Hi Paul, While I find agreeable that your draft could be merged with another one (or other ones) in order to consolidate the documents to be produced by I2NSF, I am not 100% sure it should be the framework draft. Looking at the proposals you make in your draft I see it more aligned with what the drafts dealing with the client-facing interface are considering than with the general framework. In particular, draft-kumar-i2nsf-client-facing-interface-req-01<https://datatracker.ietf.org/doc/draft-kumar-i2nsf-client-facing-interface-req/> has a section(3.3) that discusses management deployment models, and I am under the impression this architecture you propose could be seen as a refinement of those models.
Be goode, On 21 Oct 2016, at 02:54 , Mr. Jaehoon Paul Jeong <[email protected]<mailto:[email protected]>> wrote: Hi Linda, Are you agreeing at merging our draft (draft-kim-i2nsf-security-management-architecture-02) into draft-ietf-i2nsf-framework-03? Thanks. Best Regards, Paul On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong <[email protected]<mailto:[email protected]>> wrote: Hi Linda, As a coauthor of this draft, I will answer your questions inline below. On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <[email protected]<mailto:[email protected]>> wrote: Hyoungshick, et al, How would you position your draft-kim-i2nsf-security-management-architecture-01 with regard to the I2NSF framework draft? I find there are a lot of duplicated content to the I2nsf framework draft. [Paul] We would like to merge our draft into the i2nsf framework draft because our draft has one depth more detailed architecture. This detailed architecture will be helpful to implement the i2nsf framework. There are some differences, such as the following: Are you trying to define how “security policy” is structured? <image002.png> [Paul] Our architecture allows an NSF to update a low-level policy and apply it to the related high-level policy via the control path of Security Controller and Policy Collector (renamed Event Collector in version 02) in Figure 1 of our version 02: https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02 For example, if an NSF of firewall detects a new DoS-attack host, it reports the updated blacklist having the IP address of such a host to Application Logic in I2NSF Client via Security Controller and Event Collector. Application Logic asks Policy Updater to disseminate the updated blacklist to the security controllers under the administration of the same I2NSF Client. Will the “High Level security management” eventually lead to Client Facing Policy data models? [Paul] Yes, as explained above, the High-level security management leads to update and handle Client facing policy data models. Do you plan to define interfaces between all those components depicted in Figure 1? The interfaces between some of those components are not really in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF Capability Manager”, or the interface between “Application Logic” <-> “Policy Updater”. [Paul] Yes, we have a plan to define such interfaces. Are those components in your current implementation? Is it like an “example of one implementation”? [Paul] Though those components are not fully implemented yet in our implementation, my team at SKKU will make implement those components in a later version. Thanks for your clarification questions. Best Regards, Paul Thanks, Linda _______________________________________________ I2nsf mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/i2nsf -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php> -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php> _______________________________________________ I2nsf mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/i2nsf -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: [email protected] Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
