subject:"\[I2nsf\] questions about draft\-kim\-i2nsf\-security\-management\-architecture\-01"

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

2016-10-26 Thread Mr. Jaehoon Paul Jeong

Hi Rakesh,
After I discuss with my coauthors which draft is fitting well with our
draft,
I will let you know.

Thanks for your kind suggestion.

Best Regards,
Paul


On Thu, Oct 27, 2016 at 6:56 AM, Rakesh Kumar <rkku...@juniper.net> wrote:

> Hi Paul,
>
>
>
> Based on suggestion from Diego to see if we could merge
> draft-kim-i2nsf-security-management-architecture-01 with
> draft-kumar-i2nsf-client-facing-interface-req-01.
>
> Our draft deals with interfaces client would use to interact with the
> security controller/management system. We are discussing only the client
> interfaces and not the client structure itself.
>
>
>
> We should have a discussion to see what can be merged. I look forward to
> working with you.
>
>
>
> Thanks & Regards,
>
> Rakesh
>
> *From: *I2nsf <i2nsf-boun...@ietf.org> on behalf of "Mr. Jaehoon Paul
> Jeong" <jaehoon.p...@gmail.com>
> *Date: *Sunday, October 23, 2016 at 10:43 PM
> *To: *"Diego R. Lopez" <diego.r.lo...@telefonica.com>
> *Cc: *"i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" <
> hyo...@skku.edu>, "paulje...@skku.edu" <paulje...@skku.edu>, "
> skku_secu-brain_...@googlegroups.com" <skku_secu-brain_all@
> googlegroups.com>, Linda Dunbar <linda.dun...@huawei.com>
> *Subject: *Re: [I2nsf] questions about draft-kim-i2nsf-security-
> management-architecture-01
>
>
>
> Hi Diego,
>
> Thanks for your comments.
>
>
>
> Our draft can be aligned with draft-kumar-i2nsf-client-facing-interface-req-01
> in that
>
> ours deals with the interface between I2NSF Client and Security Controller.
>
> However, draft-kumar-i2nsf-client-facing-interface-req-01 does not
> clarify the structure of
>
> I2NSF Client in a detailed level, but our draft proposes such a detailed
> structure for I2NSF Client.
>
>
>
> In addition, our draft considers the policy update in I2NSF through the
> report from an NSF
>
> for a security attack (e.g., DDoS attack) or an event (e.g., the detection
> of a new malware)
>
> toward I2NSF Client. This updated policy is disseminated to the whole
> I2NSF systems
>
> for spontaneous reaction to the new security attack or event.
>
>
>
> Like this, our draft is closely related to the the I2NSF framework.
>
> Let us prepare for the text for the I2NSF framework draft, and then discuss
>
> whether our text can fit the I2NSF framework.
>
>
>
> Thanks.
>
>
>
> Best Regards,
>
> Paul
>
>
>
>
>
>
>
>
>
> On Sat, Oct 22, 2016 at 7:49 PM, Diego R. Lopez <
> diego.r.lo...@telefonica.com> wrote:
>
> Hi Paul,
>
>
>
> While I find agreeable that your draft could be merged with another one
> (or other ones) in order to consolidate the documents to be produced by
> I2NSF, I am not 100% sure it should be the framework draft. Looking at the
> proposals you make in your draft I see it more aligned with what the drafts
> dealing with the client-facing interface are considering than with the
> general framework. In particular, draft-kumar-i2nsf-
> client-facing-interface-req-01
> <https://datatracker.ietf.org/doc/draft-kumar-i2nsf-client-facing-interface-req/>
>  has
> a section(3.3) that discusses management deployment models, and I am under
> the impression this architecture you propose could be seen as a refinement
> of those models.
>
>
>
> Be goode,
>
>
>
> On 21 Oct 2016, at 02:54 , Mr. Jaehoon Paul Jeong <jaehoon.p...@gmail.com>
> wrote:
>
>
>
> Hi Linda,
>
> Are you agreeing at merging our draft (draft-kim-i2nsf-security-
> management-architecture-02)
>
> into draft-ietf-i2nsf-framework-03?
>
>
>
> Thanks.
>
>
>
> Best Regards,
>
> Paul
>
>
>
> On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong <
> jaehoon.p...@gmail.com> wrote:
>
> Hi Linda,
>
> As a coauthor of this draft, I will answer your questions inline below.
>
>
>
> On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <linda.dun...@huawei.com>
> wrote:
>
> Hyoungshick, et al,
>
>
>
> How would you position your 
> draft-kim-i2nsf-security-management-architecture-01
> with regard to the I2NSF framework draft? I find there are  a lot of
> duplicated content to the I2nsf framework draft.
>
>
>
>  [Paul] We would like to merge our draft into the i2nsf framework draft
>
>  because our draft has one depth more detailed architecture.
>
>  This detailed architecture will be helpful to implement the i2nsf
> framework.
>
>
>
>
>
> There are some diffe

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

2016-10-26 Thread Rakesh Kumar

Hi Paul,

Based on suggestion from Diego to see if we could merge 
draft-kim-i2nsf-security-management-architecture-01 with 
draft-kumar-i2nsf-client-facing-interface-req-01.
Our draft deals with interfaces client would use to interact with the security 
controller/management system. We are discussing only the client interfaces and 
not the client structure itself.

We should have a discussion to see what can be merged. I look forward to 
working with you.

Thanks & Regards,
Rakesh
From: I2nsf <i2nsf-boun...@ietf.org> on behalf of "Mr. Jaehoon Paul Jeong" 
<jaehoon.p...@gmail.com>
Date: Sunday, October 23, 2016 at 10:43 PM
To: "Diego R. Lopez" <diego.r.lo...@telefonica.com>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" 
<hyo...@skku.edu>, "paulje...@skku.edu" <paulje...@skku.edu>, 
"skku_secu-brain_...@googlegroups.com" <skku_secu-brain_...@googlegroups.com>, 
Linda Dunbar <linda.dun...@huawei.com>
Subject: Re: [I2nsf] questions about 
draft-kim-i2nsf-security-management-architecture-01

Hi Diego,
Thanks for your comments.

Our draft can be aligned with draft-kumar-i2nsf-client-facing-interface-req-01 
in that
ours deals with the interface between I2NSF Client and Security Controller.
However, draft-kumar-i2nsf-client-facing-interface-req-01 does not clarify the 
structure of
I2NSF Client in a detailed level, but our draft proposes such a detailed 
structure for I2NSF Client.

In addition, our draft considers the policy update in I2NSF through the report 
from an NSF
for a security attack (e.g., DDoS attack) or an event (e.g., the detection of a 
new malware)
toward I2NSF Client. This updated policy is disseminated to the whole I2NSF 
systems
for spontaneous reaction to the new security attack or event.

Like this, our draft is closely related to the the I2NSF framework.
Let us prepare for the text for the I2NSF framework draft, and then discuss
whether our text can fit the I2NSF framework.

Thanks.

Best Regards,
Paul




On Sat, Oct 22, 2016 at 7:49 PM, Diego R. Lopez 
<diego.r.lo...@telefonica.com<mailto:diego.r.lo...@telefonica.com>> wrote:
Hi Paul,

While I find agreeable that your draft could be merged with another one (or 
other ones) in order to consolidate the documents to be produced by I2NSF, I am 
not 100% sure it should be the framework draft. Looking at the proposals you 
make in your draft I see it more aligned with what the drafts dealing with the 
client-facing interface are considering than with the general framework. In 
particular, 
draft-kumar-i2nsf-client-facing-interface-req-01<https://datatracker.ietf.org/doc/draft-kumar-i2nsf-client-facing-interface-req/>
 has a section(3.3) that discusses management deployment models, and I am under 
the impression this architecture you propose could be seen as a refinement of 
those models.

Be goode,

On 21 Oct 2016, at 02:54 , Mr. Jaehoon Paul Jeong 
<jaehoon.p...@gmail.com<mailto:jaehoon.p...@gmail.com>> wrote:

Hi Linda,
Are you agreeing at merging our draft 
(draft-kim-i2nsf-security-management-architecture-02)
into draft-ietf-i2nsf-framework-03?

Thanks.

Best Regards,
Paul

On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong 
<jaehoon.p...@gmail.com<mailto:jaehoon.p...@gmail.com>> wrote:
Hi Linda,
As a coauthor of this draft, I will answer your questions inline below.

On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar 
<linda.dun...@huawei.com<mailto:linda.dun...@huawei.com>> wrote:
Hyoungshick, et al,

How would you position your draft-kim-i2nsf-security-management-architecture-01 
with regard to the I2NSF framework draft? I find there are  a lot of duplicated 
content to the I2nsf framework draft.

 [Paul] We would like to merge our draft into the i2nsf framework draft
 because our draft has one depth more detailed architecture.
 This detailed architecture will be helpful to implement the i2nsf framework.


There are some differences,  such as the following: Are you trying to define 
how “security policy” is structured?



 [Paul] Our architecture allows an NSF to update a low-level policy and apply 
it to the related high-level policy
 via the control path of Security Controller and Policy Collector (renamed 
Event Collector in version 02) in Figure 1
 of our version 02:
 https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02

 For example, if an NSF of firewall detects a new DoS-attack host, it reports 
the updated blacklist having
 the IP address of such a host to Application Logic in I2NSF Client via 
Security Controller and Event Collector.
 Application Logic asks Policy Updater to disseminate the updated blacklist to 
the security controllers
 under the administration of the same I2NSF Client.

Will the “High Level security management” eventually lead to Client Facing 
Policy data models?

 [Paul] Yes, as explained above, the

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

2016-10-23 Thread Mr. Jaehoon Paul Jeong

Hi Diego,
Thanks for your comments.

Our draft can be aligned
with draft-kumar-i2nsf-client-facing-interface-req-01 in that
ours deals with the interface between I2NSF Client and Security Controller.
However, draft-kumar-i2nsf-client-facing-interface-req-01 does not clarify
the structure of
I2NSF Client in a detailed level, but our draft proposes such a detailed
structure for I2NSF Client.

In addition, our draft considers the policy update in I2NSF through the
report from an NSF
for a security attack (e.g., DDoS attack) or an event (e.g., the detection
of a new malware)
toward I2NSF Client. This updated policy is disseminated to the whole I2NSF
systems
for spontaneous reaction to the new security attack or event.

Like this, our draft is closely related to the the I2NSF framework.
Let us prepare for the text for the I2NSF framework draft, and then discuss
whether our text can fit the I2NSF framework.

Thanks.

Best Regards,
Paul




On Sat, Oct 22, 2016 at 7:49 PM, Diego R. Lopez <
diego.r.lo...@telefonica.com> wrote:

> Hi Paul,
>
> While I find agreeable that your draft could be merged with another one
> (or other ones) in order to consolidate the documents to be produced by
> I2NSF, I am not 100% sure it should be the framework draft. Looking at the
> proposals you make in your draft I see it more aligned with what the drafts
> dealing with the client-facing interface are considering than with the
> general framework. In particular, draft-kumar-i2nsf-
> client-facing-interface-req-01
> 
>  has
> a section(3.3) that discusses management deployment models, and I am under
> the impression this architecture you propose could be seen as a refinement
> of those models.
>
> Be goode,
>
> On 21 Oct 2016, at 02:54 , Mr. Jaehoon Paul Jeong 
> wrote:
>
> Hi Linda,
> Are you agreeing at merging our draft (draft-kim-i2nsf-security-
> management-architecture-02)
> into draft-ietf-i2nsf-framework-03?
>
> Thanks.
>
> Best Regards,
> Paul
>
> On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong <
> jaehoon.p...@gmail.com> wrote:
>
>> Hi Linda,
>> As a coauthor of this draft, I will answer your questions inline below.
>>
>> On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar 
>> wrote:
>>
>>> Hyoungshick, et al,
>>>
>>>
>>>
>>> How would you position your 
>>> draft-kim-i2nsf-security-management-architecture-01
>>> with regard to the I2NSF framework draft? I find there are  a lot of
>>> duplicated content to the I2nsf framework draft.
>>>
>>
>>  [Paul] We would like to merge our draft into the i2nsf framework draft
>>  because our draft has one depth more detailed architecture.
>>  This detailed architecture will be helpful to implement the i2nsf
>> framework.
>>
>>
>>>
>>> There are some differences,  such as the following: Are you trying to
>>> define how “security policy” is structured?
>>>
>>>
>>>
>>> 
>>>
>>>
>>>
>>  [Paul] Our architecture allows an NSF to update a low-level policy and
>> apply it to the related high-level policy
>>  via the control path of Security Controller and Policy Collector
>> (renamed Event Collector in version 02) in Figure 1
>>  of our version 02:
>>  https://tools.ietf.org/html/draft-kim-i2nsf-security-manage
>> ment-architecture-02
>>
>>  For example, if an NSF of firewall detects a new DoS-attack host, it
>> reports the updated blacklist having
>>  the IP address of such a host to Application Logic in I2NSF Client via
>> Security Controller and Event Collector.
>>  Application Logic asks Policy Updater to disseminate the updated
>> blacklist to the security controllers
>>  under the administration of the same I2NSF Client.
>>
>>
>>> Will the “High Level security management” eventually lead to Client
>>> Facing Policy data models?
>>>
>>
>>  [Paul] Yes, as explained above, the High-level security management leads
>> to update and handle Client facing policy
>>  data models.
>>
>>>
>>>
>>> Do you plan to define interfaces between all those components depicted
>>> in Figure 1?  The interfaces between some of those components are not
>>> really in the I2NSF WG current charter, such as “Security Policy Manager”
>>> <-> “NSF Capability Manager”,  or the interface between “Application Logic”
>>> <-> “Policy Updater”.
>>>
>>
>>  [Paul]  Yes, we have a plan to define such interfaces.
>>
>>
>>>
>>> Are those components in your current implementation? Is it like an
>>> “example of one implementation”?
>>>
>>
>>  [Paul] Though those components are not fully implemented yet in our
>> implementation, my team at SKKU
>>  will make implement those components in a later version.
>>
>>  Thanks for your clarification questions.
>>
>>  Best Regards,
>>  Paul
>>
>>
>>>
>>>
>>>
>>>
>>> Thanks, Linda
>>>
>>> ___
>>> I2nsf mailing list
>>> I2nsf@ietf.org
>>> https://www.ietf.org/mailman/listinfo/i2nsf
>>>
>>>
>>
>>
>> --
>>

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

2016-10-22 Thread Diego R. Lopez

Hi Paul,

While I find agreeable that your draft could be merged with another one (or 
other ones) in order to consolidate the documents to be produced by I2NSF, I am 
not 100% sure it should be the framework draft. Looking at the proposals you 
make in your draft I see it more aligned with what the drafts dealing with the 
client-facing interface are considering than with the general framework. In 
particular, 
draft-kumar-i2nsf-client-facing-interface-req-01
 has a section(3.3) that discusses management deployment models, and I am under 
the impression this architecture you propose could be seen as a refinement of 
those models.

Be goode,

On 21 Oct 2016, at 02:54 , Mr. Jaehoon Paul Jeong 
> wrote:

Hi Linda,
Are you agreeing at merging our draft 
(draft-kim-i2nsf-security-management-architecture-02)
into draft-ietf-i2nsf-framework-03?

Thanks.

Best Regards,
Paul

On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong 
> wrote:
Hi Linda,
As a coauthor of this draft, I will answer your questions inline below.

On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar 
> wrote:
Hyoungshick, et al,

How would you position your draft-kim-i2nsf-security-management-architecture-01 
with regard to the I2NSF framework draft? I find there are  a lot of duplicated 
content to the I2nsf framework draft.

 [Paul] We would like to merge our draft into the i2nsf framework draft
 because our draft has one depth more detailed architecture.
 This detailed architecture will be helpful to implement the i2nsf framework.

There are some differences,  such as the following: Are you trying to define 
how “security policy” is structured?

 [Paul] Our architecture allows an NSF to update a low-level policy and apply 
it to the related high-level policy
 via the control path of Security Controller and Policy Collector (renamed 
Event Collector in version 02) in Figure 1
 of our version 02:
 https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02

 For example, if an NSF of firewall detects a new DoS-attack host, it reports 
the updated blacklist having
 the IP address of such a host to Application Logic in I2NSF Client via 
Security Controller and Event Collector.
 Application Logic asks Policy Updater to disseminate the updated blacklist to 
the security controllers
 under the administration of the same I2NSF Client.

Will the “High Level security management” eventually lead to Client Facing 
Policy data models?

 [Paul] Yes, as explained above, the High-level security management leads to 
update and handle Client facing policy
 data models.

Do you plan to define interfaces between all those components depicted in 
Figure 1?  The interfaces between some of those components are not really in 
the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF 
Capability Manager”,  or the interface between “Application Logic” <-> “Policy 
Updater”.

 [Paul]  Yes, we have a plan to define such interfaces.

Are those components in your current implementation? Is it like an “example of 
one implementation”?

 [Paul] Though those components are not fully implemented yet in our 
implementation, my team at SKKU
 will make implement those components in a later version.

 Thanks for your clarification questions.

 Best Regards,
 Paul

Thanks, Linda

___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

--
===
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.p...@gmail.com, 
paulje...@skku.edu
Personal Homepage: 
http://iotlab.skku.edu/people-jaehoon-jeong.php

--
===
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.p...@gmail.com, 
paulje...@skku.edu
Personal Homepage: 
http://iotlab.skku.edu/people-jaehoon-jeong.php
___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lo...@telefonica.com
Tel:+34 913 129 041
Mobile: +34 682 051 091
--

___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

2016-10-06 Thread Mr. Jaehoon Paul Jeong

Hi Linda,
As a coauthor of this draft, I will answer your questions inline below.

On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar 
wrote:

> Hyoungshick, et al,
>
>
>
> How would you position your 
> draft-kim-i2nsf-security-management-architecture-01
> with regard to the I2NSF framework draft? I find there are  a lot of
> duplicated content to the I2nsf framework draft.
>

 [Paul] We would like to merge our draft into the i2nsf framework draft
 because our draft has one depth more detailed architecture.
 This detailed architecture will be helpful to implement the i2nsf
framework.

>
> There are some differences,  such as the following: Are you trying to
> define how “security policy” is structured?
>
>
>
>
>
 [Paul] Our architecture allows an NSF to update a low-level policy and
apply it to the related high-level policy
 via the control path of Security Controller and Policy Collector (renamed
Event Collector in version 02) in Figure 1
 of our version 02:

https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02

 For example, if an NSF of firewall detects a new DoS-attack host, it
reports the updated blacklist having
 the IP address of such a host to Application Logic in I2NSF Client via
Security Controller and Event Collector.
 Application Logic asks Policy Updater to disseminate the updated blacklist
to the security controllers
 under the administration of the same I2NSF Client.

> Will the “High Level security management” eventually lead to Client Facing
> Policy data models?
>

 [Paul] Yes, as explained above, the High-level security management leads
to update and handle Client facing policy
 data models.

>
>
> Do you plan to define interfaces between all those components depicted in
> Figure 1?  The interfaces between some of those components are not really
> in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF
> Capability Manager”,  or the interface between “Application Logic” <->
> “Policy Updater”.
>

 [Paul]  Yes, we have a plan to define such interfaces.

>
> Are those components in your current implementation? Is it like an
> “example of one implementation”?
>

 [Paul] Though those components are not fully implemented yet in our
implementation, my team at SKKU
 will make implement those components in a later version.

 Thanks for your clarification questions.

 Best Regards,
 Paul

>
>
>
>
> Thanks, Linda
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>

-- 
===
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.p...@gmail.com, paulje...@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php

___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

[I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

2016-10-05 Thread Linda Dunbar

Hyoungshick, et al,

How would you position your draft-kim-i2nsf-security-management-architecture-01 
with regard to the I2NSF framework draft? I find there are  a lot of duplicated 
content to the I2nsf framework draft.

There are some differences,  such as the following: Are you trying to define 
how "security policy" is structured?

[cid:image002.png@01D21F04.D52074D0]

Will the "High Level security management" eventually lead to Client Facing 
Policy data models?

Do you plan to define interfaces between all those components depicted in 
Figure 1?  The interfaces between some of those components are not really in 
the I2NSF WG current charter, such as "Security Policy Manager" <-> "NSF 
Capability Manager",  or the interface between "Application Logic" <-> "Policy 
Updater".

Are those components in your current implementation? Is it like an "example of 
one implementation"?


Thanks, Linda
___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

[I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

6 matches

Site Navigation

Mail list logo

Footer information