Re: [I2nsf] what does the term "Policy Domain" commonly refer to? (was RE: WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

2018-02-08 Thread John Strassner 
A "Policy Domain" is an administrative domain in which a set of Policies
are used to ensure that managed entities in that domain behave in a desired
manner. Policies can be used for configuration, monitoring, access control,
and other behavior.

Note that this is a standard term in the academic literature.


regards,
John

On Thu, Feb 8, 2018 at 2:59 PM, Linda Dunbar 
wrote:

> John,
>
>
>
> Since you are the policy expert, what does “Policy Domain” commonly refer
> to?
>
> Can “Policy domain” be one policy applying to a set of tenants? Or one
> policy applying to a set of geographic regions? Or Policy domain being a
> set of policies?
>
>
>
> Thank you.
>
> Linda
>
>
>
> *From:* John Strassner [mailto:straz...@gmail.com]
> *Sent:* Tuesday, February 06, 2018 5:47 PM
> *To:* Linda Dunbar 
> *Cc:* i2nsf@ietf.org
> *Subject:* Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/
> draft-jeong-i2nsf-consumer-facing-interface-dm-04
>
>
>
> IMHO, the purpose of a WG adopting a draft is to acknowledge that the
> draft is a good starting point for the work that WG wants to accomplish. To
> be perfectly clear, I am NOT objecting on the completeness of the document.
> Rather, I am objecting on the technical correctness of the starting point.
>
>
> I do NOT feel that the proposed documents represent a good starting point.
> Ignoring things that can be easily fixed (e.g., grammar), there are a host
> of problems, such as:
>
>- what, exactly, is this draft trying to do? I thought I would see YANG
> for policy rules sent over the Consumer-Facing Interface.
>  Instead, I see the name of the interface, whose first element is
> multi-tenancy, that also contains policies? Policies do not care
>  about multi-tenancy. They do care about domains. The organization of
> the YANG is incorrect.
>
>- sec 4: in the ieft-i2nsf-cf-interface module
>
>   - why is multi-tenancy at the top of the tree? Shouldn't a DOMAIN
> be able to have multiple tenants?
>
>   - why does a domain have an authentication-method? First, multiple
> such methods should be able to be used. Second, how would a domain know
> what an authentication method even is?
>
>   - why is tenant a sibling of domain, and not a child?
>
>   - why is domain a leaf within policy-tenant? This should be a
> reference, and why doesn't domain have a reference to policy-tenant?
>
>   - policy roles have nothing to do with multi-tenancy - why are they
> here?
>
>
>
>  I could go on, but even the above means that the rest of the YANG will be
> wrong.
>
>
>
> Therefore, the document is NOT a good starting point, and will NOT
> accelerate the path to getting a good RFC.
>
>
>
> regards,
>
> John
>
>
>
> On Fri, Jan 26, 2018 at 3:23 PM, Linda Dunbar 
> wrote:
>
>
>
>
>
> The authors of I2NSF Consumer-Facing Interface YANG Data Model
>
> https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-
> facing-interface-dm-04
>
>
>
> Have requested working group adoption of this draft.
>
>
>
> Please bear in mind that WG Adoption doesn’t mean that the draft current
> content is ready, WG Adoption only means that it is a good basis for a
> working group to work on.
>
>
>
> While all feedback is helpful, comments pro or con with explanations are
> much more helpful than just "yes please" or "no thank you".
>
>
>
> Thank you.
>
>
>
> Linda & Yoav
>
>
>
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>
>
>
> --
>
> regards,
>
> John
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>


-- 
regards,
John
___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

[I2nsf] what does the term "Policy Domain" commonly refer to? (was RE: WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

2018-02-08 Thread Linda Dunbar 
John,

Since you are the policy expert, what does “Policy Domain” commonly refer to?
Can “Policy domain” be one policy applying to a set of tenants? Or one policy 
applying to a set of geographic regions? Or Policy domain being a set of 
policies?

Thank you.
Linda

From: John Strassner [mailto:straz...@gmail.com]
Sent: Tuesday, February 06, 2018 5:47 PM
To: Linda Dunbar 
Cc: i2nsf@ietf.org
Subject: Re: [I2nsf] WG Adoption call for 
https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

IMHO, the purpose of a WG adopting a draft is to acknowledge that the draft is 
a good starting point for the work that WG wants to accomplish. To be perfectly 
clear, I am NOT objecting on the completeness of the document. Rather, I am 
objecting on the technical correctness of the starting point.

I do NOT feel that the proposed documents represent a good starting point. 
Ignoring things that can be easily fixed (e.g., grammar), there are a host of 
problems, such as:
   - what, exactly, is this draft trying to do? I thought I would see YANG for 
policy rules sent over the Consumer-Facing Interface.
 Instead, I see the name of the interface, whose first element is 
multi-tenancy, that also contains policies? Policies do not care
 about multi-tenancy. They do care about domains. The organization of the 
YANG is incorrect.
   - sec 4: in the ieft-i2nsf-cf-interface module
  - why is multi-tenancy at the top of the tree? Shouldn't a DOMAIN be able 
to have multiple tenants?
  - why does a domain have an authentication-method? First, multiple such 
methods should be able to be used. Second, how would a domain know what an 
authentication method even is?
  - why is tenant a sibling of domain, and not a child?
  - why is domain a leaf within policy-tenant? This should be a reference, 
and why doesn't domain have a reference to policy-tenant?
  - policy roles have nothing to do with multi-tenancy - why are they here?

 I could go on, but even the above means that the rest of the YANG will be 
wrong.

Therefore, the document is NOT a good starting point, and will NOT accelerate 
the path to getting a good RFC.

regards,
John

On Fri, Jan 26, 2018 at 3:23 PM, Linda Dunbar 
> wrote:


The authors of I2NSF Consumer-Facing Interface YANG Data Model
https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

Have requested working group adoption of this draft.

Please bear in mind that WG Adoption doesn’t mean that the draft current 
content is ready, WG Adoption only means that it is a good basis for a working 
group to work on.

While all feedback is helpful, comments pro or con with explanations are much 
more helpful than just "yes please" or "no thank you".

Thank you.

Linda & Yoav


___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf



--
regards,
John
___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

2018-02-08 Thread Linda Dunbar 
Questions to the Authors:

Is the “+--rw multi-tenancy” branch the attribute profile for “one tenant”? or 
list of multiple “tenants” with the attributes listed for one tenant?

Thank you very much.

Linda


From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Mr. Jaehoon Paul Jeong
Sent: Tuesday, February 06, 2018 6:05 PM
To: John Strassner 
Cc: Rakesh Kumar ; i2nsf@ietf.org; SecCurator_Team 
; Linda Dunbar ; 
Xialiang (Frank) ; Brian Kim 
; Susan Hares 
Subject: Re: [I2nsf] WG Adoption call for 
https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

Hi John,
Thanks for your constructive suggestions on our draft. :-)
We authors will clarify your suggestions on the next revision.

You can give us your advice on our next revision.

Thanks.

Best Regards,
Paul


On Wed, Feb 7, 2018 at 8:46 AM, John Strassner 
> wrote:
IMHO, the purpose of a WG adopting a draft is to acknowledge that the draft is 
a good starting point for the work that WG wants to accomplish. To be perfectly 
clear, I am NOT objecting on the completeness of the document. Rather, I am 
objecting on the technical correctness of the starting point.

I do NOT feel that the proposed documents represent a good starting point. 
Ignoring things that can be easily fixed (e.g., grammar), there are a host of 
problems, such as:
   - what, exactly, is this draft trying to do? I thought I would see YANG for 
policy rules sent over the Consumer-Facing Interface.
 Instead, I see the name of the interface, whose first element is 
multi-tenancy, that also contains policies? Policies do not care
 about multi-tenancy. They do care about domains. The organization of the 
YANG is incorrect.
   - sec 4: in the ieft-i2nsf-cf-interface module
  - why is multi-tenancy at the top of the tree? Shouldn't a DOMAIN be able 
to have multiple tenants?
  - why does a domain have an authentication-method? First, multiple such 
methods should be able to be used. Second, how would a domain know what an 
authentication method even is?
  - why is tenant a sibling of domain, and not a child?
  - why is domain a leaf within policy-tenant? This should be a reference, 
and why doesn't domain have a reference to policy-tenant?
  - policy roles have nothing to do with multi-tenancy - why are they here?

 I could go on, but even the above means that the rest of the YANG will be 
wrong.

Therefore, the document is NOT a good starting point, and will NOT accelerate 
the path to getting a good RFC.

regards,
John

On Fri, Jan 26, 2018 at 3:23 PM, Linda Dunbar 
> wrote:


The authors of I2NSF Consumer-Facing Interface YANG Data Model
https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

Have requested working group adoption of this draft.

Please bear in mind that WG Adoption doesn’t mean that the draft current 
content is ready, WG Adoption only means that it is a good basis for a working 
group to work on.

While all feedback is helpful, comments pro or con with explanations are much 
more helpful than just "yes please" or "no thank you".

Thank you.

Linda & Yoav


___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf



--
regards,
John

___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf



--
===
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.p...@gmail.com, 
paulje...@skku.edu
Personal Homepage: 
http://iotlab.skku.edu/people-jaehoon-jeong.php
___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/draft-kim-i2nsf-nsf-facing-interface-data-model-04

2018-02-08 Thread Linda Dunbar 
Authors of draft-kim-i2nsf-nsf-facing-interface-data-data-model:

Clarification questions:

-Is Section 4 more on the “Structure of I2nsf Policy Rules”? instead of 
“Objectives”?

-Is the “+--rw generic-nsf” branch more for the “property” of the 
policy (lack of better words)? More for describing the policy’s priority in 
relate to others and the resolution strategy if there is any conflict?


Thanks, Linda

From: Mr. Jaehoon Paul Jeong [mailto:jaehoon.p...@gmail.com]
Sent: Tuesday, February 06, 2018 5:42 PM
To: John Strassner 
Cc: i2nsf@ietf.org; Linda Dunbar ; Jingyong (Tim) Kim 
; Susan Hares ; SecCurator_Team 

Subject: Re: [I2nsf] WG Adoption call for 
https://tools.ietf.org/html/draft-kim-i2nsf-nsf-facing-interface-data-model-04

Hi John,
Thanks for your good suggestions on our draft. :-)
We authors will clarify your suggestions on the next revision except the OO 
design for the YANG data model.
The OO design takes time, so we will try to address it later.

You can suggest the good OO design based on our next revision.

Thanks.

Best Regards,
Paul

On Wed, Feb 7, 2018 at 8:31 AM, John Strassner 
> wrote:
IMHO, the purpose of a WG adopting a draft is to acknowledge that the draft is 
a good starting point for the work that WG wants to accomplish. To be perfectly 
clear, I am NOT objecting on the completeness of the document. Rather, I am 
objecting on the technical correctness of the starting point.

I do NOT feel that the proposed documents represent a good starting point. 
Ignoring things that can be easily fixed (e.g., grammar), there are a host of 
problems, such as:

   - sec 4: it is unclear what is meant by "Objectives", see below
  - sec 4.1 does NOT define what an I2NSF SecurityPolicyRule is, or what 
its objective is
  - secs 4.2 and 4.3 do provide definitions of events and conditions 
(though their grammar needs improvement)
  - sec 4.4 provides a superficial definition of an action that needs 
tightening up

The above are troublesome, as all definitions are clearly defined in the 
terminology draft. For a long time now... :-( And I really don't understand why 
this section is labeled "Objectives". Objectives of what? An event? of the data 
model? something else?

   - sec 5.1:  I don't understand the design of the YANG module at all
 - the ietf-i2nsf-nsf-facing-interface module appears to describe a policy 
rule, but is given the name of an interface. In addition, why does generic-nsf 
contain a policy (i2nsf-security-policy)? Put another way, the name of the 
module is the name of an interface, but doesn't describe an interface, and more 
importantly,
NSFs do NOT contain policy rules - they are sent policy rules by the 
policy engine
 - Worse, why are the event, condition, and action containers NOT inside 
the policy rule?
   - Same problem for figures 5.2-5.4, plus other problems (e.g., why is the 
resolution strategy NOT a part of the policy???)
   - the design of the condition clause is not scalable. In an OO design, one 
does NOT simply list a hundred attributes in a class. We decided that the YANG 
module would be designed in an OO style.
   - same problem for the action clause

Given the above, the rest of the YANG will be wrong.

Therefore, the document is NOT a good starting point, and will NOT accelerate 
the path to getting a good RFC.

regards,
John

On Fri, Jan 26, 2018 at 3:21 PM, Linda Dunbar 
> wrote:

The authors of I2NSF Network Security Functions-Facing Interface YANG Data Model
https://tools.ietf.org/html/draft-kim-i2nsf-nsf-facing-interface-data-model-04

Have requested working group adoption of this draft.

Please bear in mind that WG Adoption doesn’t mean that the draft current 
content is ready, WG Adoption only means that it is a good basis for a working 
group to work on.

While all feedback is helpful, comments pro or con with explanations are much 
more helpful than just "yes please" or "no thank you".

Thank you.

Linda & Yoav


___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf



--
regards,
John

___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf



--
===
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.p...@gmail.com, 
paulje...@skku.edu
Personal Homepage: 
http://iotlab.skku.edu/people-jaehoon-jeong.php
___
I2nsf mailing list
I2nsf@ietf.org