Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt

2016-11-03 Thread Daniel Migault 
Hi,

Thanks for the feed backs. Please see my response inline too.

BR,
Daniel



On Thu, Nov 3, 2016 at 1:34 AM, John Strassner <john.sc.strass...@huawei.com
> wrote:

> Hi Daniel,
>
>
>
> Thanks for the comments, please see inline.
>
>
>
> Best,
>
> John
>
>
>
> *From:* I2nsf [mailto:i2nsf-boun...@ietf.org] *On Behalf Of *Daniel
> Migault
> *Sent:* Wednesday, November 02, 2016 3:20 AM
> *To:* i2nsf@ietf.org
> *Subject:* Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt
>
>
>
> Please consider responding to this email rather than the previous one. --
> Too many CCs.
>
> Yours,
>
> Daniel
>
>
>
> On Wed, Nov 2, 2016 at 6:16 AM, Daniel Migault <
> daniel.miga...@ericsson.com> wrote:
>
> Hi,
>
> I reviewed the document. Please find my comments below.
>
> Yours,
>
> Daniel
>
>
>Metadata:  Data that provides information about other data.
>
> MGLT: This is actually how metadata is defined. However, it might be
> usefull to provide an example, or conplete the definition.
>
> 
> How about if we add an example? As you say, this is a complete and concise
> definition of metadata; I would prefer if the definitions are kept concise,
> and are augmented with examples.
> 
>
> MGLT: I agree. Illustrations are great and usually more clarifying than
complex definitions.

> I an also wondering if I2NSF only defines metadata associated to YANG
> models. If so woudl it be relevant to mention RFC7952 ?
>
> 
> This is a good point.
> 
>
> The examples do not seem to ilustrate what metadata is, instead they
> mention protocols that use YANG for which metadta is defined.
>
>   Examples include IETF network management protocols (e.g.  NETCONF,
>   RESTCONF, IPFIX) or IETF routing interfaces (I2RS).  The I2NSF
>   security interface may utilize Metadata to describe and/or
>   prescribe characteristics and behavior of the YANG data models.
>
> 
> You are correct. I propose replacing the existing example with the
> following:
>
> Metadata may be used to describe and/or prescribe the characteristics
> and behavior of the data that the metadata applies to. Metadata is NOT
> limited to metadata as defined in YANG models [RFC7952]; rather,
> metadata ca be used to augment the modeling of any I2NSF model
> element. Examples include:
>
>   - version information of an I2NSF Capability, I2NSF Component,
>  I2NSF Policy, or other function or object of an I2NSF system
>- descriptive information, such as best current practices or other
>  usage information, that describe the use or operation of an
>  I2NSF Component
>- prescriptive information, such as algorithms or commands, that
>  define how an I2NSF Component should be used
> 
>
>
MGLT: This is good to me. I personnaly see metadata as defined in NSH, that
is used on a per packet basis in which case "description/prescriptive"
information woudl be hardly used. This is good you provide the example of
the "model" and makes the text very clear at least to me. Thank you.

>Network Security Function (NSF):  Software that provides a set of
>   security-related services.  Examples include detecting unwanted
>   activity and blocking or mitigating the effect of such unwanted
>   activity in order to fulfil service requirements.  The NSF can
>   also help in supporting communication stream integrity and
>   confidentiality.
>
> MGLT: It is not clear to me the relation between function and service. My
> understanding is that service may involve multiple functions. But I believe
> it would be helpful to position these two concepts - at least in this
> definition.
>
> 
> Good point. How about:
>
>Network Security Function (NSF):  Software that provides a set of
>   security-related services. An NSF represents the software as a
>   functional block. An NSF functional block may contain one or
>   more security-related services. Examples include detecting unwanted
>   activity and blocking or mitigating the effect of such unwanted
>   activity in order to fulfil service requirements.  The NSF can
>   also help in supporting communication stream integrity and
>   confidentiality.
>
> 
>
> MGLT: Basically NSF is composed of services I think we shoudl carefully
this is used this way in other drafts. Just to make it clear if we consider
DOTS/ACME... as services the NSF will be composed of these services.


>Producer:  A Producer is a Role that is assigned to an I2NSF
>   Component that can send information and/or commands to another
>   I2NSF Component.  See also: Consumer, Role.
>
>

Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt

2016-11-02 Thread John Strassner 
Hi Daniel,

Thanks for the comments, please see inline.

Best,
John

From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Daniel Migault
Sent: Wednesday, November 02, 2016 3:20 AM
To: i2nsf@ietf.org
Subject: Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt

Please consider responding to this email rather than the previous one. -- Too 
many CCs.
Yours,
Daniel

On Wed, Nov 2, 2016 at 6:16 AM, Daniel Migault 
<daniel.miga...@ericsson.com<mailto:daniel.miga...@ericsson.com>> wrote:
Hi,
I reviewed the document. Please find my comments below.
Yours,
Daniel


   Metadata:  Data that provides information about other data.

MGLT: This is actually how metadata is defined. However, it might be usefull to 
provide an example, or conplete the definition.

How about if we add an example? As you say, this is a complete and concise 
definition of metadata; I would prefer if the definitions are kept concise, and 
are augmented with examples.

I an also wondering if I2NSF only defines metadata associated to YANG models. 
If so woudl it be relevant to mention RFC7952 ?

This is a good point.

The examples do not seem to ilustrate what metadata is, instead they mention 
protocols that use YANG for which metadta is defined.
  Examples include IETF network management protocols (e.g.  NETCONF,
  RESTCONF, IPFIX) or IETF routing interfaces (I2RS).  The I2NSF
  security interface may utilize Metadata to describe and/or
  prescribe characteristics and behavior of the YANG data models.

You are correct. I propose replacing the existing example with the following:
Metadata may be used to describe and/or prescribe the characteristics
and behavior of the data that the metadata applies to. Metadata is NOT
limited to metadata as defined in YANG models [RFC7952]; rather,
metadata ca be used to augment the modeling of any I2NSF model
element. Examples include:
  - version information of an I2NSF Capability, I2NSF Component,
 I2NSF Policy, or other function or object of an I2NSF system
   - descriptive information, such as best current practices or other
 usage information, that describe the use or operation of an
 I2NSF Component
   - prescriptive information, such as algorithms or commands, that
 define how an I2NSF Component should be used


   Network Security Function (NSF):  Software that provides a set of
  security-related services.  Examples include detecting unwanted
  activity and blocking or mitigating the effect of such unwanted
  activity in order to fulfil service requirements.  The NSF can
  also help in supporting communication stream integrity and
  confidentiality.

MGLT: It is not clear to me the relation between function and service. My 
understanding is that service may involve multiple functions. But I believe it 
would be helpful to position these two concepts - at least in this definition.


Good point. How about:
   Network Security Function (NSF):  Software that provides a set of
  security-related services. An NSF represents the software as a
  functional block. An NSF functional block may contain one or
  more security-related services. Examples include detecting unwanted
  activity and blocking or mitigating the effect of such unwanted
  activity in order to fulfil service requirements.  The NSF can
  also help in supporting communication stream integrity and
  confidentiality.


   Producer:  A Producer is a Role that is assigned to an I2NSF
  Component that can send information and/or commands to another
  I2NSF Component.  See also: Consumer, Role.

MGLT: Is Producer equivalent to provider ? If so maybe that would hepl to use a 
single designation.


I assume you mean I2NSF Provider Interface? Or are you worried that people will 
equate Provider to Producer?
Generically, Providers supply services, but are NOT a functional block in an 
I2NSF system. Rather, they are actors that use an I2NSF system. In contrast, a 
Producer is a functional block in an I2NSF system that supplies information, 
resources, or services for consumption by other I2NSF Components.
We could add the fact that a Producer is a type of I2NSF Component, whereas a 
Provider is not.
We could also define a functional block. ☺


On Sun, Oct 23, 2016 at 9:44 PM, 
<internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Interface to Network Security Functions of the 
IETF.

Title   : Interface to Network Security Functions (I2NSF) 
Terminology
Authors : Susan Hares
  John Strassner
  Diego R. Lopez
  Liang Xia
  Henk Birkholz
Filename: draft-ietf-i2nsf-terminology-02.txt
Pages   : 13
Date: 2016-10-23

Abstract:
   Thi

Re: [I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt

2016-11-02 Thread Daniel Migault 
Please consider responding to this email rather than the previous one. --
Too many CCs.

Yours,
Daniel

On Wed, Nov 2, 2016 at 6:16 AM, Daniel Migault 
wrote:

> Hi,
>
> I reviewed the document. Please find my comments below.
>
> Yours,
> Daniel
>
>
>
>Metadata:  Data that provides information about other data.
>
> MGLT: This is actually how metadata is defined. However, it might be
> usefull to provide an example, or conplete the definition. I an also
> wondering if I2NSF only defines metadata associated to YANG models. If so
> woudl it be relevant to mention RFC7952 ? The examples do not seem to
> ilustrate what metadata is, instead they mention protocols that use YANG
> for which metadta is defined.
>
>   Examples include IETF network management protocols (e.g.  NETCONF,
>   RESTCONF, IPFIX) or IETF routing interfaces (I2RS).  The I2NSF
>   security interface may utilize Metadata to describe and/or
>   prescribe characteristics and behavior of the YANG data models.
>
>
>Network Security Function (NSF):  Software that provides a set of
>   security-related services.  Examples include detecting unwanted
>   activity and blocking or mitigating the effect of such unwanted
>   activity in order to fulfil service requirements.  The NSF can
>   also help in supporting communication stream integrity and
>   confidentiality.
>
> MGLT: It is not clear to me the relation between function and service. My
> understanding is that service may involve multiple functions. But I believe
> it would be helpful to position these two concepts - at least in this
> definition.
>
>
>Producer:  A Producer is a Role that is assigned to an I2NSF
>   Component that can send information and/or commands to another
>   I2NSF Component.  See also: Consumer, Role.
>
> MGLT: Is Producer equivalent to provider ? If so maybe that would hepl to
> use a single designation.
>
>
>
>
>
> On Sun, Oct 23, 2016 at 9:44 PM,  wrote:
>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> This draft is a work item of the Interface to Network Security Functions
>> of the IETF.
>>
>> Title   : Interface to Network Security Functions (I2NSF)
>> Terminology
>> Authors : Susan Hares
>>   John Strassner
>>   Diego R. Lopez
>>   Liang Xia
>>   Henk Birkholz
>> Filename: draft-ietf-i2nsf-terminology-02.txt
>> Pages   : 13
>> Date: 2016-10-23
>>
>> Abstract:
>>This document defines a set of terms that are used for the Interface
>>to Network Security Functions (I2NSF) effort.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-i2nsf-terminology/
>>
>> There's also a htmlized version available at:
>> https://tools.ietf.org/html/draft-ietf-i2nsf-terminology-02
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-terminology-02
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> ___
>> I2nsf mailing list
>> I2nsf@ietf.org
>> https://www.ietf.org/mailman/listinfo/i2nsf
>>
>
>
___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

[I2nsf] I-D Action: draft-ietf-i2nsf-terminology-02.txt

2016-10-23 Thread internet-drafts 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Interface to Network Security Functions of the 
IETF.

Title   : Interface to Network Security Functions (I2NSF) 
Terminology
Authors : Susan Hares
  John Strassner
  Diego R. Lopez
  Liang Xia
  Henk Birkholz
Filename: draft-ietf-i2nsf-terminology-02.txt
Pages   : 13
Date: 2016-10-23

Abstract:
   This document defines a set of terms that are used for the Interface
   to Network Security Functions (I2NSF) effort.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-i2nsf-terminology/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-i2nsf-terminology-02

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-terminology-02


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf