20 Dec 2004 20:48
Re: [Geopriv] Re: Usage of substitution groups in draft-ietf-geopriv-common-policy
Hisham Khartabil <hisham.khartabil <at> telio.no>
2004-12-20 19:48:48 GMT
2004-12-20 19:48:48 GMT
On Dec 20, 2004, at 7:43 PM, Jonathan Rosenberg wrote: > > > Jari Urpalainen wrote: > > >>> >>> The problem case I am worried about is the following. >>> >>> We are using xcap. A client is managing its presence authorization >>> policies. It attempts to upload a document to the server. The client >>> is made from a different vendor from the server, and has recently >>> been upgraded to support a new permission type. This new permission >>> is not understood by the server. >>> >>> As currently defined, since xcap servers have to do xml validation, >>> the user will not be able to upload its permissions. I believe it >>> should be able to do so. We have designed the common-policy work to >>> be "privacy safe" so even if permissions unknown to the server are >>> included, additional information can never be leaked. >>> >>> -Jonathan R. >> Thanks Jonathan for the clarification. Although I'll agree with these >> "privacy safe" issues I would still prefer the current very >> deterministic model, because imo dropping the rules that the server >> doesn't understand is exactly the right thing to do as we are >> expecting the server to do the "real" work. Furthermore, as the >> client already knows that it's using an extension it should be able >> to fall back to the basic rules easily. So I'd rather keep the strict >> rules. > > I don't follow you here. > > With common-policy as currently defined, the server won't just "drop > the rules it doesn't understand" - the entire document will fail > validation, and no rules will be placed on the server at all. > > Perhaps what you are proposing is that the request should fail, and > that the client should have a way to figure out why, and then adjust > its document to only use namespaces understood by the server? Why wait until it fails? As I said in an earlier email, the client can query for server capabilities if it REQUIRES that server to support a certain extension. If the client doesnt care, then it just uses the extensions. The client doesnt care in cases where the server need not know the semantics of things. Regards, Hisham > > -Jonathan R. > > -- > Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > Director, Service Provider VoIP Architecture Parsippany, NJ > 07054-2711 > Cisco Systems > jdrosen <at> cisco.com FAX: (973) 952-5050 > http://www.jdrosen.net PHONE: (973) 952-5000 > http://www.cisco.com > > _______________________________________________ > Simple mailing list > Simple <at> ietf.org > https://www1.ietf.org/mailman/listinfo/simple >
RSS Feed