Take a look at the mailing list archive (gmane.org), there were a few
articles with links to a bunch of XML formats that can be used as a
basis or as an example for us. Also, I think basis this on XML should
be a requirement as well.
I think I suggested a number of XML structures for this, and I have a
pretty good feel for where I was headed with that effort, and I still
think XML is likely to be the best route. If the group feels this is
a good direction I would be willing to try and flesh out some examples
and specifications.
I quite like XML, although I know some people like Gordon really
don't like it. However the nice thing about XML is that it's widely
known, easily readable by both humans and machines and there are
existing XML parser libraries for just about every programming
language available which leaves plenty of choice for implementation.
I recommend that we create an example that shows a hypothetical
implementation and then solicit comments. We will use the comments to
refine the example (replete with comments explaining what we've done and
why). When the example stabilizes we can write a complete specification
from that.
This is sort of like watching where the grass wears out around a campus
and then pouring the sidewalks over the worn out paths.
That seems like a good way to proceed. I found some of your previous
posts on the topic. I might be tempted to haggle about the syntax of
some of the examples, but the general thing that seems to come out
of it is that we need (as a minimum):
- definitions of tests against which to match messages
- definitions of different policy enforcement actions which
can be taken for incoming messages
- a set of policy statements which map a combination of tests
onto a policy enforcement action
Obviously there will be some scope issues with each of these areas,
although I'm not yet convinced that "scopes" are first-class
objects in their own right.
Some tests and policy decisions might be considered so fundamental
that all compliant implementations are required to support them.
Others might include definitions which point to external programs
to allow extensibility.
For example, a test to see if an e-mail contains HTML Javascript
constructs might be required by the standard, whereas a test to
see if the sender's IP address is listed in a particular commercial
DNSBL might be provided by an external program.
Just an example of course, but this goes back to what you (Pete)
said back in this posting:
http://www1.ietf.org/mail-archive/working-groups/asrg/current/msg06588.html
"Some of the tests should be on the _MUST IMPLEMENT_ list for a
compliant system. Specifically those that are "well known" and
defined by this group (and the group(s) that eventually manage
and contribute to a [consent definition language])."
If we can create a few good examples then those will suggest some
of these "well known" tests and policy actions.
I'll have a think about some possible examples of my own, and we
can compare examples/syntax ideas.
Thanks
Andrew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg