Yes,

I am objecting to a tenant owning a policy. That is backwards. Policies are
owned by Administrative Domains.

Yes, an organization could be an Administrative Domain. More likely, an
Organization has multiple groups (OUs in the X.500/LDAP world, departments
in English) that are each Administrative Domains. In this situation,
policies are hierarchical (higher controls lower, lower cannot conflict
with higher). So each Administrative Domain applies its set of policies (if
any) to a tent (typically a person or OU).

regards,
John

On Tue, Feb 13, 2018 at 3:31 PM, Linda Dunbar <linda.dun...@huawei.com>
wrote:

> John,
>
>
>
> Do you mean the term “Admin-Domain” can be used to represent a group of
> Tenants? For example: “Admin Domain” can be a company, and each Tenant can
> be a department within the company?  One “Admin Domain” has many “Tenants”?
>
>
>
> Thank you.
>
>
>
> Linda
>
>
>
>
>
>
>
>
>
> *From:* John Strassner [mailto:straz...@gmail.com]
> *Sent:* Monday, February 12, 2018 5:22 PM
> *To:* Linda Dunbar <linda.dun...@huawei.com>
> *Cc:* i2nsf@ietf.org
> *Subject:* Re: [I2nsf] what does the term "Policy Domain" commonly refer
> to? (was RE: WG Adoption call for https://tools.ietf.org/html/
> draft-jeong-i2nsf-consumer-facing-interface-dm-04
>
>
>
> It is hard to tell due to lack of specificity, but likely it is NOT a
> correct use of the term.
>
> The relationship is backwards - a tenant does NOT control policies.
> Rather, an
>
> admin domain (i.e., a policy domain) control policies, and tenants exist
> in an
>
> admin domain.
>
>
>
> This is what I meant in my brief comment.
>
>
>
> regards,
>
> John
>
>
>
> On Mon, Feb 12, 2018 at 9:05 AM, Linda Dunbar <linda.dun...@huawei.com>
> wrote:
>
> John,
>
>
>
> Thank you very much for the interpretation of “Policy Domain”.
>
>
>
> Based on the reply from Paul, the term “Policy Domain” in their draft is
> about a “Family (or a group) of Tenants”.
>
> Is it a proper to use “Policy domain” as a term referring to the domain
> applying to a family or a group of tenants? Say a group of Departments
> (tenants) belonging under one organization?
>
>
>
> If not, can you suggest a better term?
>
>
>
> Thank you.
>
>
>
> Linda
>
>
>
> *From:* John Strassner [mailto:straz...@gmail.com]
> *Sent:* Thursday, February 08, 2018 6:08 PM
> *To:* Linda Dunbar <linda.dun...@huawei.com>
> *Cc:* i2nsf@ietf.org
> *Subject:* Re: [I2nsf] what does the term "Policy Domain" commonly refer
> to? (was RE: WG Adoption call for https://tools.ietf.org/html/
> draft-jeong-i2nsf-consumer-facing-interface-dm-04
>
>
>
> A "Policy Domain" is an administrative domain in which a set of Policies
> are used to ensure that managed entities in that domain behave in a desired
> manner. Policies can be used for configuration, monitoring, access control,
> and other behavior.
>
>
>
> Note that this is a standard term in the academic literature.
>
>
>
>
>
> regards,
>
> John
>
>
>
> On Thu, Feb 8, 2018 at 2:59 PM, Linda Dunbar <linda.dun...@huawei.com>
> wrote:
>
> John,
>
>
>
> Since you are the policy expert, what does “Policy Domain” commonly refer
> to?
>
> Can “Policy domain” be one policy applying to a set of tenants? Or one
> policy applying to a set of geographic regions? Or Policy domain being a
> set of policies?
>
>
>
> Thank you.
>
> Linda
>
>
>
> *From:* John Strassner [mailto:straz...@gmail.com]
> *Sent:* Tuesday, February 06, 2018 5:47 PM
> *To:* Linda Dunbar <linda.dun...@huawei.com>
> *Cc:* i2nsf@ietf.org
> *Subject:* Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/
> draft-jeong-i2nsf-consumer-facing-interface-dm-04
>
>
>
> IMHO, the purpose of a WG adopting a draft is to acknowledge that the
> draft is a good starting point for the work that WG wants to accomplish. To
> be perfectly clear, I am NOT objecting on the completeness of the document.
> Rather, I am objecting on the technical correctness of the starting point.
>
>
> I do NOT feel that the proposed documents represent a good starting point.
> Ignoring things that can be easily fixed (e.g., grammar), there are a host
> of problems, such as:
>
>    - what, exactly, is this draft trying to do? I thought I would see YANG
> for policy rules sent over the Consumer-Facing Interface.
>      Instead, I see the name of the interface, whose first element is
> multi-tenancy, that also contains policies? Policies do not care
>      about multi-tenancy. They do care about domains. The organization of
> the YANG is incorrect.
>
>    - sec 4: in the ieft-i2nsf-cf-interface module
>
>       - why is multi-tenancy at the top of the tree? Shouldn't a DOMAIN
> be able to have multiple tenants?
>
>       - why does a domain have an authentication-method? First, multiple
> such methods should be able to be used. Second, how would a domain know
> what an authentication method even is?
>
>       - why is tenant a sibling of domain, and not a child?
>
>       - why is domain a leaf within policy-tenant? This should be a
> reference, and why doesn't domain have a reference to policy-tenant?
>
>       - policy roles have nothing to do with multi-tenancy - why are they
> here?
>
>
>
>  I could go on, but even the above means that the rest of the YANG will be
> wrong.
>
>
>
> Therefore, the document is NOT a good starting point, and will NOT
> accelerate the path to getting a good RFC.
>
>
>
> regards,
>
> John
>
>
>
> On Fri, Jan 26, 2018 at 3:23 PM, Linda Dunbar <linda.dun...@huawei.com>
> wrote:
>
>
>
>
>
> The authors of I2NSF Consumer-Facing Interface YANG Data Model
>
> https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-
> facing-interface-dm-04
>
>
>
> Have requested working group adoption of this draft.
>
>
>
> Please bear in mind that WG Adoption doesn’t mean that the draft current
> content is ready, WG Adoption only means that it is a good basis for a
> working group to work on.
>
>
>
> While all feedback is helpful, comments pro or con with explanations are
> much more helpful than just "yes please" or "no thank you".
>
>
>
> Thank you.
>
>
>
> Linda & Yoav
>
>
>
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>
>
>
> --
>
> regards,
>
> John
>
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>
>
>
> --
>
> regards,
>
> John
>
>
>
>
> --
>
> regards,
>
> John
>



-- 
regards,
John
_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

Reply via email to