[I2nsf] 答复: 答复: Service Level Policies - Post 4: differentiating between context, conditions, and Constraints

"Xialiang (Frank)" <frank.xialiang@huawei.com> Tue, 12 January 2016 05:59 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5C791ACE3E for <i2nsf@ietfa.amsl.com>; Mon, 11 Jan 2016 21:59:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.301
X-Spam-Level:
X-Spam-Status: No, score=-3.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_82=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjH2Z6qauqel for <i2nsf@ietfa.amsl.com>; Mon, 11 Jan 2016 21:59:52 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F050F1ACE3C for <i2nsf@ietf.org>; Mon, 11 Jan 2016 21:59:50 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CCU35011; Tue, 12 Jan 2016 05:59:48 +0000 (GMT)
Received: from SZXEMA411-HUB.china.huawei.com (10.82.72.70) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.235.1; Tue, 12 Jan 2016 05:59:47 +0000
Received: from SZXEMA502-MBS.china.huawei.com ([169.254.4.185]) by szxema411-hub.china.huawei.com ([10.82.72.70]) with mapi id 14.03.0235.001; Tue, 12 Jan 2016 13:59:38 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: John Strassner <strazpdj@gmail.com>
Thread-Topic: [I2nsf] 答复: Service Level Policies - Post 4: differentiating between context, conditions, and Constraints
Thread-Index: AQHRTOr6crUrhuQANUWG8mMK0hm1up73XOng
Date: Tue, 12 Jan 2016 05:59:38 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AED7EC5@SZXEMA502-MBS.china.huawei.com>
References: <CAJwYUrGdNiYf5fbVQ+9r0E7pMXE8-0uErrX-qxL9AFirz_8kEQ@mail.gmail.com> <4A95BA014132FF49AE685FAB4B9F17F657DB9CCD@dfweml701-chm> <CAJwYUrGo_zQtcO6g_fs=p-kegStKpXz5sY0X0Ug+9=aNtYEQ8w@mail.gmail.com> <C02846B1344F344EB4FAA6FA7AF481F12AED6E7A@SZXEMA502-MBS.china.huawei.com> <CAJwYUrFV=yv5zFk1Qjyv000tLuPbW3snozS7nyjcKWh7gnwDzA@mail.gmail.com>
In-Reply-To: <CAJwYUrFV=yv5zFk1Qjyv000tLuPbW3snozS7nyjcKWh7gnwDzA@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.135.43.91]
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F12AED7EC5SZXEMA502MBSchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020205.56949655.0034, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.185, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: a6e7a5f6899d2f9a9d0a1a0c107a1666
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/3Tp6No9AiVOSsQ4yDnpxE9pz4d4>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, Linda Dunbar <linda.dunbar@huawei.com>
Subject: [I2nsf] 答复: 答复: Service Level Policies - Post 4: differentiating between context, conditions, and Constraints
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 05:59:57 -0000

Hi John,
Maybe both. Right now I am not sure~~
But I hope the latter case is enough to address the whole problems.

BTW, I want to note that your ECA model is not essentially different from current “subject-object-action-function” model. Of course, ECA is more mature and widely used.

B.R.
Frank

发件人: I2nsf [mailto:i2nsf-bounces@ietf.org] 代表 John Strassner
发送时间: 2016年1月12日 11:40
收件人: Xialiang (Frank); John Strassner
抄送: i2nsf@ietf.org; Linda Dunbar
主题: Re: [I2nsf] 答复: Service Level Policies - Post 4: differentiating between context, conditions, and Constraints

Hi Frank,

by "extended ECA model which incorporate necessary security characteristic", do you mean adding a new clause to the ECA model, or can these extensions be handled by extending the individual event, condition, and action clauses with metadata (applied to the container and/or the clauses)?

regards,
John

On Mon, Jan 11, 2016 at 6:29 PM, Xialiang (Frank) <frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>> wrote:
Hi all,
John, thanks a lot for the clarification of “context, condition, constraint”.
And I think your understanding about current I2NSF capability interface IM design below is correct. So, I am not against to use ECA model instead of current “subject-object-action-function” model.
My concern is even we agree ECA is a more complete and standard model for I2NSF, we still need to specify an extended ECA model which incorporate necessary security characteristic, which is our next step work.

B.R.
Frank

发件人: I2nsf [mailto:i2nsf-bounces@ietf.org<mailto:i2nsf-bounces@ietf.org>] 代表 John Strassner
发送时间: 2016年1月12日 4:19
收件人: Linda Dunbar; John Strassner
抄送: i2nsf@ietf.org<mailto:i2nsf@ietf.org>
主题: Re: [I2nsf] Service Level Policies - Post 4: differentiating between context, conditions, and Constraints

Hi Linda,

The answer depends if I2NSF wants to pursue authorization policies and/or deontic or alethic logic.

If any of the above three are true, then "Subject" must change.

If we step back for a moment and think about the definition of an ECA policy rule (event-condition-action), then I remain unconvinced why this is not sufficient for us at the moment. More specifically:

   1) Subject-Object-Action-Function does not have a facility for representing Events, which start policy processing
   2) Subject, as currently defined, is just part of a condition
   3) Object, as currently defined, is also just part of a condition (more specifically, object constraints do NOT apply to anything else)
   4) Function(al profile) needs more specificity, but appears to be able to be covered by metadata (see below).

So, if we view a policy rule as a **container**, then the container aggregates both metadata and content. Metadata can be prescriptive and/or descriptive; content is the type of policy (or set of policies) contained in the container.

This is the subject of my last 2 remaining posts, but in a nutshell, I do not see a need for using Subject-Object-Action-Function, since this introduces non-standard terminology, and the terms are unclear. If the objective is **just** to categorize what type of processing can be done by an NSF, **and if** it is desired to link I2NSF to policy, then I don't see why we can't use a standard ECA policy, augmented with metadata, to do this.


regards,
John

On Fri, Jan 8, 2016 at 9:51 AM, Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote:
John,

Thank you very much for clarifying the differences among

The term “Object” in I2NSF was intended for describing all three “Context, Conditions and Constraints”.
I agree it is not very straight forward definition.

Do you Suggest I2NSF should have something like:

Within the frame of “Subject - <xxx> - Action –Function”, <xxx> is the combination of “Context, Conditions and Constraints”.

Should we call it “CCC”?  Or do you have a better term?

Linda

From: I2nsf [mailto:i2nsf-bounces@ietf.org<mailto:i2nsf-bounces@ietf.org>] On Behalf Of John Strassner
Sent: Thursday, January 07, 2016 4:09 AM
To: i2nsf@ietf.org<mailto:i2nsf@ietf.org>
Subject: [I2nsf] Service Level Policies - Post 4: differentiating between context, conditions, and Constraints

During IETF94, I expressed discomfort with the "Subject-Object-Action-Function" paradigm. This note defines and differentiates between the concepts of context, constraints, and conditions.

1.  Context

There are many definitions of context. One of the most popular [1] is:

   ‘‘Context is any information that can be used to characterize the situation
      of an entity. An entity is a person, place, or object that is considered
      relevant to the interaction between a user and an application, including
      the user and application themselves’’.

As stated in [2], the above definition has a number of problems. Instead, [2] proposes the following definition:

   "The Context of an Entity is a collection of measured and/or inferred
     knowledge that describe the state and the environment in which an
     Entity exists or has existed."

The above definition enables human and or machine inference to be used to more fully characterize the context of an Entity.

2.  Conditions

An event-condition-action (ECA) policy rule consists of three Boolean clauses, and has the following conceptual behavior:

   IF the event_clause evaluates to TRUE
      IF the condition_clause evaluates to TRUE
         THEN execute the actions in the action_clause
      ENDIF
   ENDIF

Each of the above clauses may consist of one or more statements. For example, a condition clause could be:

   if userLogin = Error AND numLoginTries > 3

3.  Constraints

A constraint is a limitation or restriction. Constraints have been used in programming and in modeling for a long time. Constraint programming refers to the embedding of constraints in a language; for example, most Prolog languages include good support for constraint programming. OCL (the Object Constraint Language) is used to specify constraints in UML.

4. Putting Context, Conditions, and Constraints Together

Given a condition, a constraint can be used to further restrict how to satisfy the condition. Then, if a context is specified, the condition and its constraint are bound to that context. In an ECA policy rule, the effect of this is typically to more fully specify the condition clause.

Note, however, that constraints do not have to be used solely with Conditions. For example, a constraint can be used to specify when it is safe to transition to a new state. As another, more powerful, example, the concept of a software contract [3] uses constraints to extend the definition of Abstract Data Types to formally define the behavior of software components. Simplifying the theory, this says the following:

  In order for a method to execute,
      a set of pre-conditions must be satisfied before the method can execute
      a set of post-conditions must be satisfied when the method is finished
      a set of invariants must not change their value during the execution

•  The set of pre- and post-conditions, along with invariants, are all constraints.
5. Proposal

Context, conditions, and constraints are separate concepts, but they fit together naturally.

With respect to policies, if a policy is viewed as a (software) container, then context is applied to the container (and hence, to the components of the container).

Constraints can be applied to terms in each of the event, condition, and action clauses of an ECA policy rule to restrict their behavior, data type, domain and range, and so forth. The most common examples are applying constraints to conditions or to govern the behavior of actions.

•  [1] Dey, A., "Providing Architectural Support for Building Context-Aware
     Applications, Ph.D. Thesis, 2000

[2] Strassner, J., et al., "The Use of Context-Aware Policies and
     Ontologies to Facilitate Business-Aware Network Management",
     Journal of Network and Systems Management (17), pg 255-284, 2009

•  [3] Meyer, B., "Object-Oriented Software Construction, 2nd edition,
     Prentice-Hall, ISBN:  0-13-629155-4


--
regards,
John



--
regards,
John



--
regards,
John