Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt
Hi, Thanks for the feed backs. Please see my response inline too. BR, Daniel On Thu, Nov 3, 2016 at 1:34 AM, John Strassner <john.sc.strass...@huawei.com > wrote: > Hi Daniel, > > > > Thanks for the comments, please see inline. > > > > Best, > > John > > > > *From:* I2nsf [mailto:i2nsf-boun...@ietf.org] *On Behalf Of *Daniel > Migault > *Sent:* Wednesday, November 02, 2016 3:20 AM > *To:* i2nsf@ietf.org > *Subject:* Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt > > > > Please consider responding to this email rather than the previous one. -- > Too many CCs. > > Yours, > > Daniel > > > > On Wed, Nov 2, 2016 at 6:16 AM, Daniel Migault < > daniel.miga...@ericsson.com> wrote: > > Hi, > > I reviewed the document. Please find my comments below. > > Yours, > > Daniel > > >Metadata: Data that provides information about other data. > > MGLT: This is actually how metadata is defined. However, it might be > usefull to provide an example, or conplete the definition. > > > How about if we add an example? As you say, this is a complete and concise > definition of metadata; I would prefer if the definitions are kept concise, > and are augmented with examples. > > > MGLT: I agree. Illustrations are great and usually more clarifying than complex definitions. > I an also wondering if I2NSF only defines metadata associated to YANG > models. If so woudl it be relevant to mention RFC7952 ? > > > This is a good point. > > > The examples do not seem to ilustrate what metadata is, instead they > mention protocols that use YANG for which metadta is defined. > > Examples include IETF network management protocols (e.g. NETCONF, > RESTCONF, IPFIX) or IETF routing interfaces (I2RS). The I2NSF > security interface may utilize Metadata to describe and/or > prescribe characteristics and behavior of the YANG data models. > > > You are correct. I propose replacing the existing example with the > following: > > Metadata may be used to describe and/or prescribe the characteristics > and behavior of the data that the metadata applies to. Metadata is NOT > limited to metadata as defined in YANG models [RFC7952]; rather, > metadata ca be used to augment the modeling of any I2NSF model > element. Examples include: > > - version information of an I2NSF Capability, I2NSF Component, > I2NSF Policy, or other function or object of an I2NSF system >- descriptive information, such as best current practices or other > usage information, that describe the use or operation of an > I2NSF Component >- prescriptive information, such as algorithms or commands, that > define how an I2NSF Component should be used > > > MGLT: This is good to me. I personnaly see metadata as defined in NSH, that is used on a per packet basis in which case "description/prescriptive" information woudl be hardly used. This is good you provide the example of the "model" and makes the text very clear at least to me. Thank you. >Network Security Function (NSF): Software that provides a set of > security-related services. Examples include detecting unwanted > activity and blocking or mitigating the effect of such unwanted > activity in order to fulfil service requirements. The NSF can > also help in supporting communication stream integrity and > confidentiality. > > MGLT: It is not clear to me the relation between function and service. My > understanding is that service may involve multiple functions. But I believe > it would be helpful to position these two concepts - at least in this > definition. > > > Good point. How about: > >Network Security Function (NSF): Software that provides a set of > security-related services. An NSF represents the software as a > functional block. An NSF functional block may contain one or > more security-related services. Examples include detecting unwanted > activity and blocking or mitigating the effect of such unwanted > activity in order to fulfil service requirements. The NSF can > also help in supporting communication stream integrity and > confidentiality. > > > > MGLT: Basically NSF is composed of services I think we shoudl carefully this is used this way in other drafts. Just to make it clear if we consider DOTS/ACME... as services the NSF will be composed of these services. >Producer: A Producer is a Role that is assigned to an I2NSF > Component that can send information and/or commands to another > I2NSF Component. See also: Consumer, Role. > >
Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt
Hi Daniel, Thanks for the comments, please see inline. Best, John From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Daniel Migault Sent: Wednesday, November 02, 2016 3:20 AM To: i2nsf@ietf.org Subject: Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt Please consider responding to this email rather than the previous one. -- Too many CCs. Yours, Daniel On Wed, Nov 2, 2016 at 6:16 AM, Daniel Migault <daniel.miga...@ericsson.com<mailto:daniel.miga...@ericsson.com>> wrote: Hi, I reviewed the document. Please find my comments below. Yours, Daniel Metadata: Data that provides information about other data. MGLT: This is actually how metadata is defined. However, it might be usefull to provide an example, or conplete the definition. How about if we add an example? As you say, this is a complete and concise definition of metadata; I would prefer if the definitions are kept concise, and are augmented with examples. I an also wondering if I2NSF only defines metadata associated to YANG models. If so woudl it be relevant to mention RFC7952 ? This is a good point. The examples do not seem to ilustrate what metadata is, instead they mention protocols that use YANG for which metadta is defined. Examples include IETF network management protocols (e.g. NETCONF, RESTCONF, IPFIX) or IETF routing interfaces (I2RS). The I2NSF security interface may utilize Metadata to describe and/or prescribe characteristics and behavior of the YANG data models. You are correct. I propose replacing the existing example with the following: Metadata may be used to describe and/or prescribe the characteristics and behavior of the data that the metadata applies to. Metadata is NOT limited to metadata as defined in YANG models [RFC7952]; rather, metadata ca be used to augment the modeling of any I2NSF model element. Examples include: - version information of an I2NSF Capability, I2NSF Component, I2NSF Policy, or other function or object of an I2NSF system - descriptive information, such as best current practices or other usage information, that describe the use or operation of an I2NSF Component - prescriptive information, such as algorithms or commands, that define how an I2NSF Component should be used Network Security Function (NSF): Software that provides a set of security-related services. Examples include detecting unwanted activity and blocking or mitigating the effect of such unwanted activity in order to fulfil service requirements. The NSF can also help in supporting communication stream integrity and confidentiality. MGLT: It is not clear to me the relation between function and service. My understanding is that service may involve multiple functions. But I believe it would be helpful to position these two concepts - at least in this definition. Good point. How about: Network Security Function (NSF): Software that provides a set of security-related services. An NSF represents the software as a functional block. An NSF functional block may contain one or more security-related services. Examples include detecting unwanted activity and blocking or mitigating the effect of such unwanted activity in order to fulfil service requirements. The NSF can also help in supporting communication stream integrity and confidentiality. Producer: A Producer is a Role that is assigned to an I2NSF Component that can send information and/or commands to another I2NSF Component. See also: Consumer, Role. MGLT: Is Producer equivalent to provider ? If so maybe that would hepl to use a single designation. I assume you mean I2NSF Provider Interface? Or are you worried that people will equate Provider to Producer? Generically, Providers supply services, but are NOT a functional block in an I2NSF system. Rather, they are actors that use an I2NSF system. In contrast, a Producer is a functional block in an I2NSF system that supplies information, resources, or services for consumption by other I2NSF Components. We could add the fact that a Producer is a type of I2NSF Component, whereas a Provider is not. We could also define a functional block. ☺ On Sun, Oct 23, 2016 at 9:44 PM, <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Interface to Network Security Functions of the IETF. Title : Interface to Network Security Functions (I2NSF) Terminology Authors : Susan Hares John Strassner Diego R. Lopez Liang Xia Henk Birkholz Filename: draft-ietf-i2nsf-terminology-02.txt Pages : 13 Date: 2016-10-23 Abstract: Thi
Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt
Please consider responding to this email rather than the previous one. -- Too many CCs. Yours, Daniel On Wed, Nov 2, 2016 at 6:16 AM, Daniel Migaultwrote: > Hi, > > I reviewed the document. Please find my comments below. > > Yours, > Daniel > > > >Metadata: Data that provides information about other data. > > MGLT: This is actually how metadata is defined. However, it might be > usefull to provide an example, or conplete the definition. I an also > wondering if I2NSF only defines metadata associated to YANG models. If so > woudl it be relevant to mention RFC7952 ? The examples do not seem to > ilustrate what metadata is, instead they mention protocols that use YANG > for which metadta is defined. > > Examples include IETF network management protocols (e.g. NETCONF, > RESTCONF, IPFIX) or IETF routing interfaces (I2RS). The I2NSF > security interface may utilize Metadata to describe and/or > prescribe characteristics and behavior of the YANG data models. > > >Network Security Function (NSF): Software that provides a set of > security-related services. Examples include detecting unwanted > activity and blocking or mitigating the effect of such unwanted > activity in order to fulfil service requirements. The NSF can > also help in supporting communication stream integrity and > confidentiality. > > MGLT: It is not clear to me the relation between function and service. My > understanding is that service may involve multiple functions. But I believe > it would be helpful to position these two concepts - at least in this > definition. > > >Producer: A Producer is a Role that is assigned to an I2NSF > Component that can send information and/or commands to another > I2NSF Component. See also: Consumer, Role. > > MGLT: Is Producer equivalent to provider ? If so maybe that would hepl to > use a single designation. > > > > > > On Sun, Oct 23, 2016 at 9:44 PM, wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Interface to Network Security Functions >> of the IETF. >> >> Title : Interface to Network Security Functions (I2NSF) >> Terminology >> Authors : Susan Hares >> John Strassner >> Diego R. Lopez >> Liang Xia >> Henk Birkholz >> Filename: draft-ietf-i2nsf-terminology-02.txt >> Pages : 13 >> Date: 2016-10-23 >> >> Abstract: >>This document defines a set of terms that are used for the Interface >>to Network Security Functions (I2NSF) effort. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-i2nsf-terminology/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-i2nsf-terminology-02 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-terminology-02 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> ___ >> I2nsf mailing list >> I2nsf@ietf.org >> https://www.ietf.org/mailman/listinfo/i2nsf >> > > ___ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf
[I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Interface to Network Security Functions of the IETF. Title : Interface to Network Security Functions (I2NSF) Terminology Authors : Susan Hares John Strassner Diego R. Lopez Liang Xia Henk Birkholz Filename: draft-ietf-i2nsf-terminology-02.txt Pages : 13 Date: 2016-10-23 Abstract: This document defines a set of terms that are used for the Interface to Network Security Functions (I2NSF) effort. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-i2nsf-terminology/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-i2nsf-terminology-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-terminology-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf