Re: [I2nsf] questions about some terminologies defined by draft-ietf-i2nsf-terminology-00

[Rakesh Kumar]

Hi Frank,

Thanks for the comments.

IMHO, it would be great if our terminology

  1.  Align well with other work in the industry (I am pretty sure there are 
other service orchestration system/controller in the standard bodies  and open 
source).
  2.  Communicates clearly the intention of these interface  on  terminology we 
choose.
  3.  The end-customer/consumer find these interfaces intuitive. The 
end-customer could be
     *   An uber-controller that uses I2NSF defined security controller to 
provision security policies
     *   A GUI system used by admin to provision security policies
     *   OSS/BSS system from service provider
     *   Thirty party APP written on top of I2NSF controller

It would be great to discuss various options discussed so far in this group and 
see which ones are the most appropriate.

Once we agree on top level, it would be great to create 
classification/categories for these interfaces on either side of the controller 
so that  our work/drafts communicate clearly, the specific area[s] targeted.

I just sent this classification to start a wider discussion. I  look towards 
the group and help from chairs to see how to carry it forward and whether to 
fold this into existing draft or not.

It would be great if we bring this up in Berlin.

Thanks & Regards,
Rakesh

From: "Xialiang (Frank)" 
<frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>
Date: Sunday, July 3, 2016 at 7:39 PM
To: "Diego R. Lopez" 
<diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>>, John 
Strassner <john.sc.strass...@huawei.com<mailto:john.sc.strass...@huawei.com>>
Cc: Rakesh Kumar <rkku...@juniper.net<mailto:rkku...@juniper.net>>, "Natale, 
Bob" <rnat...@mitre.org<mailto:rnat...@mitre.org>>, Susan Hares 
<sha...@ndzh.com<mailto:sha...@ndzh.com>>, John Strassner 
<straz...@gmail.com<mailto:straz...@gmail.com>>, 
"i2nsf@ietf.org<mailto:i2nsf@ietf.org>" 
<i2nsf@ietf.org<mailto:i2nsf@ietf.org>>, Dacheng Zhang 
<dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>>, Linda Dunbar 
<linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>>
Subject: Re: [I2nsf] questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00

Hi all,
Firstly, I fully support John’s argument that we should avoid using the 
“northbound/southbound” concept here, since they are recursive and cannot be 
specific.
Secondly, I like the idea from Rakesh of a clear classification for the I2NSF 
NSF-Facing interface, I think his current naming is ok, but we can maybe find 
more better names. In addition, I think “capability interface” and “programming 
interface” are also applied to the I2NSF Consumer-Facing Interface.

Thanks!

B.R.
Frank

发件人: Diego R. Lopez [mailto:diego.r.lo...@telefonica.com]
发送时间: 2016年7月2日 15:40
收件人: John Strassner
抄送: Rakesh Kumar; Natale, Bob; Susan Hares; John Strassner; 
I2NSF@ietf.org<mailto:I2NSF@ietf.org>; Xialiang (Frank); Dacheng Zhang; Linda 
Dunbar
主题: Re: [I2nsf] questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00

On 2 Jul 2016, at 03:36 , John Strassner 
<john.sc.strass...@huawei.com<mailto:john.sc.strass...@huawei.com>> wrote:

Based on my understanding of “Capability Layer” as defined in the I2NSF, is the 
 controller southbound interface.  it is the interface from controller to 
Network Security Function (NSF/vNSF). Is that ok if we define southbound 
interface as set of interfaces with categorization along the functional line?
...

<jcs>
No, both Diego and I have argued that "northbound" and "southbound" should not 
be used.
Please look at the mail thread. In addition, a Controller can announce its 
capabilities, just
like an NSF can.
</jcs>


And I wholeheartedly support this idea of recursion. It is an essential part of 
any approach to a network functional moel.

Be goode,





regards,
John


From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Rakesh Kumar
Sent: Friday, July 01, 2016 4:06 PM
To: Natale, Bob; Susan Hares; DIEGO LOPEZ GARCIA; John Strassner
Cc: I2NSF@ietf.org<mailto:I2NSF@ietf.org>; Xialiang (Frank); Rakesh Kumar; 
Dacheng Zhang; Linda Dunbar
Subject: Re: [I2nsf] questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00

Based on my understanding of “Capability Layer” as defined in the I2NSF, is the 
 controller southbound interface.  it is the interface from controller to 
Network Security Function (NSF/vNSF).

Is that ok if we define southbound interface as set of interfaces with 
categorization along the functional line? Something like as following.

I2NSF Southbound Interfaces


  1.  Capability Interface: Interface to discover NSF/vNSF capability so that 
controller can determine whether a NSF is capable of enforcing a given policy. 
This could be either a query interface (controller queries from a NSF for 
specific functionality) or a report interface where each NSF sends its 
supported capabilities such as feature, scale, performance. The NSF state is 
not changed by this interface.
  2.  Programming Interface (or some other better name):  Interface used by 
controller to program a specific NSF to enforce a security policy. This might 
change the state of NSF if successful.
  3.  Notification Interface:  Interface used to send notification 
(event/alarm) by NSF to controller (if registered for). The controller may 
directly take an action based on the event. This is a report and registry 
interface. This does not change the state of NSF.
  4.  Telemetry Interface: Interface to get telemetry information from NSF. 
This could be query or report/registry interface. This does not change the 
state of NSF.

Any thoughts ?

Regards,
Rakesh

From: I2nsf <i2nsf-boun...@ietf.org<mailto:i2nsf-boun...@ietf.org>> on behalf 
of "Natale, Bob" <rnat...@mitre.org<mailto:rnat...@mitre.org>>
Date: Wednesday, June 29, 2016 at 9:38 PM
To: Susan Hares <sha...@ndzh.com<mailto:sha...@ndzh.com>>, DIEGO LOPEZ GARCIA 
<diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>>, John 
Strassner <straz...@gmail.com<mailto:straz...@gmail.com>>
Cc: "I2NSF@ietf.org<mailto:I2NSF@ietf.org>" 
<I2NSF@ietf.org<mailto:I2NSF@ietf.org>>, "Xialiang (Frank)" 
<frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>, Dacheng Zhang 
<dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>>, Linda Dunbar 
<linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>>
Subject: Re: [I2nsf] questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00

I would have gone with John’s first definition of the Capability Layer below. 
It is not a case of reusing the defined term in the definition. The “Capability 
Layer” is a distinct concept from “Capability” and, as John’s first definition 
says, consists of “the set of capabilities” and remembering that “Capability” 
is already defined as “a set of features”.

Avanti,
BobN

From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Susan Hares
Sent: Wednesday, June 22, 2016 4:42 PM
To: DIEGO LOPEZ GARCIA 
<diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>>; John 
Strassner <straz...@gmail.com<mailto:straz...@gmail.com>>
Cc: I2NSF@ietf.org<mailto:I2NSF@ietf.org>; Xialiang (Frank) 
<frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>; Dacheng Zhang 
<dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>>; Linda Dunbar 
<linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>>
Subject: Re: [I2nsf] questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00


John and Diego

I agree the second one is better.

Sue


Sent via the Samsung Galaxy Note5, an AT&T 4G LTE smartphone
-------- Original message --------
From: DIEGO LOPEZ GARCIA 
<diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>>
Date: 6/16/2016 2:07 AM (GMT-05:00)
To: John Strassner <straz...@gmail.com<mailto:straz...@gmail.com>>
Cc: I2NSF@ietf.org<mailto:I2NSF@ietf.org>, "Xialiang (Frank)" 
<frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>, Susan Hares 
<sha...@ndzh.com<mailto:sha...@ndzh.com>>, Dacheng Zhang 
<dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>>, Linda Dunbar 
<linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>>
Subject: Re: [I2nsf] questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00

In order to avoid using the defined term (even partially) into the definition 
I’d go for the second one…

Be goode,

On 16 Jun 2016, at 15:05 , John Strassner 
<straz...@gmail.com<mailto:straz...@gmail.com>> wrote:

Hi Dacheng,

I agree that "I2NSF system" is not well defined. Your definition is better, but 
it should apply for all NSFs (not 'the NSF'). In addition, the Capability Layer 
is not an abstraction layer, it a simply a collection of abstractions (the 
capabilities). So how about:

    Capability Layer:  Defines the set of capabilities available to the 
Controller for the set of NSFs that the Controller manages.

or

    Capability Layer:  Defines the set of features available to the Controller 
for the set of NSFs that the Controller manages.


regards,
John

On Wed, Jun 15, 2016 at 8:55 PM, Dacheng Zhang 
<dacheng....@alibaba-inc.com<mailto:dacheng....@alibaba-inc.com>> wrote:
I think I agree with Frank. The confusion is caused by the 'I2NSF system’. 
Maybe we should change the definition in the terminology draft to Capability 
Layer: Defines an abstraction layer that exposes a set of capabilities of the 
NSF?

发件人: I2nsf <i2nsf-boun...@ietf.org<mailto:i2nsf-boun...@ietf.org>> on behalf of 
"Xialiang (Frank)" <frank.xiali...@huawei.com<mailto:frank.xiali...@huawei.com>>
日期: 2016年6月16日星期四上午11:47
至: Linda Dunbar <linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>>, John 
Strassner <straz...@gmail.com<mailto:straz...@gmail.com>>, Susan Hares 
<sha...@ndzh.com<mailto:sha...@ndzh.com>>, "DIEGO LOPEZ GARCIA 
(diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>)" 
<diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>>
抄送: "I2NSF@ietf.org<mailto:I2NSF@ietf.org>" 
<I2NSF@ietf.org<mailto:I2NSF@ietf.org>>
主题: [I2nsf] 答复: questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00

Hi Linda,
Frankly, I don’t see the essential difference for the meaning of terminology 
“capability” between  them.  We just need to make some modification in two 
places to keep consistence.
We can do it during the update of I2NSF terminology draft.

B.R.
Frank

发件人: I2nsf [mailto:i2nsf-boun...@ietf.org] 代表 Linda Dunbar
发送时间: 2016年6月15日 23:40
收件人: John Strassner; Susan Hares; DIEGO LOPEZ GARCIA 
(diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>)
抄送: I2NSF@ietf.org<mailto:I2NSF@ietf.org>
主题: [I2nsf] questions about some terminologies defined by 
draft-ietf-i2nsf-terminology-00

Dear Authors:

The term “Capability Layer” defined by the “draft-ietf-i2nsf-terminology-00” 
carries different  meaning than the “Capability Layer” used by the I2NSF 
charter.

“draft-ietf-i2nsf-terminology-00”:
Capability: Defines a set of features that are available from a managed entity 
(see also I2NSF Capability).

Capability Layer: Defines an abstraction layer that exposes a set of 
capabilities of the I2NSF system.

I2NSF Charter:
I2NSF will specify interfaces at two functional levels for the control and 
monitoring of network security functions:
The I2NSF Capability Layer specifies how to control and monitor NSFs at a 
functional implementation level. The term "Functional Implementation" is used 
to emphasize that the rules (for control and monitor) of NSFs have to be 
implementable by most NSFs. I2NSF will standardize a set of interfaces by which 
a security controller can invoke, operate, and monitor NSFs.

The I2NSF Service Layer defines how clients' security policies may be expressed 
to a security controller. The controller implements its policies according to 
the various capabilities provided by the I2NSF Capability Layer. The I2NSF 
Service Layer also allows the client to monitor the client specific policies.

If we use the definitions by the “draft-ietf-i2nsf-terminology-00”, we should 
create a different terminology to represent the “South bound Interface” between 
Controller and NSF.

Thanks, Linda



_______________________________________________ I2nsf mailing list 
I2nsf@ietf.org<mailto:I2nsf@ietf.org> 
https://www.ietf.org/mailman/listinfo/i2nsf



--
regards,
John

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede 
contener información privilegiada o confidencial y es para uso exclusivo de la 
persona o entidad de destino. Si no es usted. el destinatario indicado, queda 
notificado de que la lectura, utilización, divulgación y/o copia sin 
autorización puede estar prohibida en virtud de la legislación vigente. Si ha 
recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente 
por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential 
information intended only for the use of the individual or entity named above. 
If the reader of this message is not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this communication 
is strictly prohibited. If you have received this transmission in error, do not 
read it. Please immediately reply to the sender that you have received this 
communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode 
conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa 
ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica 
notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização 
pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem 
por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e 
proceda a sua destruição

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------

________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede 
contener información privilegiada o confidencial y es para uso exclusivo de la 
persona o entidad de destino. Si no es usted. el destinatario indicado, queda 
notificado de que la lectura, utilización, divulgación y/o copia sin 
autorización puede estar prohibida en virtud de la legislación vigente. Si ha 
recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente 
por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential 
information intended only for the use of the individual or entity named above. 
If the reader of this message is not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this communication 
is strictly prohibited. If you have received this transmission in error, do not 
read it. Please immediately reply to the sender that you have received this 
communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode 
conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa 
ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica 
notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização 
pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem 
por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e 
proceda a sua destruição

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf