[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: appropriateness of combination of controls (new suggestion)
So now what is being brought up is the definition of 'appropriate'.
I've always had a limited view of what this means * it's either appropriate or not at an operation level. This has caused confusion though (and not just in the face of multiple controls). For example, it was never known whether it was appropriate to send a persistent search control with a search operation which had a size or time limit specified. Servers implemented the behavior in different ways (though I don't think any treat it as inappropriate, and allow a false criticality to cause the control to be ignored).
So Kurt is just saying, "let's define the term appropriate to mean ...". Since the term has never been defined before, I think it's a worthwhile exercise, if it answers the combination of controls question, then it's even better.
If we are going to say that controls can affect the appropriateness of an operation, then I believe any variable of an operation should be allowed to determine whether the attachment of a control is appropriate. Furthermore, it makes sense that if one states that control A is appropriate for operation X, then all variations of operation X are appropriate * one should list the known inappropriate states of an operation's variables, not all permutations of appropriate one. If this is the rule, then clearly we have some control definitions that need to be updated * which is fine.
I think this may lead to different results from Kurt's suggestion. If both controls A and B are appropriate for operation X, then neither can be ignored (or error with unavailableCriticalExtension) due to being inappropriate. But if control B states that it is inappropriate to be used on operation X.A, then it (but not A) can be ignored (if criticality is false). If the specification for B makes a statement regarding the appropriateness of A attached to X.B, it is considered an update to the specification of A.
Jim
>>> "Ramsay, Ron" <Ron.Ramsay@ca.com> 5/10/04 7:20:15 PM >>>
Hi Kurt,
I disagree with this because you have changed the control semantics from:
- If you recognise this control you must honour it
to
- You may choose to ignore this control.
In general, I agree with Jim's remarks. Certain control combinations can be specified in RFCs.
However, where a novel combination of controls is received by a server, I think it would be OK for the server to process it, rather than respond in a technical way with an error result. Note that once you specify the a server MUST respond with an error, there is no way to subsequently legitimise the control choice.
On a personal note, I found the whole discussion of 'defined' very silly. Behaviour is either 'specified' in the usual places, or it remains unspecified. It cannot be 'defined' locally. That simply makes each server self-documenting, in a way.
Ron
-----Original Message-----
From: owner-ietf-ldapbis@OpenLDAP.org
[mailto:owner-ietf-ldapbis@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga
Sent: Tuesday, 11 May 2004 07:45
To: ietf-ldapbis@OpenLDAP.org
Subject: appropriateness of combination of controls (new suggestion)
I offer the following for WG consideration:
0) Add to end of the first paragraph of 4.1.11.
Implementations SHOULD only attach controls which are
appropriate for the operation (as discussed in applicable
specifications).
1) Insert new paragraph above the one which starts with
"The controlValue may contain information":
When considering whether a control is appropriate for the
operation, the implementation is not only to consider whether the
control is attached to a message it was intended to be used
with, but whether the control is being used appropriately
in combination with other controls (of same or different
controlType).
When a server is faced with a sequence
of controls which are not appropriate for the operation,
the server may attempt, by ignoring any number of
non-critical controls (including controls whose criticality
field is to be ignored as discussed above), a sequence which
is appropriate for the operation. If such a sequence is found,
the server is to make use of it when performing the
operation. Otherwise, servers are to fail the operation
and, and for operations which have a response, indicate so by
returning unavailableCriticalExtension (if any of the controls
were marked critical) or protocolError (if the message is
considered not well structured) or other appropriate result
code.
When a client is faced with a sequence of controls which
are not appropriate for the operation, the client may
attempt, by ignoring any number of controls, in order
to make use of the response in its processing. Alternatively,
the client may treat the response as not well structured.
2) Remove the existing paragraph which starts with "Controls SHOULD NOT
be combined".
3) Replace as last bullet with:
- optionally, semantics regarding combination of the
control with other controls (of same or different
controlType). These semantics may rely on ordering
of the controls in the sequence of controls attached
to the message.
It is noted that semantics of a combination of controls
is generally found in the control specification most
recently published. In absence of a specification of
a control combination semantics, implementors should
generally regard use of the control in combination
with other controls as not appropriate for use in the same
operation. In presence of a specification which does not
detail any order dependent semantics, the implementor is
to regard the semantics as being independent on the
order of controls.