Hi Linda, Are you agreeing at merging our draft (draft-kim-i2nsf-security-management-architecture-02) into draft-ietf-i2nsf-framework-03?
Thanks. Best Regards, Paul On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong < [email protected]> wrote: > Hi Linda, > As a coauthor of this draft, I will answer your questions inline below. > > On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <[email protected]> > wrote: > >> Hyoungshick, et al, >> >> >> >> How would you position your >> draft-kim-i2nsf-security-management-architecture-01 >> with regard to the I2NSF framework draft? I find there are a lot of >> duplicated content to the I2nsf framework draft. >> > > [Paul] We would like to merge our draft into the i2nsf framework draft > because our draft has one depth more detailed architecture. > This detailed architecture will be helpful to implement the i2nsf > framework. > > >> >> There are some differences, such as the following: Are you trying to >> define how “security policy” is structured? >> >> >> >> >> > [Paul] Our architecture allows an NSF to update a low-level policy and > apply it to the related high-level policy > via the control path of Security Controller and Policy Collector (renamed > Event Collector in version 02) in Figure 1 > of our version 02: > https://tools.ietf.org/html/draft-kim-i2nsf-security- > management-architecture-02 > > For example, if an NSF of firewall detects a new DoS-attack host, it > reports the updated blacklist having > the IP address of such a host to Application Logic in I2NSF Client via > Security Controller and Event Collector. > Application Logic asks Policy Updater to disseminate the updated > blacklist to the security controllers > under the administration of the same I2NSF Client. > > >> Will the “High Level security management” eventually lead to Client >> Facing Policy data models? >> > > [Paul] Yes, as explained above, the High-level security management leads > to update and handle Client facing policy > data models. > >> >> >> Do you plan to define interfaces between all those components depicted in >> Figure 1? The interfaces between some of those components are not really >> in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF >> Capability Manager”, or the interface between “Application Logic” <-> >> “Policy Updater”. >> > > [Paul] Yes, we have a plan to define such interfaces. > > >> >> Are those components in your current implementation? Is it like an >> “example of one implementation”? >> > > [Paul] Though those components are not fully implemented yet in our > implementation, my team at SKKU > will make implement those components in a later version. > > Thanks for your clarification questions. > > Best Regards, > Paul > > >> >> >> >> >> Thanks, Linda >> >> _______________________________________________ >> I2nsf mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/i2nsf >> >> > > > -- > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected], [email protected] Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
