Hi, Just a comment on the black-box vendor capabilities. I have trimmed the text to improve readability.
On 27 Jun 2016, at 14:47 , Aldo Basile <[email protected]<mailto:[email protected]>> wrote: 3) due to the complexity and differentiation of the other security capabilities for every vendors, they are considered and treated as an atomic function in our information model. The third party does not need to know its inner logic. But for more fine-grain controlling of them, we can specify some general input/output parameters to customize their matches and actions in certain level. I think that's what you called "custom match". Understood,atomic representation of vendor-specific features simplifies a lot the management and reduces the burden to third parties. However, this atomic approach poses limits on the high-level features and reasoning capabilities that can be added to the infrastructure. Adding or ignoring the support for fine grained options depends on the I2NSF objectives. In SECURED, we had to deal with policy refinement. A refinement process cannot work without (at least) a black-box modelling of the vendor-specific features.Otherwise, it does not understand how to use them. In some cases, even the black-box modelling of vendor-specific features is insufficient, even if we didn't cope with these cases (mainly due to limited time and resources, SECURED will finish in a few months). And yes, custom match conditions provide I/O parameters for a more fine-grained representation of conditions for refinement purposes. However, "custom match" only covers conditions, for the actions we have the rewriting actions that can also be customized. But we didn't dig into them very much as we didn't have time and resources to also cover these cases. However, they are interesting for future research. That is, the SECURED model still needs to be extended to cover these cases based on real use cases.But it is better (in my opinion) to do it under the bigger and more comprehensive umbrella of the I2NSF WG. When we started talking about the I2NSF ideas, the concept of the atomic vendor capability somehow made uneasy, precisely because of the limitation they imply on the ability of the infrastructure to decide on what and how to do with this functions. I’d say the black-box modeling is the minimum we should require for any capability being registered by an NF. Capabilities not supporting at least this should be ignored by the controller. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: [email protected] Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
