[bind10-dev] ACL Syntax proposal

Jelte Jansen jelte at isc.org
Mon Jun 6 06:07:49 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/04/2011 12:39 PM, Michal 'vorner' Vaner wrote:
> 
> Would someone want to have a look at how to encode it in JSON in the least
> awkward way? I'd be probably too influenced by the proposal I wrote (despite the
> effort and knowledge it would be best, it's hard to discard some ideas). Or,
> should I try it anyway?
> 

Regarding this specific part of your message, and on a more general note,
there's 3 parts here that kind of got conflated;

1. The way to specify rules
2. The way to serialize rules
3. The way to match rules

Administrators care most about 1 (for ease of use and knowing what a specific
given set of rules does), implementors care most about 3 (for efficiency, this
will be one of the most critical code paths), and both 1 and 3 are both the most
important part :)

But the discussion seems to be mostly around/caused by 2, since that is what we
use to store them and pass them around, and since the configuration part of
current bindctl is really kind of a JSON editor (and that is what 1 would be if
we 'just implement this' right now).

They are not completely disconnected; all three can cause limitations on the
other two, but we I'd prefer if we focus on 1 and 3 first, and keep those as
separated as possible; even if the intermediate JSON representation seems
awkward; it is just a representation, and we can modify both the front-end and
the parser for it. Not that we shouldn't try to make that as clean as possible,
but I thing we should not let the other two be influenced by it.

btw, 1 can even be separated into (a) way(s) to show them and (a) way(s) to set
them, but these are mostly interdependent (for instance like in a first match
approach).

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3sbrUACgkQ4nZCKsdOncUAmQCeKpetjFWT1eysiux8e0yEGITx
BAAAoNa4YiWyxosz3l6yUBzFELKYMwMm
=X4+w
-----END PGP SIGNATURE-----



More information about the bind10-dev mailing list