Comments on 99-245r7 (Access Controls)

Ralph Weber ralphoweber at CompuServe.COM
Wed Apr 12 06:14:05 PDT 2000

* From the T10 Reflector (t10 at, posted by:
* Ralph Weber <ralphoweber at>
I've reviewed a little less than half of the Access Controls proposal
and have found several editorial problems.  If this proposal were
approved in its current form, I'd have to apply a very very heavy
editing pencil to it before it was incorporated in SPC-x.

As input to the teleconference call this morning, here are the more
serious comments I have so far.

pdfpg 14 - Certainly, if definitions are to remain in the glossary
several of them will need to be modified to more clearly state that
they apply to access controls (including suitable cross references).

pdfpg 14 - My preference for remaining the the glossary are Access
Controls, Access Control List, Access Controls Coordinator, and Proxy
Token.  I might be talked into Default Logical Unit Number.  The rest
should assume the definitions given them in the model clause.

pdfpg 16 -The "Resource Requirements' clause contains several
descriptions of how various required resources are used.  This
information belongs in other clauses.  The "Resource Requirements'
clause also describes the 'default values' of various resources.
Maybe this should be changed to a list of the resource values that
devices shall contain when shipped from the factory.

Also, are resources required for LUN Maps?  If yes, then those
requirements need to be detailed in this clause.

pdfpgs 16 - 24 - The access controls model should walk the reader
through a normal case (no errors or conflicts) usage of access
controls and then discuss the exceptional cases.  Also, the content
an access control list should be defined carefully before introducing
the concept of a LUN map.  The current structure assumes too much
knowledge of concepts presented in later clauses.

pdfpg 16 - The description of an Access Control List is totally
inadequate and applied inconsistently (the resource requirements
clause makes no mention of LUN map, but other clauses appear to make
resource requirements for LUN Maps).  Also, there is severe confusion
between what is an Access Control List and what is a LUN Map,
confusion to such an extent that I can't tell the difference.

A serious rewrite is required starting near the top (as in title) of
the clause currently named LUN Mapping.  Or perhaps, new clauses are
needed prior to the LUN Mapping clause.

pdfpg 17 - Regarding the application of access controls to tasks
already 'known' to the target: '... tasks queued' is not a very good
SAM concept on which to hang one's hat.  '... tasks that have entered
the enabled task state' is a more precise point in time, with I think
equally good effect. The phrase '... tasks received by the device
server after successful completion of ...' has similar problems.

Aside from eliminating ambiguity and relying on wording used
elsewhere, changing to '... entered the enabled task state ...' would
make the new access controls apply to tasks that enter execution
following the ACL OUT command, regardless of whether the tasks
entered the queue before the ACL OUT command or not.  A concall
determination is required regarding whether this change is

pdfpg 24 - Clause 4.11 contains information that is not found in any
other SPC model clause (including persistent reservations).

pdfpg 25 - Clause 4.12 contains information that is not appropriate
for inclusion in the SPC model at all.  The information might
appropriately be listed as revisions to the the ASC/ASCQ table, but
that belongs somewhere other than as a clause within the model.

* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at

More information about the T10 mailing list