Hi I2NSF WG, I found a relevant RFC for implementation guidelines from CORE WG as below:
Guidelines for Mapping Implementations: HTTP to the Constrained Application Protocol (CoAP) https://tools.ietf.org/html/rfc8075 This RFC is Proposed Standard RFC. In our security policy translation draft, we can focus on the mapping from high-level security policy into low-level security policy along with the architecture of an exemplary translator. Thanks. Paul On Mon, Jul 23, 2018 at 11:45 AM, Mr. Jaehoon Paul Jeong < [email protected]> wrote: > Hi Frank, > As you know, the open source is dominant these days. > If IETF sticks to a general specification, > its position will get narrower and narrower in future. > > To make I2NSF easily be used in the world, I believe the implementation > guidelines of the security policy translation is important and useful. > IMHO, without these guidelines, but with data models, I2NSF will not be > hard to be accepted. > > As long as I understand, I2NSF Applicability draft should focus on how to > leverage I2NSF with other important aspects (e.g., SDN, SFC, and NFV) for > the deployment of I2NSF rather than the detailed specification of I2NSF > components, such as security policy translator. > > I2NSF other people, > Let us know your opinions. > > After collecting opinions and making consensus, let's move forward. > > Thanks. > > Paul > > > > > > 2018년 7월 22일 (일) 오후 9:09, Xialiang (Frank, Network Integration Technology > Research Dept) <[email protected]>님이 작성: > >> Hi, >> >> I share the same concern with Diego. Although it’s a good example of how >> to translate the YANG models, but it’s just one of the possible system >> implementations, thus not suitable to be a specification. >> >> >> >> My suggestion is you can consider to include its key contents into the >> I2NSF applicability draft. >> >> >> >> B.R. >> >> Frank >> >> >> >> *发件人:* I2nsf [mailto:[email protected]] *代表 *Diego R. Lopez >> *发送时间:* 2018年7月21日 23:39 >> *收件人:* Mr. Jaehoon Paul Jeong <[email protected]>; [email protected] >> *抄送:* SecCurator_Team <[email protected]> >> *主题:* Re: [I2nsf] Request for Comments on I2NSF Security Policy >> Translation >> >> >> >> Hi Paul, >> >> >> >> This is a rather interesting draft and I’d encourage you to continue and >> report your work in policy translation, as it constitutes one of the >> essential matters the I2NSF Controller has to deal with. >> >> >> >> But I am afraid I don’t see this document progressing in the standards >> track (even as an experimental one), as the particular techniques for >> implementing the translation do not seem a proper subject for >> standardization. The only place I could see room for it in would be as part >> of the applicability draft, and I am not sure about it… What do others >> think? >> >> >> >> Be goode, >> >> >> >> -- >> >> "Esta vez no fallaremos, Doctor Infierno" >> >> >> >> Dr Diego R. Lopez >> >> Telefonica I+D >> >> https://www.linkedin.com/in/dr2lopez/ >> >> >> >> e-mail: [email protected] >> >> Tel: +34 913 129 041 >> >> Mobile: +34 682 051 091 >> >> ---------------------------------- >> >> >> >> On 21/07/2018, 12:01, "I2nsf on behalf of Mr. Jaehoon Paul Jeong" < >> [email protected] on behalf of [email protected]> wrote: >> >> >> >> Hi I2NSF WG, >> >> >> >> I would like to introduce our draft on I2NSF Security Policy Translation: >> >> - Draft >> >> https://tools.ietf.org/html/draft-yang-i2nsf-security- >> policy-translation-01 >> >> >> >> - Slides >> >> https://datatracker.ietf.org/meeting/102/materials/ >> slides-102-i2nsf-security-policy-translation-00 >> >> >> >> This draft gives I2NSF developers the guidelines for the design and >> implementation >> >> of I2NSF Security Controller. >> >> One important functionality of the Security Controller is to >> automatically translate >> >> an I2NSF User's high-level policy to a low-level policy for NSFs. >> >> >> >> In the past of our I2NSF Hackathon projects, we made an >> XSLT-stylesheet-based translator. >> >> But this translator has two limitations, such as static >> capability-and-NSF mapping construction >> >> and inefficient maintenance on such a mapping. >> >> >> >> The first limitation is the difficult high-level policy construction. >> >> By the XSLT-stylesheet approach, I2NSF User MUST manually selects target >> NSFs to execute >> >> the required security capabilities. >> >> This means that I2NSF User needs to know each NSF's capabilities, so it >> is difficult for >> >> I2NSF User to construct a high-level security policy without the detailed >> knowledge on NSFs. >> >> >> >> The second limitation is an inefficient maintenance on the policy >> translator. >> >> If the data models on I2NSF NSF-facing Interface requires some updates, >> >> the XSLT stylesheet and XML files need to be updated. >> >> On the other hand, our new approach provides I2NSF User with an >> efficient >> >> maintenance. >> >> >> >> To solve these two limitations, our draft proposes an automata-based >> policy translator. >> >> This translator consists of three components, such as Extractor, Data >> Converter, and Generator. >> >> >> >> First, when a high-level policy is delivered from I2NSF User to Security >> Controller, >> >> Translator extracts data about the policy at Extractor, and then converts >> it at Data Converter >> >> for NSF(s). Also, Data Converter can select proper NSFs automatically. >> >> Finally, Generator generates low-level policies of target NSFs based on >> the data from Data Converter. >> >> >> >> I believe that this draft is valuable for IP2NSF WG adoption >> >> to facilitate the development and deployment of I2NSF in the real world. >> >> >> >> Please read this draft and give our authors your valuable comments. >> >> We aim at making this proposal as an Informational RFC. >> >> >> >> Thanks. >> >> >> >> Best Regards, >> >> Paul & Jinhyuk >> >> -- >> >> =========================== >> Mr. Jaehoon (Paul) Jeong, Ph.D. >> Assistant Professor >> Department of Software >> Sungkyunkwan University >> Office: +82-31-299-4957 >> Email: [email protected], [email protected] >> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php >> <http://cpslab.skku.edu/people-jaehoon-jeong.php> >> >> >> ------------------------------ >> >> >> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, >> puede contener información privilegiada o confidencial y es para uso >> exclusivo de la persona o entidad de destino. Si no es usted. el >> destinatario indicado, queda notificado de que la lectura, utilización, >> divulgación y/o copia sin autorización puede estar prohibida en virtud de >> la legislación vigente. Si ha recibido este mensaje por error, le rogamos >> que nos lo comunique inmediatamente por esta misma vía y proceda a su >> destrucción. >> >> The information contained in this transmission is privileged and >> confidential information intended only for the use of the individual or >> entity named above. If the reader of this message is not the intended >> recipient, you are hereby notified that any dissemination, distribution or >> copying of this communication is strictly prohibited. If you have received >> this transmission in error, do not read it. Please immediately reply to the >> sender that you have received this communication in error and then delete >> it. >> >> Esta mensagem e seus anexos se dirigem exclusivamente ao seu >> destinatário, pode conter informação privilegiada ou confidencial e é para >> uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o >> destinatário indicado, fica notificado de que a leitura, utilização, >> divulgação e/ou cópia sem autorização pode estar proibida em virtude da >> legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos >> o comunique imediatamente por esta mesma via e proceda a sua destruição >> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected], [email protected] Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
