Hi Daniel, Thanks for the comments, please see inline.
Best, John From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Daniel Migault Sent: Wednesday, November 02, 2016 3:20 AM To: i2nsf@ietf.org Subject: Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt Please consider responding to this email rather than the previous one. -- Too many CCs. Yours, Daniel On Wed, Nov 2, 2016 at 6:16 AM, Daniel Migault <daniel.miga...@ericsson.com<mailto:daniel.miga...@ericsson.com>> wrote: Hi, I reviewed the document. Please find my comments below. Yours, Daniel Metadata: Data that provides information about other data. MGLT: This is actually how metadata is defined. However, it might be usefull to provide an example, or conplete the definition. <jcs> How about if we add an example? As you say, this is a complete and concise definition of metadata; I would prefer if the definitions are kept concise, and are augmented with examples. </jcs> I an also wondering if I2NSF only defines metadata associated to YANG models. If so woudl it be relevant to mention RFC7952 ? <jcs> This is a good point. </jcs> The examples do not seem to ilustrate what metadata is, instead they mention protocols that use YANG for which metadta is defined. Examples include IETF network management protocols (e.g. NETCONF, RESTCONF, IPFIX) or IETF routing interfaces (I2RS). The I2NSF security interface may utilize Metadata to describe and/or prescribe characteristics and behavior of the YANG data models. <jcs> You are correct. I propose replacing the existing example with the following: Metadata may be used to describe and/or prescribe the characteristics and behavior of the data that the metadata applies to. Metadata is NOT limited to metadata as defined in YANG models [RFC7952]; rather, metadata ca be used to augment the modeling of any I2NSF model element. Examples include: - version information of an I2NSF Capability, I2NSF Component, I2NSF Policy, or other function or object of an I2NSF system - descriptive information, such as best current practices or other usage information, that describe the use or operation of an I2NSF Component - prescriptive information, such as algorithms or commands, that define how an I2NSF Component should be used </jcs> Network Security Function (NSF): Software that provides a set of security-related services. Examples include detecting unwanted activity and blocking or mitigating the effect of such unwanted activity in order to fulfil service requirements. The NSF can also help in supporting communication stream integrity and confidentiality. MGLT: It is not clear to me the relation between function and service. My understanding is that service may involve multiple functions. But I believe it would be helpful to position these two concepts - at least in this definition. <jcs> Good point. How about: Network Security Function (NSF): Software that provides a set of security-related services. An NSF represents the software as a functional block. An NSF functional block may contain one or more security-related services. Examples include detecting unwanted activity and blocking or mitigating the effect of such unwanted activity in order to fulfil service requirements. The NSF can also help in supporting communication stream integrity and confidentiality. </jcs> Producer: A Producer is a Role that is assigned to an I2NSF Component that can send information and/or commands to another I2NSF Component. See also: Consumer, Role. MGLT: Is Producer equivalent to provider ? If so maybe that would hepl to use a single designation. <jcs> I assume you mean I2NSF Provider Interface? Or are you worried that people will equate Provider to Producer? Generically, Providers supply services, but are NOT a functional block in an I2NSF system. Rather, they are actors that use an I2NSF system. In contrast, a Producer is a functional block in an I2NSF system that supplies information, resources, or services for consumption by other I2NSF Components. We could add the fact that a Producer is a type of I2NSF Component, whereas a Provider is not. We could also define a functional block. ☺ </jcs> On Sun, Oct 23, 2016 at 9:44 PM, <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Interface to Network Security Functions of the IETF. Title : Interface to Network Security Functions (I2NSF) Terminology Authors : Susan Hares John Strassner Diego R. Lopez Liang Xia Henk Birkholz Filename : draft-ietf-i2nsf-terminology-02.txt Pages : 13 Date : 2016-10-23 Abstract: This document defines a set of terms that are used for the Interface to Network Security Functions (I2NSF) effort. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-i2nsf-terminology/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-i2nsf-terminology-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-terminology-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf
_______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf
