Based on my understanding of “Capability Layer” as defined in the I2NSF, is the controller southbound interface. it is the interface from controller to Network Security Function (NSF/vNSF). Is that ok if we define southbound interface as set of interfaces with categorization along the functional line? ...
<jcs> No, both Diego and I have argued that "northbound" and "southbound" should not be used. Please look at the mail thread. In addition, a Controller can announce its capabilities, just like an NSF can. </jcs> regards, John From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Rakesh Kumar Sent: Friday, July 01, 2016 4:06 PM To: Natale, Bob; Susan Hares; DIEGO LOPEZ GARCIA; John Strassner Cc: I2NSF@ietf.org; Xialiang (Frank); Rakesh Kumar; Dacheng Zhang; Linda Dunbar Subject: Re: [I2nsf] questions about some terminologies defined by draft-ietf-i2nsf-terminology-00 Based on my understanding of “Capability Layer” as defined in the I2NSF, is the controller southbound interface. it is the interface from controller to Network Security Function (NSF/vNSF). Is that ok if we define southbound interface as set of interfaces with categorization along the functional line? Something like as following. I2NSF Southbound Interfaces 1. Capability Interface: Interface to discover NSF/vNSF capability so that controller can determine whether a NSF is capable of enforcing a given policy. This could be either a query interface (controller queries from a NSF for specific functionality) or a report interface where each NSF sends its supported capabilities such as feature, scale, performance. The NSF state is not changed by this interface. 2. Programming Interface (or some other better name): Interface used by controller to program a specific NSF to enforce a security policy. This might change the state of NSF if successful. 3. Notification Interface: Interface used to send notification (event/alarm) by NSF to controller (if registered for). The controller may directly take an action based on the event. This is a report and registry interface. This does not change the state of NSF. 4. Telemetry Interface: Interface to get telemetry information from NSF. This could be query or report/registry interface. This does not change the state of NSF. Any thoughts ? Regards, Rakesh From: I2nsf <i2nsf-boun...@ietf.org<mailto:i2nsf-boun...@ietf.org>> on behalf of "Natale, Bob" <rnat...@mitre.org<mailto:rnat...@mitre.org>> Date: Wednesday, June 29, 2016 at 9:38 PM To: Susan Hares <sha...@ndzh.com<mailto:sha...@ndzh.com>>, DIEGO LOPEZ GARCIA <diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>>, John Strassner <straz...@gmail.com<mailto:straz...@gmail.com>> Cc: "I2NSF@ietf.org<mailto:I2NSF@ietf.org>" <I2NSF@ietf.org<mailto:I2NSF@ietf.org>>, "Xialiang (Frank)" <frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>, Dacheng Zhang <dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>>, Linda Dunbar <linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>> Subject: Re: [I2nsf] questions about some terminologies defined by draft-ietf-i2nsf-terminology-00 I would have gone with John’s first definition of the Capability Layer below. It is not a case of reusing the defined term in the definition. The “Capability Layer” is a distinct concept from “Capability” and, as John’s first definition says, consists of “the set of capabilities” and remembering that “Capability” is already defined as “a set of features”. Avanti, BobN From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Susan Hares Sent: Wednesday, June 22, 2016 4:42 PM To: DIEGO LOPEZ GARCIA <diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>>; John Strassner <straz...@gmail.com<mailto:straz...@gmail.com>> Cc: I2NSF@ietf.org<mailto:I2NSF@ietf.org>; Xialiang (Frank) <frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>; Dacheng Zhang <dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>>; Linda Dunbar <linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>> Subject: Re: [I2nsf] questions about some terminologies defined by draft-ietf-i2nsf-terminology-00 John and Diego I agree the second one is better. Sue Sent via the Samsung Galaxy Note5, an AT&T 4G LTE smartphone -------- Original message -------- From: DIEGO LOPEZ GARCIA <diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>> Date: 6/16/2016 2:07 AM (GMT-05:00) To: John Strassner <straz...@gmail.com<mailto:straz...@gmail.com>> Cc: I2NSF@ietf.org<mailto:I2NSF@ietf.org>, "Xialiang (Frank)" <frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>, Susan Hares <sha...@ndzh.com<mailto:sha...@ndzh.com>>, Dacheng Zhang <dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>>, Linda Dunbar <linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>> Subject: Re: [I2nsf] questions about some terminologies defined by draft-ietf-i2nsf-terminology-00 In order to avoid using the defined term (even partially) into the definition I’d go for the second one… Be goode, On 16 Jun 2016, at 15:05 , John Strassner <straz...@gmail.com<mailto:straz...@gmail.com>> wrote: Hi Dacheng, I agree that "I2NSF system" is not well defined. Your definition is better, but it should apply for all NSFs (not 'the NSF'). In addition, the Capability Layer is not an abstraction layer, it a simply a collection of abstractions (the capabilities). So how about: Capability Layer: Defines the set of capabilities available to the Controller for the set of NSFs that the Controller manages. or Capability Layer: Defines the set of features available to the Controller for the set of NSFs that the Controller manages. regards, John On Wed, Jun 15, 2016 at 8:55 PM, Dacheng Zhang <dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>> wrote: I think I agree with Frank. The confusion is caused by the 'I2NSF system’. Maybe we should change the definition in the terminology draft to Capability Layer: Defines an abstraction layer that exposes a set of capabilities of the NSF? 发件人: I2nsf <i2nsf-boun...@ietf.org<mailto:i2nsf-boun...@ietf.org>> on behalf of "Xialiang (Frank)" <frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>> 日期: 2016年6月16日星期四上午11:47 至: Linda Dunbar <linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>>, John Strassner <straz...@gmail.com<mailto:straz...@gmail.com>>, Susan Hares <sha...@ndzh.com<mailto:sha...@ndzh.com>>, "DIEGO LOPEZ GARCIA (diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>)" <diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>> 抄送: "I2NSF@ietf.org<mailto:I2NSF@ietf.org>" <I2NSF@ietf.org<mailto:I2NSF@ietf.org>> 主题: [I2nsf] 答复: questions about some terminologies defined by draft-ietf-i2nsf-terminology-00 Hi Linda, Frankly, I don’t see the essential difference for the meaning of terminology “capability” between them. We just need to make some modification in two places to keep consistence. We can do it during the update of I2NSF terminology draft. B.R. Frank 发件人: I2nsf [mailto:i2nsf-boun...@ietf.org] 代表 Linda Dunbar 发送时间: 2016年6月15日 23:40 收件人: John Strassner; Susan Hares; DIEGO LOPEZ GARCIA (diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>) 抄送: I2NSF@ietf.org<mailto:I2NSF@ietf.org> 主题: [I2nsf] questions about some terminologies defined by draft-ietf-i2nsf-terminology-00 Dear Authors: The term “Capability Layer” defined by the “draft-ietf-i2nsf-terminology-00” carries different meaning than the “Capability Layer” used by the I2NSF charter. “draft-ietf-i2nsf-terminology-00”: Capability: Defines a set of features that are available from a managed entity (see also I2NSF Capability). Capability Layer: Defines an abstraction layer that exposes a set of capabilities of the I2NSF system. I2NSF Charter: I2NSF will specify interfaces at two functional levels for the control and monitoring of network security functions: The I2NSF Capability Layer specifies how to control and monitor NSFs at a functional implementation level. The term "Functional Implementation" is used to emphasize that the rules (for control and monitor) of NSFs have to be implementable by most NSFs. I2NSF will standardize a set of interfaces by which a security controller can invoke, operate, and monitor NSFs. The I2NSF Service Layer defines how clients' security policies may be expressed to a security controller. The controller implements its policies according to the various capabilities provided by the I2NSF Capability Layer. The I2NSF Service Layer also allows the client to monitor the client specific policies. If we use the definitions by the “draft-ietf-i2nsf-terminology-00”, we should create a different terminology to represent the “South bound Interface” between Controller and NSF. Thanks, Linda _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf -- regards, John -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com> Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
_______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf
