Hi, I've gone through the new version of the Registration Interface mode draft, that does look much better and integrated to me now, and I have a few comments, most of them on the procedures described for using the interface and the connection of Controller and the DMS:
1) First of all, related to terminology: Why do you define the term "NSF Profile"? Why not refer to the "Profile" definition in the terminology document? By referring just to "Profile" I think you can freely use "NSF Profile" later on... 2) The actions described in section 4 seems to imply a direct and dynamic communication between Controller and DMS, when what I foresee is something similar to the onboarding mechanisms in current software-based networks: The DMS uses the registration interface to provide and update the capabilities of those NSFs provided to the Controller, and the Controller makes the appropriate selection once it receives a request from a client, instantiating them from the repository. But by no means a direct dialog between Controller and DMS should be assumed, nor I think we should specify a dynamic instantiation mechanism in this document. 3) The same happens with the process described in section 5. We should change this into a decoupled register-select-instantiate operation sequence. And, BTW, what do you mean by "a specific NSF required or *wasted* in the current system"? Wasted by whom and how? 4) Following this, the instantiation and deinstantaiation operations described in 5.1 should not be used. What is more, I'd say they are out of the scope of this document, and while mechanisms for instance management could be generally mentioned, they should not be described in detail here. 5) And a question on the access information described in section 5.3: should it not include a reference to the mechanisms to secure the access, like encryption, reference to certificates or key repositories, etc. I am not asking for storing credentials, but at least to let the Controller know that IPsec using certificates approved by a particular CA should be used, for example. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D https://www.linkedin.com/in/dr2lopez/ e-mail: [email protected] Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- On 20/10/2018, 22:10, "I2nsf on behalf of [email protected]" <[email protected] on behalf of [email protected]> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Interface to Network Security Functions WG of the IETF. Title : I2NSF Registration Interface Data Model Authors : Sangwon Hyun Jaehoon Paul Jeong Taekyun Roh Sarang Wi Jung-Soo Park Filename : draft-ietf-i2nsf-registration-interface-dm-00.txt Pages : 23 Date : 2018-10-20 Abstract: This document defines an information model and a YANG data model for Interface to Network Security Functions (I2NSF) Registration Interface between Security Controller and Developer's Management System (DMS). The objective of these information and data models is to support NSF search, instantiation and registration according to required security capabilities via I2NSF Registration Interface. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-i2nsf-registration-interface-dm/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-00 https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-registration-interface-dm-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
