here there are a lot of assumptions that the server deploys a future version and only activates it later at a given point in time. Again a logic not really needed. The client will learn about new version when it's there and supported by client anywhere. [JG] I’m not clear why removing an expired version from the list of returned with a normative MUST poses an issue. A client would know based on the normative MUST that any “end” extension version identifiers would not have already expired. Clients will know in-band when an extension version identifier is going to be supported or going to be removed. This does come into play when a server is implementing an Internet Draft that goes through many versions. An example is changing the versioning extension from version “0.2” to “0.3” in draft-ietf-regext-rdap-versioning-02. I would double what Jasdip stated below, that opaque versioning - with just adding semantics to one symbol "-" splitting extension identifier into name and version would do the same good job and be a way simpler. [JG] Adding the use of the ‘-‘ delimiter with a version is exactly what draft-ietf-regext-rdap-versioning is doing, but maintaining compliance with the base RDAP RFCs by not touching the extension identifiers in the rdapConformance. If someone would like to release a new version of their extension every month (as sais likely outside of IETF), another semantic for versioning would be good for it and within the opaque version part. But then it might be a part of their particular specification and would only concern clients dealing with this particular extension. K.I.S.S. [JG] The external version identifier pretty much matches the concept of the XML URI in EPP and the extension identifier prefix matches the concept of the XML prefix, which means that an updated draft can add features reflected in the version extension identifier without having to touch the extension identifier prefix. The whole idea is not to require to communicate versions out-of-band (e.g., EPP 03/07 or 05/07 for those that have been around for a while) when the extension identifier does not change between extension versions with material changes. Kind Regards, Pawel On 03.11.24 22:50, Gould, James wrote: Rationale for versioning: Section 1 says, “The RDAP Conformance values are identifiers with no standard mechanism to support structured, machine-parseable version signaling by the server.” It’d be good to elaborate with usage scenarios where such structured versioning is a value-add for clients beyond what the opaque (no inner meaning) extension identifiers from STD 95 afford. Let’s say an extension is “foo1”, then “foo99”, and later “foo2” in terms of “versions”. The server announces its support for these non-structured extensions, say, on its web site or through the “rdapConformance” member in a /help response, and the clients can then negotiate a particular non-structured version of this extension using the standard HTTP content negotiation methodology (e.g., using the RDAP-X media type). In the spirit of what-not-to-do, it is fair for a client to ask: Why should I go through the overhead of processing the “versioning_help” member? What value-add does it get me? Is it in some way a better discovery and/or negotiation method for RDAP extensions? Would be good to beef up the rationale for structured versioning. JG – We need to ensure that RDAP-X supports the extension version identifier as well, so there should be no variance between the versioning extension and the RDAP-X extension. We can add more rationale in Section 2 “Semantic Versioning”, where a server could support multiple versions of an extensions that are signaled as related. For the versioning extension itself, there have been multiple versions of it that are not structurally different and not backward compatible, with the latest version being “versioning-0.3”. Other RDAP extensions could leverage semantic versioning during development to encourage implementation with version isolation and with clear relationship between the extension version identifiers. Do you believe that we should look to add the concept of relationships between opaque version identifiers? Kind Regards, Pawel _______________________________________________ regext mailing list --regext@ietf.org To unsubscribe send an email toregext-le...@ietf.org--Dott. Mario Loffredo Senior Technologist Technological Unit “Digital Innovation” Institute of Informatics and Telematics (IIT) National Research Council (CNR) Address: Via G. Moruzzi 1, I-56124 PISA, Italy Phone: +39.0503153497 Web:http://www.iit.cnr.it/mario.loffredo <http://secure-web.cisco.com/1pPX37bpVYfAb7MaLZblOKQ85YIwsQ_nMCRLjVj-Sw0fLFS691I0md_lMu08Muoku5IH60r8Hc2AVJGnVC2_em8WTUoaty8Bgjub6RrmJ0Vgu6-RfCIh7mRu73sg6ZtsKx3ATFRZHiw_8EzssbnvKAhaPuwZgCUkDhYqEaF0uOIgn7aYvsUQX8n23JkWQ9Og7XR8V_woNmTD2zCf59e_a3an05IpvKOAbbf0jEmc7hOABMe2OUu8VxQFiYoohJYta2ETwBbSQDWWHrLjUD1fPQUSDUEOmtwGG1BeAmfcWExA/http%3A%2F%2Fwww.iit.cnr.it%2Fmario.loffredo>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ regext mailing list -- regext@ietf.org To unsubscribe send an email to regext-le...@ietf.org
