Hi Diego, This draft is about the design and implementation of I2NSF Security Policy Controller from a high-level YANG to a low-level YANG..
In my previous RFC about "IPv6 Router Advertisement Options for DNS Configuration", the implementation considerations are included for facilitating developers for an easy implementation: https://tools.ietf.org/html/rfc8106 As I mentioned in the previous email, we aim at an Informational RFC rather than a Standard-track or experimental RFC. IMHO, this policy translation is a key technology for I2NSF, so it will be beneficial to have an Informational RFC on the security policy translation. Thanks. Paul On Sat, Jul 21, 2018 at 11:39 AM, Diego R. Lopez < [email protected]> wrote: > Hi Paul, > > > > This is a rather interesting draft and I’d encourage you to continue and > report your work in policy translation, as it constitutes one of the > essential matters the I2NSF Controller has to deal with. > > > > But I am afraid I don’t see this document progressing in the standards > track (even as an experimental one), as the particular techniques for > implementing the translation do not seem a proper subject for > standardization. The only place I could see room for it in would be as part > of the applicability draft, and I am not sure about it… What do others > think? > > > > Be goode, > > > > -- > > "Esta vez no fallaremos, Doctor Infierno" > > > > Dr Diego R. Lopez > > Telefonica I+D > > https://www.linkedin.com/in/dr2lopez/ > > > > e-mail: [email protected] > > Tel: +34 913 129 041 > > Mobile: +34 682 051 091 > > ---------------------------------- > > > > On 21/07/2018, 12:01, "I2nsf on behalf of Mr. Jaehoon Paul Jeong" < > [email protected] on behalf of [email protected]> wrote: > > > > Hi I2NSF WG, > > > > I would like to introduce our draft on I2NSF Security Policy Translation: > > - Draft > > https://tools.ietf.org/html/draft-yang-i2nsf-security-policy > -translation-01 > > > > - Slides > > https://datatracker.ietf.org/meeting/102/materials/slides- > 102-i2nsf-security-policy-translation-00 > > > > This draft gives I2NSF developers the guidelines for the design and > implementation > > of I2NSF Security Controller. > > One important functionality of the Security Controller is to automatically > translate > > an I2NSF User's high-level policy to a low-level policy for NSFs. > > > > In the past of our I2NSF Hackathon projects, we made an > XSLT-stylesheet-based translator. > > But this translator has two limitations, such as static capability-and-NSF > mapping construction > > and inefficient maintenance on such a mapping. > > > > The first limitation is the difficult high-level policy construction. > > By the XSLT-stylesheet approach, I2NSF User MUST manually selects target > NSFs to execute > > the required security capabilities. > > This means that I2NSF User needs to know each NSF's capabilities, so it is > difficult for > > I2NSF User to construct a high-level security policy without the detailed > knowledge on NSFs. > > > > The second limitation is an inefficient maintenance on the policy > translator. > > If the data models on I2NSF NSF-facing Interface requires some updates, > > the XSLT stylesheet and XML files need to be updated. > > On the other hand, our new approach provides I2NSF User with an efficient > > maintenance. > > > > To solve these two limitations, our draft proposes an automata-based > policy translator. > > This translator consists of three components, such as Extractor, Data > Converter, and Generator. > > > > First, when a high-level policy is delivered from I2NSF User to Security > Controller, > > Translator extracts data about the policy at Extractor, and then converts > it at Data Converter > > for NSF(s). Also, Data Converter can select proper NSFs automatically. > > Finally, Generator generates low-level policies of target NSFs based on > the data from Data Converter. > > > > I believe that this draft is valuable for IP2NSF WG adoption > > to facilitate the development and deployment of I2NSF in the real world. > > > > Please read this draft and give our authors your valuable comments. > > We aim at making this proposal as an Informational RFC. > > > > Thanks. > > > > Best Regards, > > Paul & Jinhyuk > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > ------------------------------ > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, > puede contener información privilegiada o confidencial y es para uso > exclusivo de la persona o entidad de destino. Si no es usted. el > destinatario indicado, queda notificado de que la lectura, utilización, > divulgación y/o copia sin autorización puede estar prohibida en virtud de > la legislación vigente. Si ha recibido este mensaje por error, le rogamos > que nos lo comunique inmediatamente por esta misma vía y proceda a su > destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual or > entity named above. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have received > this transmission in error, do not read it. Please immediately reply to the > sender that you have received this communication in error and then delete > it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, > pode conter informação privilegiada ou confidencial e é para uso exclusivo > da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário > indicado, fica notificado de que a leitura, utilização, divulgação e/ou > cópia sem autorização pode estar proibida em virtude da legislação vigente. > Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique > imediatamente por esta mesma via e proceda a sua destruição > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected], [email protected] Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
