John, I see your point now.
Is my following understanding correct? Controller’s North Bound Interface and the South Bound Interface are referring to the Controller’s physical interfaces, whereas the “Capability Layer” is about the functions that NSF can perform. Yes, it would be helpful to add those explanation to the Terminology draft. Does the “Service Layer” in the Terminology draft means a “software, like a management system or controller”? Service Layer: Software that enables clients to manage security policies for their specific flows. This is also called the Client-Facing Interface. Thanks, Linda From: John Strassner [mailto:[email protected]] Sent: Thursday, June 16, 2016 12:58 AM To: Linda Dunbar; John Strassner Cc: Susan Hares; DIEGO LOPEZ GARCIA ([email protected]); [email protected] Subject: Re: questions about some terminologies defined by draft-ietf-i2nsf-terminology-00 HI Linda, I don't see the conflict in the two definitions. If I substitute the first (within braces) into the second, I get: Capability Layer: Defines an abstraction layer that exposes a set of {features that are available from a managed entity} of the I2NSF system. When I look at the Charter's Capability Layer, I think we're still OK - the Charter "...specifies how to control and monitor NSFs at a functional level...", and Capabilities (the features that are available) are essential for planning how to control and monitor NSFs. Features (i.e., capabilities) are independent of interface (northbound or southbound). Would you like us to add that point to the terminology I-D? best regards, John On Wed, Jun 15, 2016 at 8:40 AM, Linda Dunbar <[email protected]<mailto:[email protected]>> wrote: Dear Authors: The term “Capability Layer” defined by the “draft-ietf-i2nsf-terminology-00” carries different meaning than the “Capability Layer” used by the I2NSF charter. “draft-ietf-i2nsf-terminology-00”: Capability: Defines a set of features that are available from a managed entity (see also I2NSF Capability). Capability Layer: Defines an abstraction layer that exposes a set of capabilities of the I2NSF system. I2NSF Charter: I2NSF will specify interfaces at two functional levels for the control and monitoring of network security functions: The I2NSF Capability Layer specifies how to control and monitor NSFs at a functional implementation level. The term "Functional Implementation" is used to emphasize that the rules (for control and monitor) of NSFs have to be implementable by most NSFs. I2NSF will standardize a set of interfaces by which a security controller can invoke, operate, and monitor NSFs. The I2NSF Service Layer defines how clients' security policies may be expressed to a security controller. The controller implements its policies according to the various capabilities provided by the I2NSF Capability Layer. The I2NSF Service Layer also allows the client to monitor the client specific policies. If we use the definitions by the “draft-ietf-i2nsf-terminology-00”, we should create a different terminology to represent the “South bound Interface” between Controller and NSF. Thanks, Linda -- regards, John
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
