| RFC 9595 | YANG Schema Item iDentifier (YANG SID) | July 2024 |
| Veillette, et al. | Standards Track | [Page] |
YANG Schema Item iDentifiers (YANG SIDs) are globally unique 63-bit unsigned integers used to identify YANG items. SIDs provide a more compact method for identifying those YANG items that can be used efficiently, notably in constrained environments (RFC 7228).This document defines the semantics, registration processes, and assignment processes for YANG SIDs for IETF-managed YANG modules.To enable the implementation of these processes, this document also defines a file format used to persist and publish assigned YANG SIDs.¶
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttps://www.rfc-editor.org/info/rfc9595.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Some of the items defined in YANG[RFC7950] require the use of aunique identifier.In both the Network Configuration Protocol (NETCONF)[RFC6241] and RESTCONF[RFC8040], these identifiers are implemented using names.To allow the implementation of data models defined in YANG in constrained devices[RFC7228] and constrained networks, a more compact method to identify YANG items is required.This compact identifier, called the YANG Schema Item iDentifier or YANG SID (or simply SID in this document and when the context is clear), is encoded using a 63-bit unsigned integer.The limitation to 63-bit unsigned integers allows SIDs to be manipulated more easily on platforms that might otherwise lack 64-bit unsigned arithmetic.The loss of a single bit of range is not significant, given the size of the remaining space.¶
The following items are identified using SIDs:¶
identities¶
data nodes (note: including those nodes defined by the'rc:yang-data' extension[RFC8040] and the 'sx:structure' extension[RFC8791])¶
remote procedure calls (RPCs) and associated input(s) and output(s)¶
actions and associated input(s) and output(s)¶
notifications and associated information¶
YANG modules and features¶
It is possible that some protocols will use only a subset of the assigned SIDs; forexample, for protocols other than NETCONF[RFC6241] that provide access to YANG-modeled data, such as[CORE-COMI], thetransport of YANG module SIDs might be unnecessary. Other protocolsmight need to be able to transport this information -- for example, protocolsrelated to discovery such as the Constrained YANG Module Library[YANG-LIBRARY].¶
SIDs are globally unique integers. A registration system is used in order toguarantee their uniqueness. SIDs are registered in blocks called "SID ranges".Once they are considered "stable", SIDs are assigned permanently.Items introduced by a new revision of a YANGmodule are added to the list of SIDs already assigned.This is discussed in more detail inSection 2.¶
The assignment of SIDs to YANG items is usually automated asdiscussed inAppendix B, which also discusses some caseswhere manual interventions may be appropriate.¶
Section 3 provides more details about the registration processes for YANGmodules and associated SIDs. To enable the implementation of these processes,Section 4 defines a standard file format used to store and publishSIDs.¶
IETF-managed YANG modules that need to allocate SIDs will use the IANA mechanisms specified in this document.SeeSection 6 for details.YANG modules created by other parties allocate SID ranges using the IANA allocation mechanisms via Mega-Ranges (seeSection 6.3); within the Mega-Range allocation, those other parties are free to make up their own mechanism.¶
Among other uses, YANG SIDs are particularly useful for obtaining acompact encoding for YANG-CBOR[RFC9254].At the time of writing, a tool for automated ".sid" file generation isavailable as part of the open-source project PYANG[PYANG].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in[BCP14] (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here.¶
The following terms are defined in[RFC7950]:¶
This specification also makes use of the following terminology:¶
The overriding objective of the SID assignment and registration system is toensure global interoperability of protocols that employ SIDs in orderto communicate about data modeled in YANG.This objective poses certain requirements on the stability of SIDswhile at the same time not hindering active evolution of the YANGmodules the SIDs are intended to support.¶
Additional objectives include:¶
enabling the developer of a YANG module to also be the originatingentity for the SIDs pertaining to that module.¶
making it easy for YANG developers to obtain SIDs.¶
enabling other developers to define SIDs for a module where thedeveloper of the module is not interested in assigning the SIDs.¶
keeping an assignment regime that keeps short SIDs (2..4 bytes)readily available for the applications that would benefit from themwhile at the same time employing the vast 63-bit SID space tofacilitate permissionless actions.¶
enabling multiple entities to provide services that support theassignment of SIDs.¶
maintaining some locality in the assignment of SIDs so theefficiencies of the SID delta mechanism can be fully employed.¶
enabling various software components to operate in terms of SIDswithout having complete information about other parties in thecommunication process.¶
While IANA ultimately maintains the registries that govern SIDs forIETF-defined modules, various support tools (such as, at the time ofwriting, the YANG Catalog[yangcatalog])need to provide the support to enable SID assignment and use formodules still in IETF development. Developers of open-source orproprietary YANG modules also need to be able to serve as suchentities autonomously, possibly forming alliances independent of theIETF, while still fitting in the overall SID number space managed byIANA. Obviously, this process has a number of parallels to themanagement of IP addresses but is also very different.¶
As discussed inthe Introduction, SIDs are intended as globally unique(unsigned) integers.¶
Specifically, this means that:¶
Any 63-bit unsigned integer either (1) is unassigned as a SID or (2) immutably maps to EXACTLY one YANG name.Only the transition from unassigned to that immutable mapping isdefined.¶
This enables a recipient of a data structure employing SIDs totranslate them into the globally meaningful YANG names that theexisting encodings of YANG data such as YANG-XML[RFC7950] andYANG-JSON[RFC7951] employ today.¶
The term "YANG name" is not defined outside this document, and YANG hasa complex system of names and entities that can have those names.Instead of defining the term technically, this set of objectives usesit in such a way that the overall objectives of YANG SID can beachieved.¶
A desirable objective is that:¶
Any YANG name in active use has one SID assigned.¶
This means that:¶
There should not be YANG names without SIDs assigned.¶
YANG names should not have multiple SIDs assigned.¶
These objectives are unattainable in full, because YANG names are notnecessarily born with a SID assignment and because entirely autonomousentities might decide to assign SIDs for the same YANG name withoutcommunicating ("like ships in the night").Note that as long as this autonomy is maintained, any single observerwill have the impression that Objective 2 is attained.Only when entities that have acted autonomously start communicating will adeviation be observed.¶
YANG modules evolve (seeSection 11 of [RFC7950] andSection 4.27 of RFC 8407[BCP216]).The technical objectives listed above are stated in terms that areindependent of this evolution.¶
However, some modules are still in a very fluid state, and theassignment of permanent SIDs to the YANG names created in them is lessdesirable. This is true not only for new modules but also foremerging new revisions of existing stable modules.¶
The SID management system is independent of any module versioning.¶
A registration system is used in order to guarantee the uniqueness ofSIDs.To be able to provide some autonomy in allocation (and avoidinformation disclosure where it is not desirable), SIDs are registeredin blocks called "SID ranges".¶
SIDs are assigned permanently.¶
Items introduced by a new revision of a YANGmodule are added to the list of SIDs already assigned.¶
In the YANG development process, we can discern a number of partiesthat are concerned with a YANG module:¶
The owner of the YANG module, i.e., the controllerof the module's evolution.¶
The controller of the module namespace, specifically also of theprefixes that are in common use. (This is not a required party.)¶
An entity that supplies modules to module users. This can be an"official" entity (e.g., IANA for IETF modules) or an "unofficial" entity (e.g., theYANG Catalog[yangcatalog]). Not all repositories are in a position to act asa registry, i.e., as a permanent record for the information theysupply; these repositories need to recur to module owners as astable source.¶
An entity that uses a module, after obtaining it from the modulecontroller or a module repository.¶
This set of parties needs to evolve to take on the additional rolesthat the SID assignment process requires:¶
An entity that assigns SIDs for a module. Objective 2 aims athaving only one SID assigner for each module. SID assignerspreferably stay the same over a module development process; however,this specification provides ".sid" files to ensure an organized handover.¶
An entity that supplies a SID assigner with SID ranges that it canuse in assigning SIDs for a module. (In this specification, thereis a structure with Mega-Ranges and individual SID ranges; this isnot relevant here.)¶
An entity that supplies SID assignments to SID users, usually in theform of a ".sid" file.¶
The module user that uses the SIDs provided by a SID assigner for a YANGmodule. SID users need to find SID assigners (or at least their SIDassignments).¶
As the use of SIDs with YANG data models is introduced, the distribution of the SID roles tothe existing parties for a YANG module will evolve.¶
The desirable end state of this evolution is shown inTable 1.¶
| Role | Party |
|---|---|
| SID assigner | module developer |
| SID range registry | (as discussed in this specification) |
| SID repository | module repository |
| SID user | module user (naturally) |
This grouping of roles and parties puts the module developer in aposition where it can achieve the objectives laid out in this section(a "type-1", "SID-guiding" module controller).(While a third party might theoretically assign additional SIDs andconflict with Objective 2, there is very little reason to do so if ".sid"files are always provided by the module developer with the module.)¶
The rest of this section is concerned with the transition to this endstate.¶
For existing modules, there is no ".sid" file. The entity that stands inas the SID assigner is not specified. This situation has the highestpotential for conflict with Objective 2.¶
Similarly, for new module development, the module owner may not haveheard about SIDs or may not be interested in assigning them (e.g., becauseof lack of software or procedures within their organization).¶
For these two cases (which we will collectively call "type-3", "SID-oblivious" modulecontroller), module repositories can act as a mediator, giving SIDusers access to a SID assigner that is carefully chosen to be a likelychoice by other module repositories as well, maximizing the likelihoodof achieving Objective 2.¶
If a module controller has heard about SIDs but is not assigningthem yet, it can designate a SID assigner instead. This can lead to astable, unique set of SID assignments being provided indirectly by a("type-2", "SID-aware") module developer. Entities offering designatedSID assigner services could make these available in an easy-to-useway, e.g., via a web interface.¶
The entity acting as a SID assigner minimally needs to record the SIDrange it uses for the SID assignment. If the SID range registry employed canrecord the module name and revision and if the assignment processes(including the software used) are stable, the SID assigner cantheoretically reconstruct its assignments, but this could inviteimplementation bugs.¶
SID assigners attending to a module in development (not yet stable)need to decide whether SIDs for a new revision are reassigned fromscratch ("clean slate") or use existing assignments from a previousrevision as a base, only assigning new SIDs for new names.Once a module is declared stable, its SID assignmentsSHOULD bedeclared stable as well (except that, for existing YANGmodules, some review may be needed before this is done).¶
This specification does not further discuss how mediating entitiessuch as designated SID assigners or SID repositories could operate;instead, it supplies objectives for their operation.¶
YANG is a language designed to model data accessed using one of the compatibleprotocols (e.g., NETCONF[RFC6241], RESTCONF[RFC8040], and the CoAP Management Interface (CORECONF)[CORE-COMI]). AYANG module defines hierarchies of data, including configuration, state data,RPCs, actions, and notifications.¶
Many YANG modules are not created in the context of constrainedapplications. YANG modules can be implemented using NETCONF[RFC6241] orRESTCONF[RFC8040] without the need to assign SIDs.¶
As needed, authors of YANG modules can assign SIDs to their YANG modules. Inorder to do that, they should first obtain a SID range from a registry and usethat range to assign or generate SIDs to items in their YANG module. Theassignments can then be stored in a ".sid" file. For anexample of how this could be achieved, please refer toAppendix C.¶
Items introduced by a new revision of a YANG module are added to the list of SIDs already assigned.When this is done during the development of a new protocol document, it may be necessary to make provisional assignments.They may get changed, revised, or withdrawn during the development of a new standard.These provisional assignments are marked with a status of "unstable",so that they can be removed and the SID number possibly reassignedfor a different YANG schema name/path later in the development process.When the specification is advanced to a final document,the assignment is marked with a status of "stable".During a period of development starting from a publishedspecification, two variants of the ".sid" file shouldbe made available by the tooling involved in that development: (1) a"published" ".sid" file with the existing stable SID assignments only(which the development effort should keep stable), aswell as (2) an "unpublished" ".sid" file that also contains the unstableSID assignments.¶
Registration of the ".sid" file associated with a YANG module is optional butrecommended; doing so will promote interoperability between devices and avoid duplicateallocation of SIDs to a single YANG module. Different registries might havedifferent requirements for the registration and publication of the ".sid"files. For a diagram of one possible scenario, please refer to the activitydiagram shown inFigure 4 inAppendix C.¶
Each time a YANG module, one or more of its imported modules, or one or more of its includedsubmodules are updated, a new ".sid" fileMAY be created if the new orupdated items will need SIDs. All the SIDs present in a previous version ofthe ".sid" file that was in active useMUST be present in the new version as well. The creation ofthis new version of the ".sid" fileSHOULD be performed using an automatedtool.¶
If a new revision requires more SIDs than initially allocated, a new SID rangeMUST be added to the 'assignment-range' item as defined inSection 4.These extra SIDs are used for subsequent assignments.¶
For an example of this update process, see the activity diagram shown inFigure 5 inAppendix C.¶
".sid" files are used to persist and publish SIDs assigned to the differentYANG items in a specific YANG module.¶
The following tree diagram[BCP215] provides an overview of the data model:¶
module: ietf-sid-file structure sid-file: +-- module-name yang:yang-identifier +-- module-revision? revision-identifier +-- sid-file-version? sid-file-version-identifier +-- sid-file-status? enumeration +-- description? string +-- dependency-revision* [module-name] | +-- module-name yang:yang-identifier | +-- module-revision revision-identifier +-- assignment-range* [entry-point] | +-- entry-point sid | +-- size uint64 +-- item* [namespace identifier] +-- status? enumeration +-- namespace enumeration +-- identifier union +-- sid sid
The following YANG module defines the structure of ".sid" files. Encoding isperformed in JSON[STD90] using the rules defined in[RFC7951].This module imports 'ietf-yang-types'[RFC6991] and 'ietf-yang-structure-ext'[RFC8791]. It also references[STD68],[RFC7950], and[BCP216].¶
<CODE BEGINS> file "ietf-sid-file@2024-07-31.yang"module ietf-sid-file { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-sid-file"; prefix sid; import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-yang-structure-ext { prefix sx; reference "RFC 8791: YANG Data Structure Extensions"; } organization "IETF CORE Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/core/> WG List: <mailto:core@ietf.org> Editor: Michel Veillette <mailto:michel.veillette@trilliant.com> Editor: Andy Bierman <mailto:andy@yumaworks.com> Editor: Alexander Pelov <mailto:alexander.pelov@imt-atlantique.fr> Editor: Ivaylo Petrov <mailto:ivaylopetrov@google.com>"; description "This module defines the structure of the '.sid' files. Each '.sid' file contains the mapping between each string identifier defined by a YANG module and a corresponding numeric value called a YANG SID. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 9595; see the RFC itself for full legal notices."; revision 2024-07-31 { description "Initial revision."; reference "RFC 9595: YANG Schema Item iDentifier (YANG SID)"; } typedef revision-identifier { type string { pattern '[0-9]{4}-[0-9]{2}-[0-9]{2}'; } description "Represents a date in YYYY-MM-DD format."; } typedef sid-file-version-identifier { type uint32; description "Represents the version of a '.sid' file."; } typedef sid { type uint64 { range "0..9223372036854775807"; } description "YANG Schema Item iDentifier."; reference "RFC 9595: YANG Schema Item iDentifier (YANG SID)"; } typedef schema-node-path { type string { pattern '/[a-zA-Z_][a-zA-Z0-9\-_.]*:[a-zA-Z_][a-zA-Z0-9\-_.]*' + '(/[a-zA-Z_][a-zA-Z0-9\-_.]*(:[a-zA-Z_][a-zA-Z0-9\-_.]*)?)*'; } description "A schema-node path is an absolute YANG schema-node identifier as defined by the YANG ABNF rule 'absolute-schema-nodeid', except that module names are used instead of prefixes. This string additionally follows the following rules: - The leftmost (top-level) data node name is always in the namespace-qualified form. - Any subsequent schema-node name is in the namespace-qualified form if the node is defined in a module other than its parent node. Otherwise, the simple form is used. No predicates are allowed."; reference "RFC 5234 (STD 68): Augmented BNF for Syntax Specifications: ABNF RFC 7950: The YANG 1.1 Data Modeling Language, Section 6.5: Schema Node Identifier"; } sx:structure sid-file { uses sid-file-contents; } grouping sid-file { description "A grouping that contains a YANG container representing the file structure of a '.sid' file."; container sid-file { description "A wrapper container that together with the 'sx:structure' extension marks the YANG data structures inside as not being intended to be implemented as part of a configuration datastore or as an operational state within the server."; uses sid-file-contents; } } grouping sid-file-contents { description "A grouping that defines the contents of a container that represents the file structure of a '.sid' file."; leaf module-name { type yang:yang-identifier; mandatory true; description "Name of the YANG module associated with this '.sid' file."; } leaf module-revision { type revision-identifier; description "Revision of the YANG module associated with this '.sid' file. This leaf is not present if no revision statement is defined in the YANG module."; } leaf sid-file-version { type sid-file-version-identifier; default 0; description "Optional leaf that specifies the version number of the '.sid' file. '.sid' files and the version sequence are specific to a given YANG module revision. This number starts at zero when there is a new YANG module revision and increases monotonically. This number can distinguish updates to the '.sid' file - for instance, as the result of new processing or reported errata."; } leaf sid-file-status { type enumeration { enum unpublished { description "This '.sid' file is unpublished (BCP 216) and is also called a work-in-progress or workfile. This may be when it accompanies an unpublished YANG module or when only the '.sid' file itself is unpublished. The 'item' list MAY contain entries with a status value of 'unstable'."; reference "RFC 8407 (BCP 216): Guidelines for Authors and Reviewers of Documents Containing YANG Data Models"; } enum published { description "This '.sid' file is published. This status applies to '.sid' files for published YANG modules. The 'item' list MUST NOT contain entries with a status value of 'unstable'."; } } default "published"; description "Optional leaf that specifies the status of the '.sid' file."; } leaf description { type string; description "Free-form meta-information about the generated file. It might include a '.sid' file generation tool and time, among other things."; } list dependency-revision { key "module-name"; description "Information about the revision used during the '.sid' file generation of each dependency, i.e., each YANG module that the YANG module associated with this '.sid' file imported."; leaf module-name { type yang:yang-identifier; description "YANG module name of this dependency."; } leaf module-revision { type revision-identifier; mandatory true; description "Revision of the YANG module of this dependency."; } } list assignment-range { key "entry-point"; description "YANG-SID Range(s) allocated to the YANG module identified by 'module-name' and 'module-revision'. - The first available value in the YANG-SID Range is 'entry-point', and the last available value in the range is ('entry-point' + size - 1). - The YANG-SID Ranges specified by all 'assignment-range' entries MUST NOT overlap."; leaf entry-point { type sid; description "Lowest YANG SID available for assignment."; } leaf size { type uint64; mandatory true; description "Number of YANG SIDs available for assignment."; } } list item { key "namespace identifier"; unique "sid"; description "Each entry within this list defines the mapping between a YANG item string identifier and a YANG SID. This list MUST include a mapping entry for each YANG item defined by the YANG module identified by 'module-name' and 'module-revision'."; leaf status { type enumeration { enum stable { value 0; description "This SID allocation has been published as the stable allocation for the given namespace and identifier."; } enum unstable { value 1; description "This SID allocation has been done during a development process; it is not yet stable."; } enum obsolete { value 2; description "This SID allocation is no longer in use. It is recorded to avoid reallocation of its SID value."; } } default "stable"; description "The status field contains information about the stability of the allocation. For each specific SID value, over time it can only transition from 'unstable' to 'stable', and possibly from 'stable' to 'obsolete'."; } leaf namespace { type enumeration { enum module { value 0; description "All module and submodule names share the same global module identifier namespace."; } enum identity { value 1; description "All identity names defined in a module and its submodules share the same identity identifier namespace."; } enum feature { value 2; description "All feature names defined in a module and its submodules share the same feature identifier namespace."; } enum data { value 3; description "The namespace for all data nodes, as defined in YANG."; } } description "Namespace of the YANG item for this mapping entry."; } leaf identifier { type union { type yang:yang-identifier; type schema-node-path; } description "String identifier of the YANG item for this mapping entry. If the corresponding 'namespace' field is 'module', 'feature', or 'identity', then this field MUST contain a valid YANG identifier string. If the corresponding 'namespace' field is 'data', then this field MUST contain a valid schema-node path."; } leaf sid { type sid; mandatory true; description "YANG SID assigned to the YANG item for this mapping entry."; } } }}<CODE ENDS>This document defines a new type of identifier used to encode data that are modeled in YANG[RFC7950].This new identifier maps semantic concepts to integers, and if thesource of this mapping is not trusted, then new security risks mightoccur if an attacker can control the mapping.¶
At the time of writing, it is expected that the ".sid" files will beprocessed by a software developer, within a software developmentenvironment. Developers are advised to only import ".sid" files fromauthoritative sources. IANA is the authoritative source for IETF-managedYANG modules.¶
Conceptually, ".sid" files could be processed by less-constrained targetsystems such as network management systems. Such systems need to takeextra care to make sure that they are only processing ".sid" files fromauthoritative sources that are as authoritative as the YANG modules that theyare using.¶
".sid" files are identified with and can employdereferenceableidentifiers, i.e., identifiers that could lead implementations incertain situations to automatically perform remote access, the targetof which is indicated at least partially by those identifiers.This can give an attacker information from and/or control over suchaccesses, which can have security and privacy implications.Please also see Sections6 and7 of[DEREF-ID]for further considerations that may be applicable.¶
This document registers the following XML namespace URN in the "IETF XMLRegistry", following the format defined in[BCP81]:¶
This document registers one YANG module in the "YANG Module Names" registry[RFC6020]:¶
The name of this registry is "YANG-SID Mega-Ranges". This registry is used to record the delegation of the management of a block of SIDs to a third party (such as Standards Development Organizations (SDOs) or registrars).¶
Each entry in this registry must include:¶
The entry point (first SID) of the registered SID block.¶
The size of the registered SID block.The sizeSHOULD be one million (1,000,000) SIDs,but in exceptional cases,itMAY be a multiple of 1,000,000.¶
The policy of SID range allocations: Public, Private, or both.¶
The contact information of the requesting organization, including the following:¶
The IANA policy for future additions to this registry is "Expert Review" (Section 4.5 of RFC 8126[BCP26]).¶
An organization requesting to manage a YANG-SID Range (and thus have an entry in the "YANG-SID Mega-Ranges" registry) must ensure the following capacities:¶
The capacity to manage and operate a registry of YANG-SID Ranges. A registry of YANG-SID RangesMUST provide the following information for all YANG-SID Ranges allocated by the registry:¶
The entry point of the allocated YANG-SID Range.¶
The size of the allocated YANG-SID Range.¶
Type: Public or Private.¶
Public rangesMUST include at least a reference to the YANG module and ".sid" files for that YANG-SID Range (e.g., seeSection 6.4.3 as an example for how this is handled for the "IETF YANG-SID Ranges" registry).¶
Private rangesMUST be marked as "Private".¶
A policy of allocation, which clearly identifies whether the YANG-SID Range allocations would be Private, Public, or both.¶
Technical capacity to provide or refer to ".sid" files in a way thatmeets the security objective of data integrity for these files (seealsoSection 5).¶
Technical capacity to ensure the sustained operation of the registry for a period of at least 5 years. If registrations in the Private category are allowed, the period must be at least 10 years.¶
If a size of the allocation beyond 1,000,000 is desired, theorganization must demonstrate the sustainability of the technicalapproach for utilizing this size of allocation and how it does notnegatively impact the overall usability of the SID allocationmechanisms; such allocations are preferably placed in the space above4,295,000,000 (64-bit space).¶
For a first allocation to be provided, the requesting organization must demonstrate a functional registry infrastructure.¶
On one or more subsequent allocation requests, the organization must demonstrate theexhaustion of the prior range. These conditions need to be asserted by theassigned expert(s).¶
If such a request for an additional allocation is made within 3 years of the last allocation, theexperts need to discuss this request on the CORE Working Group mailing list andconsensus needs to be obtained before allocating a new Mega-Range.¶
This registry contains the following initial entry:¶
| Entry Point | Size | Allocation | Organization Name | URL |
|---|---|---|---|---|
| 0 | 1,000,000 | Public | IANA | <https://www.iana.org/> |
The name of this registry is "IETF YANG-SID Ranges". This registry is used to record information related to the assignment of SID Ranges (e.g., entry point and size) to YANG modules identified by module name.¶
The first million SIDs assigned to IANA are subdivided as follows:¶
The range of 0 to 999 (size 1,000) is subject to "IESG Approval" as defined in Section 4.10 of RFC 8126[BCP26]; of these, SID value 0 has been reserved for implementations to internally signify the absence of a SID number and does not occur in interchange.¶
The ranges of 1,000 to 59,999 (size 59,000) and 100,000 to 299,999 (size 200,000) are designated for YANG modules defined in RFCs.¶
The range of 60,000 to 99,999 (size 40,000) is reserved for experimental YANG modules. This rangeMUST NOT be used in operational deployments, since these SIDs are not globally unique and their interoperability is therefore limited. The IANA policy for this range is "Experimental Use" (Section 4.2 of RFC 8126[BCP26]).¶
The range of 300,000 to 999,999 (size 700,000) is "Reserved" as defined in Section 6 of RFC 8126[BCP26].¶
| Entry Point | Size | IANA Policy |
|---|---|---|
| 0 | 1,000 | IESG Approval |
| 1,000 | 59,000 | RFC and Expert Review Required (see item 2 above) |
| 60,000 | 40,000 | Reserved for Experimental Use |
| 100,000 | 200,000 | RFC and Expert Review Required (see item 2 above) |
| 300,000 | 700,000 | Reserved |
The size of the SID range allocated for a YANG module is recommended to be a multiple of 50 and to be at least 33% above the current number of YANG items. This headroom allows assignments within the same range of new YANG items introduced by subsequent revisions. The SID range sizeSHOULD NOT exceed 1,000; a larger size may be requested by the authors if this recommendation is considered insufficient. It is important to note that an additional SID range can be allocated to an existing YANG module if the initial range is exhausted; this then just leads to a slightly less efficient representation.¶
If a SID range is allocated for an existing RFC through the "ExpertReview" policy (Section 4.5 of RFC 8126[BCP26]), the Reference field for the given allocation shouldpoint to the RFC that the YANG module is defined in.¶
If a SID range is required before publishing the RFC due toimplementations needing stable SID values, Early Allocation as defined in[BCP100] can be employed for the "RFC Required" range (Section 2 of RFC 7120[BCP100]).¶
During an RFC's publication process, IANA contacts the designated expert team("the team"), who are responsible for delivering a final ".sid" file foreach module defined by the RFC.For a type-3 developer (SID-oblivious; seeSection 2.4), the teamcreates a new ".sid" file from each YANG module; see below.For a type-2 (SID-aware) developer, the team first obtains the existing draft ".sid"file from a stable reference in the approved draft; for a type-1 (SID-guiding)developer, the team extracts the ".sid" file from the approved draft.¶
The team uses a tool to generate a final ".sid" file from each YANGmodule; the final ".sid" file has all SID assignments set to "stable" andthe ".sid" file status set to "published".A published ".sid" fileMUST NOT contain SID assignments with astatus of "unstable".¶
For the cases other than type-3 (SID-oblivious), the team feeds the existing draft ".sid"file as an input ("reference ".sid" file") to the tool so that the changes resulting fromregeneration are minimal.For YANG modules that are revisions of previously published modules,any existing published ".sid" file needs to serve as a reference ".sid" filefor the tool, during generation of either the revised draft ".sid" file (type-1,type-2) or the final ".sid" file (type-3).¶
In any case, the team checks the generated file, including checking forvalidity as a ".sid" file, for consistency with the SID rangeallocations, for full coverage of the YANG items in the YANG module, andfor the best achievable consistency with the existing draft ".sid" file.¶
The designated experts then give the ".sid" file to IANA to publish inthe "IETF YANG-SID Modules" registry (Section 6.5) along with the YANGmodule.¶
The ".sid" fileMUST NOT be published as part of the RFC: the IANAregistry is authoritative, and a link to it is to be inserted in the RFC.(Note that the present RFC is an exception to this rule, as the ".sid"file also serves as an example for exposition.)Internet-Drafts that need SIDs assigned to their new modules for use in the textof the document, e.g., for examples, need to alert the RFC Editor inthe draft text that this is the case.Such RFCs cannot be produced by type-3 (SID-oblivious) developers:the SIDs used in the text need to be assigned in the existing draft".sid" file, and the designated expert team needs to check that theassignments in the final ".sid" file are consistent with the usage in theRFC text or that the approved draft text is changed appropriately.¶
Initial entries in this registry are as follows:¶
| Entry Point | Size | Module Name | Reference |
|---|---|---|---|
| 0 | 1 | (Reserved: not a valid SID) | RFC 9595 |
| 1,000 | 100 | ietf-coreconf | RFC 9595,[CORE-COMI] |
| 1,100 | 50 | ietf-yang-types | [RFC6991] |
| 1,150 | 50 | ietf-inet-types | [RFC6991] |
| 1,200 | 50 | iana-crypt-hash | [RFC7317] |
| 1,250 | 50 | ietf-netconf-acm | [STD91] |
| 1,300 | 50 | ietf-sid-file | RFC 9595 |
| 1,500 | 100 | ietf-interfaces | [RFC8343] |
| 1,600 | 100 | ietf-ip | [RFC8344] |
| 1,700 | 100 | ietf-system | [RFC7317] |
| 1,800 | 400 | iana-if-type | [RFC7224] |
For allocation, RFC publication of the YANG module is required as per the "RFC Required" policy defined in Section 4.7 of RFC 8126[BCP26]. The YANG module must be registered in the "YANG Module Names" registry according to the rules specified inSection 14 of [RFC6020].¶
The name of this registry is "IETF YANG-SID Modules". This registry is used torecord the allocation of SIDs for individual YANG module items.¶
Each entry in this registry must include:¶
The YANG module name. This module name must be present in the "Name" column of the "YANG Module Names" registry.¶
A URI for the associated ".yang" file. This file link must be present in the "File" column of the "YANG Module Names" registry.¶
The URI for the ".sid" file that defines the allocation. The ".sid" file is stored by IANA.¶
The number of actually allocated SIDs in the ".sid" file.¶
The allocation policy is "Expert Review" (Section 4.5 of RFC 8126[BCP26]). The expertMUST ensure that the following conditions are met:¶
The ".sid" file has a valid structure:¶
The ".sid" fileMUST be a valid JSON file following the structure of themodule defined in this document.¶
The ".sid" file allocates individual SIDs ONLY in the YANG-SID Ranges for thisYANG module (as allocated in the "IETF YANG-SID Ranges" registry):¶
All SIDs in this ".sid" fileMUST be within the ranges allocated to thisYANG module in the "IETF YANG-SID Ranges" registry.¶
If another ".sid" file has already allocated SIDs for this YANG module (e.g.,for older or newer versions of the YANG module), the YANG items are assignedthe same SIDs as those in the other ".sid" file.¶
If there is an older version of the ".sid" file, all allocated SIDs from thatversion are still present in the current version of the ".sid" file.¶
Due to the difficulty in changing SID values during IETF document processing,it is expected that most documents will ask for SID range allocations using EarlyAllocations[BCP100]. The details of the Early Allocation to berequested, including the timeline envisioned, should be includedin any working group adoption call. Prior to working group adoption, anInternet-Draft author can use the experimental SID range (as perSection 6.4.2) for their SID allocations orother values that do not create ambiguity with other SID uses (for example,they can use ranges and SIDs registered in a non-IANA-managed registry that is based on a YANG-SID Mega-Range assignment).¶
After working group adoption, any modification of a ".sid" file is expected to bediscussed on the mailing lists of the appropriate working groups. Specificattention should be paid to implementers' opinions after Working Group Last Callif a SID value is to change its meaning. In all cases, a ".sid" file and the SIDsassociated with it are subject to change before the publication of anInternet-Draft as an RFC.¶
As the concept of SIDs is first used, many existing, previously published YANG moduleswill not have SID allocations. For an allocation to be useful, the includedYANG modules may also need to have SID allocations made, in a processthat will generally be analogous to that inSection 6.4.3 for the type-3 (SID-oblivious) case.¶
The expert reviewer who performs the (Early) Allocation analysis will need togo through the list of included YANG modules and perform SID allocations forthose modules as well.¶
If the document is a published RFC, then the allocation of SIDs for itsreferenced YANG modules is permanent. The expert reviewer provides thegenerated ".sid" file to IANA for registration.¶
If the document is an unprocessed Internet-Draft adopted in a working group, then anEarly Allocation is performed for this document as well. Early Allocationsrequire approval by an IESG area director. An Early Allocation thatrequires additional allocations will list the other allocations in itsdescription and will be cross-posted to the mailing lists of anyother working groups concerned.¶
A YANG module that references a module in a document that has not yet beenadopted by any working group will be unable to perform an Early Allocationfor that other document until it is adopted by a working group. As describedin Section 3 of RFC 7120[BCP100], a shepherding AD will stand in for the working group chairs if the document is not the product of an IETF working group, effectively allowing the AD to exempt a document from this policy.¶
At the end of the IETF process, all the dependencies of a given module for whichSIDs are assigned should also have SIDs assigned. Those dependencies'assignments should be permanent (not Early Allocation).¶
A previously SID-allocated YANG module that changes its references to includea YANG module for which there is no SID allocation needs to repeat the EarlyAllocation process.¶
[BCP100] defines a time limit for the validity of Early Allocations,after which they expire unless they are renewed. Section 3.3 of RFC 7120[BCP100] also says:¶
Note that if a document is submitted for review to the IESG, and at the time of submission some Early Allocations are valid (not expired), these allocations must not be considered to have expired while the document is under IESG consideration or is awaiting publication in the RFC Editor's queue after approval by the IESG.¶
At the time of writing, this registry does not contain any entries.¶
This document adds the following media type to the "Media Types" registry.¶
| Name | Template | Reference |
|---|---|---|
| yang-sid+json | application/yang-sid+json | RFC 9595 |
application¶
yang-sid+json¶
N/A¶
N/A¶
binary (UTF-8)¶
RFC 9595¶
Applications that need to obtain YANG SIDs to interchangeYANG-modeled data in a concise and efficient representation.¶
The syntax and semantics of fragment identifiers specified for "application/yang-sid+json" is as specified for "application/json". (At publication of this document, there is no fragment identification syntax defined for "application/json".)¶
CORE WG mailing list (core@ietf.org)or IETF Applications and Real-Time Area (art@ietf.org)¶
COMMON¶
none¶
IETF¶
This document adds the following Content-Format to the "CoAP Content-Formats" registrywithin the "Constrained RESTful Environments (CoRE) Parameters" group ofregistries, where 260 has been assigned from the "IETF Review" (256-9,999) range (see Section 4.8 of RFC 8126[BCP26]).¶
| Content Type | Content Coding | ID | Reference |
|---|---|---|---|
| application/yang-sid+json | - | 260 | RFC 9595 |
The following ".sid" file ('ietf-system@2014-08-06.sid') has been generated using the following YANG modules:¶
For purposes of exposition, per[RFC8792], line breaks have been introduced below insome JSON strings that represent overly long identifiers.¶
=============== NOTE: '\' line wrapping per RFC 8792 ================{ "ietf-sid-file:sid-file": { "module-name": "ietf-system", "module-revision": "2014-08-06", "description": "Example '.sid' file", "dependency-revision": [ { "module-name": "ietf-yang-types", "module-revision": "2013-07-15" }, { "module-name": "ietf-inet-types", "module-revision": "2013-07-15" }, { "module-name": "ietf-netconf-acm", "module-revision": "2018-02-14" }, { "module-name": "iana-crypt-hash", "module-revision": "2014-08-06" } ], "assignment-range": [ { "entry-point": "1700", "size": "100" } ], "item": [ { "namespace": "module", "identifier": "ietf-system", "sid": "1700" }, { "namespace": "identity", "identifier": "authentication-method", "sid": "1701" }, { "namespace": "identity", "identifier": "local-users", "sid": "1702" }, { "namespace": "identity", "identifier": "radius", "sid": "1703" }, { "namespace": "identity", "identifier": "radius-authentication-type", "sid": "1704" }, { "namespace": "identity", "identifier": "radius-chap", "sid": "1705" }, { "namespace": "identity", "identifier": "radius-pap", "sid": "1706" }, { "namespace": "feature", "identifier": "authentication", "sid": "1707" }, { "namespace": "feature", "identifier": "dns-udp-tcp-port", "sid": "1708" }, { "namespace": "feature", "identifier": "local-users", "sid": "1709" }, { "namespace": "feature", "identifier": "ntp", "sid": "1710" }, { "namespace": "feature", "identifier": "ntp-udp-port", "sid": "1711" }, { "namespace": "feature", "identifier": "radius", "sid": "1712" }, { "namespace": "feature", "identifier": "radius-authentication", "sid": "1713" }, { "namespace": "feature", "identifier": "timezone-name", "sid": "1714" }, { "namespace": "data", "identifier": "/ietf-system:set-current-datetime", "sid": "1715" }, { "namespace": "data", "identifier": "/ietf-system:set-current-datetime/input", "sid": "1775" }, { "namespace": "data", "identifier": "/ietf-system:set-current-datetime/input/\ current-datetime", "sid": "1776" }, { "namespace": "data", "identifier": "/ietf-system:system", "sid": "1717" }, { "namespace": "data", "identifier": "/ietf-system:system-restart", "sid": "1718" }, { "namespace": "data", "identifier": "/ietf-system:system-shutdown", "sid": "1719" }, { "namespace": "data", "identifier": "/ietf-system:system-state", "sid": "1720" }, { "namespace": "data", "identifier": "/ietf-system:system-state/clock", "sid": "1721" }, { "namespace": "data", "identifier": "/ietf-system:system-state/clock/boot-datetime\ ", "sid": "1722" }, { "namespace": "data", "identifier": "/ietf-system:system-state/clock/current-\ datetime", "sid": "1723" }, { "namespace": "data", "identifier": "/ietf-system:system-state/platform", "sid": "1724" }, { "namespace": "data", "identifier": "/ietf-system:system-state/platform/machine", "sid": "1725" }, { "namespace": "data", "identifier": "/ietf-system:system-state/platform/os-name", "sid": "1726" }, { "namespace": "data", "identifier": "/ietf-system:system-state/platform/os-release\ ", "sid": "1727" }, { "namespace": "data", "identifier": "/ietf-system:system-state/platform/os-version\ ", "sid": "1728" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication", "sid": "1729" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user", "sid": "1730" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user-\ authentication-order", "sid": "1731" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user/\ authorized-key", "sid": "1732" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user/\ authorized-key/algorithm", "sid": "1733" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user/\ authorized-key/key-data", "sid": "1734" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user/\ authorized-key/name", "sid": "1735" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user/name", "sid": "1736" }, { "namespace": "data", "identifier": "/ietf-system:system/authentication/user/\ password", "sid": "1737" }, { "namespace": "data", "identifier": "/ietf-system:system/clock", "sid": "1738" }, { "namespace": "data", "identifier": "/ietf-system:system/clock/timezone-name", "sid": "1739" }, { "namespace": "data", "identifier": "/ietf-system:system/clock/timezone-utc-offset\ ", "sid": "1740" }, { "namespace": "data", "identifier": "/ietf-system:system/contact", "sid": "1741" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver", "sid": "1742" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/options", "sid": "1743" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/options/\ attempts", "sid": "1744" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/options/\ timeout", "sid": "1745" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/search", "sid": "1746" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/server", "sid": "1747" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/server/name", "sid": "1748" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/server/udp-\ and-tcp", "sid": "1749" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/server/udp-\ and-tcp/address", "sid": "1750" }, { "namespace": "data", "identifier": "/ietf-system:system/dns-resolver/server/udp-\ and-tcp/port", "sid": "1751" }, { "namespace": "data", "identifier": "/ietf-system:system/hostname", "sid": "1752" }, { "namespace": "data", "identifier": "/ietf-system:system/location", "sid": "1753" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp", "sid": "1754" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/enabled", "sid": "1755" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server", "sid": "1756" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server/association-\ type", "sid": "1757" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server/iburst", "sid": "1758" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server/name", "sid": "1759" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server/prefer", "sid": "1760" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server/udp", "sid": "1761" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server/udp/address", "sid": "1762" }, { "namespace": "data", "identifier": "/ietf-system:system/ntp/server/udp/port", "sid": "1763" }, { "namespace": "data", "identifier": "/ietf-system:system/radius", "sid": "1764" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/options", "sid": "1765" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/options/attempts", "sid": "1766" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/options/timeout", "sid": "1767" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/server", "sid": "1768" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/server/\ authentication-type", "sid": "1769" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/server/name", "sid": "1770" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/server/udp", "sid": "1771" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/server/udp/address\ ", "sid": "1772" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/server/udp/\ authentication-port", "sid": "1773" }, { "namespace": "data", "identifier": "/ietf-system:system/radius/server/udp/shared-\ secret", "sid": "1774" } ] }}The assignment of SIDs to YANG itemsSHOULD be automated.The recommended process to assign SIDs is as follows:¶
A tool extracts the different items defined for a specific YANG module.¶
The list of items is sorted in alphabetical order. 'namespace' entries are sorted in descending order, and 'identifier' entries are sorted in ascending order. The 'namespace' and 'identifier' formats are described in the YANG module 'ietf-sid-file' defined inSection 4.¶
SIDs are assigned sequentially from the entry point up to the size of the registered SID range. This approach is recommended to minimize the serialization overhead, especially when the delta between a reference SID and the current SID is used by protocols aiming to reduce message size.¶
If the number of items exceeds the SID range(s) allocated to a YANG module, an extra range is added for subsequent assignments.¶
The 'dependency-revision' list item should reflect the revision numbers of eachYANG module that the YANG module imports at the moment of file generation.¶
When updating a YANG module that is in active use, the existing SID assignments are maintained.(In contrast, when evolving an early version of an Internet-Draft that has not yet been adopted by a community of developers, SID assignments are often better done from scratch after a revision.)If the name of a schema node changes but the data remain structurally and semantically similar to what was previously available under an old name, the SID that was used for the old nameMAY continue to be used for the new name.If the meaning of an item changes, a new SIDMAY be assigned to it; this is particularly useful for allowing the new SID to identify the new structure or semantics of the item.If the YANG data type changes in a new revision of a published modulesuch that the resulting CBOR encoding is changed, then implementations will be aided significantly if a new SID is assigned.Note that these decisions are generally at the discretion of the YANG module author, who should decide if the benefits of a manual intervention are worth the deviation from automatic assignment.¶
In the case of an update to an existing ".sid" file, an additional step is neededthat increments the ".sid" file version number. If there was no version numberin the previous version of the ".sid" file, 0 is assumed to be the version numberof the old version of the ".sid" file and the version number is 1 for the new".sid" file. Apart from that, changes to ".sid" files can also be automated usingthe same method as that described above, except that in step #3, previous SID assignments are kept, only previously unassigned YANG items are processed, and these are assigned previously unassigned SIDs. Already-existing items in the ".sid" file should not be given new SIDs.¶
Note that ".sid" file versions are specific to a YANG module revision. For eachnew YANG module or each new revision of an existing YANG module, the versionnumber of the initial ".sid" file either (1) should be 0 or (2) should not be present.¶
Note also that RPC or action "input" and "output" YANG itemsMUST always beassigned SIDs even if they don't contain further YANG items. The reason for thisrequirement is that other modules can augment the given module and those SIDsmight be necessary.¶
Before assigning SIDs to their YANG modules, YANG module authors must acquire aSID range from a registry of YANG-SID Ranges. If the YANG module is part of an IETFInternet-Draft or RFC, the SID range needs to be acquired from the "IETF YANG-SID Ranges"registry as defined inSection 6.4. For the other YANGmodules, the authors can choose to acquire a SID range from any registry of YANG-SID Ranges.¶
Once the SID range is acquired, owners can use it to generate one or more ".sid" files for their YANG module or modules. It is recommended to leave some unallocated SIDsfollowing the allocated range in each ".sid" file in order to allow betterevolution of the owners' YANG modules in the future. Generation of ".sid" files shouldbe performed using an automated tool. Note that ".sid" files can only begenerated for YANG modules and not for submodules.¶
The following activity diagram summarizes the creation of a YANG module and its associated ".sid" file.¶
The following activity diagram summarizes the update of a YANG module and its associated ".sid" file.¶
[RFC9195] defines a format for "YANG instance data".This essentially leads to an encapsulation of the instance data withinsome metadata envelope.¶
If a ".sid" file needs to be stored in a YANG instance data file, thiscan be achieved by embedding the value of the ".sid" file as the value of thecontent-data member in the following template and copying over thesecond-level members as indicated with the angle brackets:¶
{ "ietf-yang-instance-data:instance-data-set": { "name": "<module-name>@<module-revision>.sid", "description": ["<description>"], "content-schema": { "module": "ietf-sid-file@2024-06-17" }, "content-data": { <replace this object> "ietf-sid-file:sid-file" : { "module-name": ... } } }}¶The authors would like to thankAndy Bierman,Abhinav Somaraju,Peter van der Stok,Laurent Toutain, andRandy Turner for their help during the development of this document andtheir useful comments during the review process.Special thanks go to the IESG members who supplied very usefulcomments during the IESG processing phase, in particular toBenjamin Kaduk andRob Wilton, and toFrancesca Palombini asresponsible AD.¶