Hi Qin and NETMOD WG, I totally agree with Qin that the ECA of I2NSF NSF Capabilities is a good example for security services as the editor of the I2NSF YANG data model drafts.
Qin's clarification about the ECA makes sense to me. Thanks. Best Regards, Paul On Tue, Mar 9, 2021 at 1:05 PM Qin Wu <[email protected]> wrote: > Hi, > One of issues raised on draft-ietf-netmod-eca-policy-00 during adoption > call is Relationship with I2NSF YANG capability-data-model. > I believe two work in I2NSF WG are related to draft-ietf-netmod-eca-policy > (https://tools.ietf.org/html/draft-ietf-netmod-eca-policy-01). > 1. RFC8329, which define ECA as Imperative paradigm related to data packet > or data flow treatment, three clause are defined > a. An Event clause is used to trigger the evaluation of the Condition > clause of the I2NSF Policy Rule. > b. A Condition clause is used to determine whether or not the set of > Actions in the I2NSF Policy Rule can be executed or not. > c. An Action clause defines the type of operations that may be performed > on this packet or flow. > I think this ECA paradigm is also security policy specific, not generic > enough > > 2. draft-ietf-i2nsf-capability-data-model, which use RFC8529 as basis for > the design of the capability model in > draft-ietf-i2nsf-capability-data-model; > > Here is the ECA definition we proposed in draft-ietf-netmod-eca-policy > a. The event is defined as one related to datastore subscription or event > stream subscription. > b. Condition: Condition can be seen as a logical test that, if satisfied > or evaluated to be true, causes the action to be carried out. > c. Action: Update or invocation on local managed object attributes. > As you can see ECA is not tied to specific technology, to clarify the > relationship with I2NSF YANG capability-data-model, we think > NSF can be an example use case for draft-ietf-netmod-eca-policy. > Let us know if this proposal make sense to you. Thanks! > > -Qin (on behalf of authors) > -----邮件原件----- > 发件人: netmod [mailto:[email protected]] 代表 Qin Wu > 发送时间: 2020年12月23日 22:30 > 收件人: tom petch <[email protected]>; Dhruv Dhody <[email protected]>; > Lou Berger <[email protected]> > 抄送: NetMod WG Chairs <[email protected]>; NETMOD Group < > [email protected]> > 主题: Re: [netmod] Adoption poll for draft-wwx-netmod-event-yang-10 > > Hi, Tom: > -----邮件原件----- > 发件人: netmod [mailto:[email protected]] 代表 tom petch > 发送时间: 2020年12月23日 19:14 > 收件人: Dhruv Dhody <[email protected]>; Lou Berger <[email protected]> > 抄送: NetMod WG Chairs <[email protected]>; NETMOD Group < > [email protected]> > 主题: Re: [netmod] Adoption poll for draft-wwx-netmod-event-yang-10 > > From: netmod <[email protected]> on behalf of Dhruv Dhody < > [email protected]> > Sent: 21 December 2020 17:12 > > Hi Lou, WG, > > I find the motivation in the Introduction to be focused on ECA at the > network devices (with all the talk about issues with Centralized network > management). > > I see the value of ECA on the controller as well, say a customer network > controller or an orchestrator can set the ECA on a central controller > (reference ACTN in TEAS WG). Perhaps you would consider adding a sentence > to describe this as well. The client-server terminology in the rest of the > document covers it already. > > And I do see value in this and support adoption. > > <tp> > My take is that the I-D is unclear on what ECA is. > > [Qin]: Thanks Tom, Adrian raised the similar issue about the abstract > improvement and we will address this in v-01. > > ECA has been worked on in at least two IETF WG AFAICT. It cropped up in > I2RS but as I recall, it was along the lines of 'This is ECA' 'No It is > not' 'Yes it is' which gave me the impression that ECA is not a > well-defined, or well-understood, term. > > More recently, I2NSF have produced a YANG capability-data-model which is > 55 pages of ECA. Lacking a definition in this netmod I-D, I am unclear > what the relationship is between the I2NSF I-D and the netmod I-D, whether > or not they are using ECA in the same sense. > [Qin]: I haven't followed closely on what had been done in I2NSF. But I > did talk with two of I2NSF proponents in this year. They tend to agree the > model proposed in draft-wwx will serve as the basis for I2NSF security > policy model or NSF facing interface DM. Unfortunately I haven't seen their > update to do the alignment. I missed their I2NSF recharter discussion > meeting. But I would also highly recommend they import the model in > draft-wwx and reuse some of these building block. I plan to raise this > issue later on. > For I2RS model, it was packet forwarding policy model, which has been > expired for many years. If that draft needs to be revived, I think we can > follow the similar approach for I2NSF security policy model. > > Thanks! > Dhruv > > On Tue, Dec 8, 2020 at 3:59 AM Lou Berger <[email protected]> wrote: > > > > This email begins a 2-week adoption poll for: > > > > https://tools.ietf.org/html/draft-wwx-netmod-event-yang-10 > > > > Please voice your support or technical objections on list before the > > end of December 21, any time zone. > > > > Thank you! > > > > Netmod Chairs > > > > PS Note the IPR poll is running concurrently as the private response > > all indicated that no IPR exists. The draft will not be formally > > adopted until both the IPR and WG polls are complete. > > > > > > _______________________________________________ > > netmod mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/netmod > > _______________________________________________ > netmod mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/netmod > > _______________________________________________ > netmod mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/netmod > _______________________________________________ > netmod mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/netmod >
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
