Hi Linda, Here are my answers as below: > - Is Section 4 more on the “Structure of I2nsf Policy Rules”? instead of “Objectives”?
=> Yes, you are right. Actually, this section is intended to show the structure of a security policy (having security rules for a given security policy) and to explain the objectives of its components. In the next revision, we will replace "Objectives" with "The Structure and Objective of I2NSF Security Policy" for the title of Section 4. > - Is the “+--rw generic-nsf” branch more for the “property” of the policy (lack of better words)? > More for describing the policy’s priority in relate to others and the resolution strategy if there is any conflict? => A "generic-nsf" branch represents a list of security policies whose security rules are specified as "eca-policy-rules" branches. Among multiple security rules for a security policy, rule-priority is used to determines the priorities of the rules, and a resolution strategy of the security rules is used to resolve the conflicts of the rules in the same security policy. Since generic-nsf may be misleading, we will use "i2nsf-security-policy" branch directly without using the "generic-nsf" branch. That is, we will remove the "generic-nsf" branch and will put the i2nsf-security-policy on the place of the "generic-nsf" branch. If you have further questions, plesse let me know. Thanks. Best Regards, Paul On Fri, Feb 9, 2018 at 5:44 AM, Linda Dunbar <linda.dun...@huawei.com> wrote: > Authors of draft-kim-i2nsf-nsf-facing-interface-data-data-model: > > > Clarification questions: > > - Is Section 4 more on the “Structure of I2nsf Policy Rules”? > instead of “Objectives”? > > - Is the “+--rw generic-nsf” branch more for the “property” of the > policy (lack of better words)? More for describing the policy’s priority in > relate to others and the resolution strategy if there is any conflict? > > > > > > Thanks, Linda > > > > *From:* Mr. Jaehoon Paul Jeong [mailto:jaehoon.p...@gmail.com] > *Sent:* Tuesday, February 06, 2018 5:42 PM > *To:* John Strassner <straz...@gmail.com> > *Cc:* email@example.com; Linda Dunbar <linda.dun...@huawei.com>; Jingyong > (Tim) Kim <wlsdyd0...@nate.com>; Susan Hares <sha...@ndzh.com>; > SecCurator_Team <skku_secu-brain_...@googlegroups.com> > *Subject:* Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/ > draft-kim-i2nsf-nsf-facing-interface-data-model-04 > > > > Hi John, > > Thanks for your good suggestions on our draft. :-) > > We authors will clarify your suggestions on the next revision except the > OO design for the YANG data model. > > The OO design takes time, so we will try to address it later. > > > > You can suggest the good OO design based on our next revision. > > > > Thanks. > > > > Best Regards, > > Paul > > > > On Wed, Feb 7, 2018 at 8:31 AM, John Strassner <straz...@gmail.com> wrote: > > IMHO, the purpose of a WG adopting a draft is to acknowledge that the > draft is a good starting point for the work that WG wants to accomplish. To > be perfectly clear, I am NOT objecting on the completeness of the document. > Rather, I am objecting on the technical correctness of the starting point. > > > I do NOT feel that the proposed documents represent a good starting point. > Ignoring things that can be easily fixed (e.g., grammar), there are a host > of problems, such as: > > > > - sec 4: it is unclear what is meant by "Objectives", see below > > - sec 4.1 does NOT define what an I2NSF SecurityPolicyRule is, or > what its objective is > > - secs 4.2 and 4.3 do provide definitions of events and conditions > (though their grammar needs improvement) > > - sec 4.4 provides a superficial definition of an action that needs > tightening up > > > > The above are troublesome, as all definitions are clearly defined in the > terminology draft. For a long time now... :-( And I really don't understand > why this section is labeled "Objectives". Objectives of what? An event? of > the data model? something else? > > > > - sec 5.1: I don't understand the design of the YANG module at all > > - the ietf-i2nsf-nsf-facing-interface module appears to describe a > policy rule, but is given the name of an interface. In addition, why does > generic-nsf > contain a policy (i2nsf-security-policy)? Put another way, the name of > the module is the name of an interface, but doesn't describe an interface, > and more importantly, > NSFs do NOT contain policy rules - they are sent policy rules by > the policy engine > > - Worse, why are the event, condition, and action containers NOT > inside the policy rule? > > - Same problem for figures 5.2-5.4, plus other problems (e.g., why is > the resolution strategy NOT a part of the policy???) > > - the design of the condition clause is not scalable. In an OO design, > one does NOT simply list a hundred attributes in a class. We decided that > the YANG module would be designed in an OO style. > > - same problem for the action clause > > > > Given the above, the rest of the YANG will be wrong. > > > > Therefore, the document is NOT a good starting point, and will NOT > accelerate the path to getting a good RFC. > > > > regards, > > John > > > > On Fri, Jan 26, 2018 at 3:21 PM, Linda Dunbar <linda.dun...@huawei.com> > wrote: > > > > The authors of I2NSF Network Security Functions-Facing Interface YANG Data > Model > > https://tools.ietf.org/html/draft-kim-i2nsf-nsf-facing- > interface-data-model-04 > > > > Have requested working group adoption of this draft. > > > > Please bear in mind that WG Adoption doesn’t mean that the draft current > content is ready, WG Adoption only means that it is a good basis for a > working group to work on. > > > > While all feedback is helpful, comments pro or con with explanations are > much more helpful than just "yes please" or "no thank you". > > > > Thank you. > > > > Linda & Yoav > > > > > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > > > > -- > > regards, > > John > > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.p...@gmail.com, paulje...@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.p...@gmail.com, paulje...@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf