Greetings Ben, I was slow to respond as I am currently on vacations. Thank you very much for your extended review on the document. Please see inline. I have prepared all the necessary changes and the only thing that remains is the boilerplate issue (and perhaps the security issues). When we resolve this I can publish the new version. Regards, Evangelos Haleplidis. > Summary: Nearly ready for publication as a proposed standard, but there > are some issues that should be considered first, and some editorial > issues that might also be worth consideration. > > Note 1: I am not an expert in xml schema specifications. I hope assume > others have reviewed the schema, and mechanically verified them. [ΕΗ] I don't know if anyone else has verified the schema, but I have verified it with verification tools and created sample xml libraries. > Note 2: I notice that the Adrian's AD review commented about the lack > of working group review, while the shepherd writeup comments that the > working group had a solid consensus on this draft. On the surface, > those comments seem to conflict. (I don't expect the author to take any > action on this) > > Major issues: > > -- IDNits points out that this draft may need the pre-RFC5378 > boilerplate, due to content from RFC 5812. It does appear to include > substantial amounts of XML schema from 5812. While the publication date > of 5812 post-dates RFC5378, there were many revisions of the draft form > that pre-date 5378 by some time. So unless the author has gotten > permission from all 5812 authors (and I note that author list changed > several times prior to publication), this draft and any resulting RFC > may well need the boilerplate. > [ΕΗ] Thank you for catching this as I have very little experience with this kind of issues. As I have not asked permission from the RFC5812 authors, what should be the proper way to resolve this issue? Ask for permission or use a previous boilerplate? > Minor issues: > > -- section 2.3, 3rd paragraph: > > The 2119 language in this paragraph seems more like description of > procedures. You really only need 2119 language when you want to > constrain some choice an implementor might make. Also, in the two cases > of "MUST be ignored", please consider using active voice? (That is, who > or what must ignore it?) > [ΕΗ] In this specific case (I will reword it) the MUST is a constraint that the implementer has to conform for interoperability. Otherwise the model would mean something different from one implementer to the other, e.g. for A's implementation the struct's component may have an access type of "read-write" but for B it may mean "read-only". The MUST there defines that when you define a struct component's access type, it MUST override the whole struct's access type. > -- section 2.4, 2nd paragraph: > > This also seems like a description of general procedures that doesn't > really need 2119 language. [ΕΗ] Again I think that the MUST is something that is needed for interoperability issues. The BecomesEqualTo MUST generate only one event when the component reaches that specific value and not while it is there. > > -- section 2.4, bulleted paragraph: > > Is this similar to saying that eventBecomesEqualTo effectively becomes > an eventChanged after achieving the target value? Once the value > changes from the target by V or more, does it reset the becomesEqualTo > trigger? > [ΕΗ] No, it does not effectively become an eventChanged. The difference is that it will only be triggered ONCE when the value is changed and not continuously. And yes, it resets the BecomesEqualTo trigger. > -- 2.6, 2nd paragraph: "... derivedFrom will always select the latest > version." > > What if a newer version of the parent is created after the child is > defined? Can it cause backwards compatibility issues if the parent > class changes out from under the child? > [ΕΗ] Thank you for catching this. You're right, this may create backwards compatibility issues. This was an error on my part while writing the update of the draft. My initial response was to use the first version (see http://www.ietf.org/mail-archive/web/forces/current/msg04838.html) so it would have been "select the first version". I have made the necessary correction and made the text better. It now reads as follows: "However if the version is omitted then the derivedFrom will always specify the first version of the parent LFB class, which usually is version 1.0." Using always the first will mean something that is always there, and resolves any ambiguities. > -- section 6: > > The assertion that the changes in this draft have no effect on security > is a bit of a red flag. This draft introduces new kinds of properties > and events that can be expressed, as well as a change to the > inheritance model. Are you sure none of those have a security impact? > It would at least be good to mention, for each of these changes, why > you think it does not affect the prior model security considerations. > [ΕΗ] I am no security expert, but I agree with the security considerations of RFC 5812 and have referred that the same applies to this document. As we didn't make any major changes in the model, but simply added a few more items, namely a new event, some new properties and a way to define optional access types and complex metadata. These are constructs and do not add anything controversial to the initial model. Now in regards to the inheritance model, we didn't add something new, we simply clarified an issue that existed by introducing the version of the derived from class. However, as I said I'm no security expert (and I don't know if you're one), if a security expert could comment on this, it could be helpful. > > Nits/editorial comments: > [ΕΗ] Thank you for all the nits/editorial comments. All have been taken into account.