--- 1/draft-ietf-netmod-yang-json-09.txt 2016-03-28 09:16:24.387264050 -0700 +++ 2/draft-ietf-netmod-yang-json-10.txt 2016-03-28 09:16:24.423264949 -0700 @@ -1,18 +1,18 @@ NETMOD Working Group L. Lhotka Internet-Draft CZ.NIC -Intended status: Standards Track March 09, 2016 -Expires: September 10, 2016 +Intended status: Standards Track March 26, 2016 +Expires: September 27, 2016 JSON Encoding of Data Modeled with YANG - draft-ietf-netmod-yang-json-09 + draft-ietf-netmod-yang-json-10 Abstract This document defines encoding rules for representing configuration data, state data, parameters of RPC operations or actions, and notifications defined using YANG as JavaScript Object Notation (JSON) text. Status of This Memo @@ -22,21 +22,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 10, 2016. + This Internet-Draft will expire on September 27, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -69,33 +69,34 @@ 6.6. The "binary" Type . . . . . . . . . . . . . . . . . . . . 12 6.7. The "leafref" Type . . . . . . . . . . . . . . . . . . . 12 6.8. The "identityref" Type . . . . . . . . . . . . . . . . . 12 6.9. The "empty" Type . . . . . . . . . . . . . . . . . . . . 13 6.10. The "union" Type . . . . . . . . . . . . . . . . . . . . 13 6.11. The "instance-identifier" Type . . . . . . . . . . . . . 14 7. I-JSON Compliance . . . . . . . . . . . . . . . . . . . . . . 14 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 15 + 10.1. Normative References . . . . . . . . . . . . . . . . . . 16 10.2. Informative References . . . . . . . . . . . . . . . . . 16 Appendix A. A Complete Example . . . . . . . . . . . . . . . . . 17 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 19 - B.1. Changes Between Revisions -08 and -09 . . . . . . . . . . 19 - B.2. Changes Between Revisions -07 and -08 . . . . . . . . . . 19 - B.3. Changes Between Revisions -06 and -07 . . . . . . . . . . 19 - B.4. Changes Between Revisions -05 and -06 . . . . . . . . . . 19 - B.5. Changes Between Revisions -04 and -05 . . . . . . . . . . 19 - B.6. Changes Between Revisions -03 and -04 . . . . . . . . . . 20 - B.7. Changes Between Revisions -02 and -03 . . . . . . . . . . 20 - B.8. Changes Between Revisions -01 and -02 . . . . . . . . . . 20 - B.9. Changes Between Revisions -00 and -01 . . . . . . . . . . 20 + B.1. Changes Between Revisions -09 and -10 . . . . . . . . . . 19 + B.2. Changes Between Revisions -08 and -09 . . . . . . . . . . 19 + B.3. Changes Between Revisions -07 and -08 . . . . . . . . . . 20 + B.4. Changes Between Revisions -06 and -07 . . . . . . . . . . 20 + B.5. Changes Between Revisions -05 and -06 . . . . . . . . . . 20 + B.6. Changes Between Revisions -04 and -05 . . . . . . . . . . 20 + B.7. Changes Between Revisions -03 and -04 . . . . . . . . . . 20 + B.8. Changes Between Revisions -02 and -03 . . . . . . . . . . 20 + B.9. Changes Between Revisions -01 and -02 . . . . . . . . . . 20 + B.10. Changes Between Revisions -00 and -01 . . . . . . . . . . 21 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 21 1. Introduction The NETCONF protocol [RFC6241] uses XML [W3C.REC-xml-20081126] for encoding data in its Content Layer. Other management protocols might want to use other encodings while still benefiting from using YANG [I-D.ietf-netmod-rfc6020bis] as the data modeling language. For example, the RESTCONF protocol [I-D.ietf-netconf-restconf] @@ -665,20 +666,27 @@ compatible with XML encoding, the base64 encoding scheme is used (Section 6.6), whilst I-JSON recommends base64url instead. 8. Security Considerations This document defines an alternative encoding for data modeled in the YANG data modeling language. As such, it doesn't contribute any new security issues beyond those discussed in sec. 16 of [I-D.ietf-netmod-rfc6020bis]. + This document defines no mechanisms for signing and encrypting data + modeled with YANG. Under normal circumstances, data security and + integrity is guaranteed by the management protocol in use, such as + NETCONF [RFC6241] or RESTCONF [I-D.ietf-netconf-restconf]. If it is + not the case, external mechanisms, such as PKCS #7 [RFC2315] or JOSE + ([RFC7515] and [RFC7516]), need to be considered. + JSON processing is rather different from XML, and JSON parsers may thus suffer from other types of vulnerabilities than their XML counterparts. To minimize these new security risks, software on the receiving side SHOULD reject all messages that do not comply to the rules of this document and reply with an appropriate error message to the sender. 9. Acknowledgments The author wishes to thank Andy Bierman, Martin Bjorklund, Dean @@ -714,37 +721,49 @@ 2014, . [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, DOI 10.17487/RFC7493, March 2015, . 10.2. Informative References [I-D.ietf-netconf-restconf] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF - Protocol", draft-ietf-netconf-restconf-09 (work in - progress), December 2015. + Protocol", draft-ietf-netconf-restconf-10 (work in + progress), March 2016. [I-D.ietf-netmod-yang-metadata] Lhotka, L., "Defining and Using Metadata with YANG", - draft-ietf-netmod-yang-metadata-04 (work in progress), - February 2016. + draft-ietf-netmod-yang-metadata-07 (work in progress), + March 2016. + + [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax + Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, + . [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010, . [RFC7223] Bjorklund, M., "A YANG Data Model for Interface Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, . + [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web + Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May + 2015, . + + [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", + RFC 7516, DOI 10.17487/RFC7516, May 2015, + . + [W3C.REC-xml-20081126] Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", World Wide Web Consortium Recommendation REC- xml-20081126, November 2008, . Appendix A. A Complete Example The JSON document shown below represents the same data as the reply @@ -844,77 +864,82 @@ } } ] } } Appendix B. Change Log RFC Editor: Remove this section upon publication as an RFC. -B.1. Changes Between Revisions -08 and -09 +B.1. Changes Between Revisions -09 and -10 + + o A sentence about signing and encrypting data was added, together + with informative references to RFCs 2315, 7515 and 7516. + +B.2. Changes Between Revisions -08 and -09 o References to RFC 6241 term in the Terminology section were added. o Prefixes in the example in Sec. 4 were changed so as to be different from node names. -B.2. Changes Between Revisions -07 and -08 +B.3. Changes Between Revisions -07 and -08 o Changed the names of example modules so that they start with "example-". -B.3. Changes Between Revisions -06 and -07 +B.4. Changes Between Revisions -06 and -07 o General permit on object members whose names start with "@". -B.4. Changes Between Revisions -05 and -06 +B.5. Changes Between Revisions -05 and -06 o More text and a new example about resolving union-type values. -B.5. Changes Between Revisions -04 and -05 +B.6. Changes Between Revisions -04 and -05 o Removed section "Validation of JSON-encoded Instance Data" and other text about XML-JSON mapping. o Added section "Properties of the JSON Encoding". -B.6. Changes Between Revisions -03 and -04 +B.7. Changes Between Revisions -03 and -04 o I-D.ietf-netmod-rfc6020bis is used as a normative reference instead of RFC 6020. o Removed noncharacters as an I-JSON issue because it doesn't exist in YANG 1.1. o Section about anydata encoding was added. o Require I-JSON for anyxml encoding. o Use ABNF for defining qualified name. -B.7. Changes Between Revisions -02 and -03 +B.8. Changes Between Revisions -02 and -03 o Namespace encoding is defined without using RFC 2119 keywords. o Specification for anyxml nodes was extended and clarified. o Text about ordering of list entries was corrected. -B.8. Changes Between Revisions -01 and -02 +B.9. Changes Between Revisions -01 and -02 o Encoding of namespaces in instance-identifiers was changed. o Text specifying the order of array elements in leaf-list and list instances was added. -B.9. Changes Between Revisions -00 and -01 +B.10. Changes Between Revisions -00 and -01 o Metadata encoding was moved to a separate I-D, draft-lhotka- netmod-yang-metadata. o JSON encoding is now defined directly rather than via XML-JSON mapping. o The rules for namespace encoding has changed. This affect both node instance names and instance-identifiers.