[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protocol: control specifications.



Kurt D. Zeilenga writes:
>At 01:46 AM 1/6/2004, Hallvard B Furuseth wrote:
>>Jim Sermersheim writes:
>>>>>>Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 12/29/03 12:40:56 PM
>>>>
>>>> After thinking a bit more about this, I believe [Protocol] should
>>>> require protocolViolation if the required criticality of a supported
>>>> control is violated. That will teach programmers who use a server
>>>> which does support the control, to write programs which will work
>>>> right when moving to a server which does not support the control.
> 
> This disallows servers in being liberal in what they accept (in this
> case).

Yes.  I think being liberal here is harmful, as explained previously in
this thread.  If LDAP is going to be liberal in _everything_ it accepts
as a matter of principle, I have a couple of other wishes - like
eliminating error returns from string preparation.

> While I thinking 'teaching programmers' approach is fine for the lab,
> I disagree that this approach is appropriate for the Internet as the
> lesson may given upon the deployer not the programmer.

If the programmer tests his program, which I would hope he does, he is
the one who will get the lession.

That leaves already existing programs.  For those, the deployer may
still get the lession because the server _may_ already reject controls
with wrong criticality.  He will certainly get the lession if he tries
the program against a server which does not support the control - and he
is likely get it in a far less pleasant way than just seeing the program
return an error.

>>>> For example, the No-Op control, which prevents the effects of update
>>>> operations, has criticality TRUE. It would be rather unfortunate to
>>>> run a program which uses it with criticality FALSE against a server
>>>> which does not support the control.
>>> 
>>> I would rather take the less limiting approach, and place this kind of
>>> imperative in the control specification(s). 
>>
>>OK if control specifications are required to say how the server should
>>behave in this respect.  But I get the impression that this is the
>>alternative which Kurt likes least...
> 
> I think it is inappropriate for control specifications to attach
> additional semantics to the criticality field as criticality
> should only matter to implementations which don't make use of the
> control.

Good point.

>>Would making this the default be an acceptable compromise?  That is,
>>[Protocol] could say "Unless the control specification says otherwise,
>>the server should return protocolViolation if the required criticality
>>of a supported control is violated."
> 
> I think this is a bad idea here.  Such requirements can lead to
> interoperability problems with control specifications are updated.
> (...)

OK.  Also, your previous point still applies.

> Consider the need to update a specification from "clients MUST provide
> criticality field of TRUE" to "clients SHOULD provide criticality field
> of TRUE".  Such a change could not be made if we require servers to
> error where the criticality is not TRUE.
> 
> Control specifications should detail under what circumstances the
> control generator should mark the control critical or non-critical.
> However, they should not detail any semantics upon the implementation
> processing that control as those are defined in the general protocol
> semantics.

-- 
Hallvard