Hi, Yizhou
I have read the draft, and I think it is good to have a convince way to
update the policies in the network.
Also, I want to share some personal understandings here. If any
misunderstandings, please correct me. Thanks.
The AAPs need to inform the PEPs of the policies of the users by using the
GRASP. It can happen when the user logs in, logs out, or triggers some policy
changes.
Maybe the first step is that the PEPs subscribe to the policy changing even
that they are interested in. Do they send some GRASP messages to AAPs here?
And then, if the user logs in, logs out, or triggers some policy changes,
the AAP informs the PEPs that have subscribed. GRASP is used here. Is it a
multicast?
Best Regards
Zongpeng Du
[email protected] & [email protected]
From: Liyizhou
Date: 2021-10-25 17:04
To: [email protected]
CC: Xun Xiao
Subject: [Anima] unsolicited synchronizaiton in
draft-yizhou-anima-ip-to-access-control-groups-01.txt
Hi all,
The Unsolicited Synchronization message (as defined in section 5.1 in
draft-ietf-anima-grasp-distribution) is greatly leveraged in this document to
allow the access authentication point to pass IP to Group mapping info to
policy enforcement point.
That would make the information retrieval more efficient compared to request
and reply (sync) mode.
I guess a missing part is to a flag to be added to objective-flag, i.e.
objective-flag = &(
F_DISC: 0 ; valid for discovery
F_NEG: 1 ; valid for negotiation
F_SYNCH: 2 ; valid for synchronization
F_NEG_DRY: 3 ; negotiation is a dry run
F_UNSLC_SYNCH: 4 ; this is a missing line to indicate valid for
unsolicited synchronization
)
Looks like the future grasp objectives would require to consider if they are
valid for unsolicited synchronization or not.
Rgds,
Yizhou
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
