Dear Linda,we discussed and agreed in Berlin that the two drafts will form a new one, which will merge the content of both I-Ds. We have (at least from my side) slowly started to work on the new I-D.
The new draft will roughly contain two parts:- one part that describes the dynamic and management aspects of the "capability" owned by a NSF, that is, how a function publishes capabilities, how it is possible to push configurations to it, and all the (event-based) management life cycle of a NSF. This part mainly builds from the draft-xia-i2nsf-capability-interface-im and contributed by John and Frank (which may be more precise during the call), and
- one part that describes the static aspects of the security policies (i.e., the configurations) that can be pushed to an NSF, that is, the actions that an NSF can enforce and the way to ask it to enforce these actions on specific traffic (=conditions, resolutions, default actions, etc.). This part mainly builds from the baspez draft.
Regards, Aldo On 05/10/2016 22:11, Linda Dunbar wrote:
Aldo, Thank you very much for the detailed explanation. You mentioned about merging with John and Frank Xia's draft. Will you merge some content to the "draft-xia-i2nsf-capability-interface-im"? Or some content from "draft-xia-i2nsf-capability-interface-im" will be merged to yours? Using the I2NSF WG agreed terminologies, (i.e. "NSF-facing-interface" and "Client-facing-interface), the "draft-xia-i2nsf-capability-interface-im" not only describes the "capability" information from NSFs, but also the "dynamic rules over the NSF-facing-interface. At today's Interim meeting, can you, John, and Frank explain the partition of the drafts? Thank you very much. Linda -----Original Message----- From: Aldo Basile [mailto:[email protected]] Sent: Wednesday, October 05, 2016 1:56 PM To: Linda Dunbar; [email protected] Subject: Re: Questions about draft-baspez-i2nsf-capabilities-00 Dear Linda, this ambiguity is a consequence of my bad relation with the textual syntax of I-D, while I usually work with LaTeX and I conceive formulas in LaTeX format (and, honestly, I still don't understand why it is not also adopted by IETF). I'm sorry for this, I'll work to improve formulas readability for the version 01 or for the merged version (the one we are working on with John Strassner and Frank Xialiang). 1) AC (both capital letters) is the set of all the existing actions, thus AC will include "permit", "deny", "redirect", "log", "alert", and all the actions that may describe any of the enforcement activities performed by whatever security function. 2) Ac is a subset of AC that represents the actions actually available at the security function we want to describe. Therefore, for a basic packet filter it will most likely include only "permit", "deny", and "redirect", while more sophisticated functions will have their own set of actions (that, to make the model coherent, should nevertheless be also replicated in the AC that will contain all of them). "[" graphically depicts the LaTeX symbol \subseteq (look at the relation symbols here http://web.ift.uib.no/Teori/KURS/WRK/TeX/symALL.html) which I used to depict the subset relation (a [ b means that the left one contains a subset of the elements in b but it may possibly contain the same elements as b). I added a sentence in the draft explaining this use, but it was probably very vague. Hope this clarifies the and hope I can solve editing issues in the next versions. Regards, Aldo On 05/10/2016 19:12, Linda Dunbar wrote:Aldo and Diego, The section 4.1 of your draft has this expression: Our capabilities are defined by a 4-tuple: (Ac; Cc; RSc; Dc) [ (AC; CC; RSC; DC)= K Is it intentional to have "[" without the matching one "]"? What is the relationship between "Ac" and "AC"? are they the same? If a NSF supports more actions than the simple "permit" or "deny" (e.g. "redirect", "log", "alert", etc), will then be listed in "AC" or "Ac"? Thanks, Linda_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
