Hi, Yizhou I have read the draft, and I think it is good to have a convince way to update the policies in the network.
Also, I want to share some personal understandings here. If any misunderstandings, please correct me. Thanks. The AAPs need to inform the PEPs of the policies of the users by using the GRASP. It can happen when the user logs in, logs out, or triggers some policy changes. Maybe the first step is that the PEPs subscribe to the policy changing even that they are interested in. Do they send some GRASP messages to AAPs here? And then, if the user logs in, logs out, or triggers some policy changes, the AAP informs the PEPs that have subscribed. GRASP is used here. Is it a multicast? Best Regards Zongpeng Du duzongp...@foxmail.com & duzongp...@chinamobile.com From: Liyizhou Date: 2021-10-25 17:04 To: Anima@ietf.org CC: Xun Xiao Subject: [Anima] unsolicited synchronizaiton in draft-yizhou-anima-ip-to-access-control-groups-01.txt Hi all, The Unsolicited Synchronization message (as defined in section 5.1 in draft-ietf-anima-grasp-distribution) is greatly leveraged in this document to allow the access authentication point to pass IP to Group mapping info to policy enforcement point. That would make the information retrieval more efficient compared to request and reply (sync) mode. I guess a missing part is to a flag to be added to objective-flag, i.e. objective-flag = &( F_DISC: 0 ; valid for discovery F_NEG: 1 ; valid for negotiation F_SYNCH: 2 ; valid for synchronization F_NEG_DRY: 3 ; negotiation is a dry run F_UNSLC_SYNCH: 4 ; this is a missing line to indicate valid for unsolicited synchronization ) Looks like the future grasp objectives would require to consider if they are valid for unsolicited synchronization or not. Rgds, Yizhou _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima