Hi, I posted a new draft that proposes a framework for northbound interfaces (whatever terminology we finally agree on) from Security Policy Controller. We would like to solicit feedback and start discussion within the I2NSF group to see how to carry this effort forward. The security is very complex and mostly device/vendor/feature centric but It would be great to come up with a policy framework which can work across wide spectrum of use-cases and also extensible. Our goal is to push this framework in SUPA as well so that “Service Layer” generic policy framework could be easily adopted for security functions.
I want to thank Adrian Farrel and Linda Dunbar for all the help they extended to new comers. I am looking forward to discussion at Berlin meeting. We can also discuss before/at/after the meeting (1:1) if needed. I have also requested I2NSF chairs for 15-30 mins power point presentation on this at Berlin meeting. Regards Rakesh A new version of I-D, draft-kumar-i2nsf-controller-northbound-framework-00.txt has been successfully submitted by Rakesh Kumar and posted to the IETF repository. Name: draft-kumar-i2nsf-controller-northbound-framework Revision: 00 Title: Northbound Interfaces for Security Policy Controllers : A Framework and Information Model Document date: 2016-07-06 Group: Individual Submission Pages: 15 URL: https://www.ietf.org/internet-drafts/draft-kumar-i2nsf-controller-northbound-framework-00.txt Status: https://datatracker.ietf.org/doc/draft-kumar-i2nsf-controller-northbound-framework/ Htmlized: https://tools.ietf.org/html/draft-kumar-i2nsf-controller-northbound-framework-00 Abstract: This document provides a framework and information model for the definition of northbound interfaces for a security policy controller. The interfaces are based on user-intent instead of vendor-specific or device-centric approaches that would require deep knowledge of vendor products and their security features. The document identifies the common interfaces needed to enforce the user-intent-based policies onto network security functions (NSFs) irrespective of how those functions are realized. The function may be physical or virtual in nature and may be implemented in networking or dedicated appliances.
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
