IETF Logo Mail Archive

Re: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?

Rakesh Kumar <rkkumar@juniper.net> Tue, 01 November 2016 18:57 UTC

Return-Path: <rkkumar@juniper.net>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F7B1298A3 for <i2nsf@ietfa.amsl.com>; Tue, 1 Nov 2016 11:57:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRnzFQ5cQoyV for <i2nsf@ietfa.amsl.com>; Tue, 1 Nov 2016 11:57:02 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0128.outbound.protection.outlook.com [104.47.34.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EDE212989F for <i2nsf@ietf.org>; Tue, 1 Nov 2016 11:57:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gxxP5Zs4cRBzQg3Ssflya7ocdnZaEyRp39WnmYMAe2o=; b=a4hK1cNZfJu+1sCPe1c9AhrfOmtqB5y7VXjN5PmnNWbO1USS5iDmp0u8w0P7tWY7WnAuO31GVPRJN6L9fsTtDfIZy5v6bfDrwJINOL+5jbEV5FBVyakZIj+0VyPDXYVVtL+1BBOEy1dr406u1epLewiGDKWHf7dtaYNR8Xsoo0U=
Received: from BN6PR05MB2993.namprd05.prod.outlook.com (10.173.19.11) by BLUPR0501MB2114.namprd05.prod.outlook.com (10.164.23.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.1; Tue, 1 Nov 2016 18:57:00 +0000
Received: from BN6PR05MB2993.namprd05.prod.outlook.com ([10.173.19.11]) by BN6PR05MB2993.namprd05.prod.outlook.com ([10.173.19.11]) with mapi id 15.01.0707.004; Tue, 1 Nov 2016 18:56:58 +0000
From: Rakesh Kumar <rkkumar@juniper.net>
To: Linda Dunbar <linda.dunbar@huawei.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?
Thread-Index: AQHSNGkxdWqqnaJsm0OtHOhFz0xPdaDEBUYA
Date: Tue, 01 Nov 2016 18:56:58 +0000
Message-ID: <18E4048E-18B8-4ECA-825C-FC0A3CFD014B@juniper.net>
References: <4A95BA014132FF49AE685FAB4B9F17F657F64B5C@dfweml501-mbb> <4A95BA014132FF49AE685FAB4B9F17F657F64C1C@dfweml501-mbb>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657F64C1C@dfweml501-mbb>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.18.0.160709
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rkkumar@juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [66.129.239.11]
x-microsoft-exchange-diagnostics: 1; BLUPR0501MB2114; 7:/uvfXBQB4LElTFghoX+vNZdbRG3Q9cMd7rRXEicHRG0/RMLvaHFastE9TPFvYReM/aF0NvieoBS5n6jAIu08Aj2drNsRCTeo74mv8Aj5XiRrmD8FTX7kq8OkmivU9XR7LyYkLk6jPpLu+9EOpKeVB/xZTkMacX/l5XARnXAIBwhmZKuQ0bRP90SBNC/51YQqsTAZqLfnQZu3cWCQ/cmgF9ezfLH5uVaP5YkOhsx1u52vGHByyKe5x2J8sLfCpy1SrT+0If5SERzGNzfY5DvU+YT0Nx9gh4LcpIsSE5a56h2gliIg2NZuMiHtgTjIkW1MgIBVPW+8vEoMujCr+FXJVN6e/RzwMLlGV7HxcU32ico=
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(7916002)(199003)(377454003)(45984002)(24454002)(377424004)(189002)(13464003)(10400500002)(99936001)(92566002)(586003)(16236675004)(87936001)(189998001)(3280700002)(3846002)(6116002)(4326007)(106356001)(17760045003)(15975445007)(2900100001)(230783001)(33656002)(19625215002)(102836003)(81166006)(81156014)(83716003)(5001770100001)(97736004)(3660700001)(82746002)(107886002)(8936002)(4001350100001)(50986999)(76176999)(2906002)(4001150100001)(66066001)(9326002)(83506001)(5660300001)(101416001)(68736007)(7906003)(19580395003)(8676002)(86362001)(18206015028)(36756003)(7846002)(19300405004)(54356999)(2950100002)(19627595001)(2501003)(106116001)(105586002)(77096005)(4001430100002)(7736002)(122556002)(19617315012)(19580405001)(99286002)(5002640100001)(7099028)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR0501MB2114; H:BN6PR05MB2993.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 4229d061-4444-4c75-d378-08d40288db92
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR0501MB2114;
x-microsoft-antispam-prvs: <BLUPR0501MB2114007FA6A2270410358FA4ADA10@BLUPR0501MB2114.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705)(50582790962513)(21748063052155)(138986009662008);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415321)(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:BLUPR0501MB2114; BCL:0; PCL:0; RULEID:; SRVR:BLUPR0501MB2114;
x-forefront-prvs: 01136D2D90
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related; boundary="_004_18E4048E18B84ECA825CFC0A3CFD014Bjunipernet_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2016 18:56:58.8202 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0501MB2114
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/7LMqymlZgOeTs1bQC8dcceds128>
Cc: Adrian Farrel <afarrel@juniper.net>
Subject: Re: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 18:57:06 -0000

Hi Linda,

Thanks a lot for the review.

One of the biggest challenges in the security world today is that, it is too complex with each vendor having their own set of features and functionality exposed in a very proprietary manner.  We have to simplify this with I2NSF client-facing interface so that a security admin can express their business needs without having to worry about the complexity.

It is very important that security requirements be expressed by security admin with simple rules. But it is easier said than done, this is one of the most complex problem as how to make rules simple but at the same time able to capture wide variety of use-cases in different environment.

The work done so far in this draft is just the beginning and we should brain storm and see how to make it more complete. I will look at the link you have sent and see how to leverage from there. Even if we develop very generic rules, we still need to define some basic constructs which would be used to build a policy. We have taken a step in that direction, but this is just a start and work will continue with ideas from folks in this WG.


Regards,
Rakesh

From: Linda Dunbar <linda.dunbar@huawei.com>
Date: Tuesday, November 1, 2016 at 10:55 AM
To: Rakesh Kumar <rkkumar@juniper.net>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Cc: Adrian Farrel <afarrel@juniper.net>
Subject: RE: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?

Rakesh,

By the way, the I2NSF framework has specified to use ECA (Event Condition Action) to describe “Rules”.
https://datatracker.ietf.org/doc/draft-xibassnez-i2nsf-capability/ has the detailed description on how “Rules” information model.

Is there any issue to utilize those information model?

Thanks,
Linda

From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Linda Dunbar
Sent: 2016年11月1日 12:10
To: Rakesh Kumar <rkkumar@juniper.net>; i2nsf@ietf.org
Cc: Adrian Farrel <afarrel@juniper.net>
Subject: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?

Rakesh,

Thank you very much for contributing the draft. Just curious, the current IM for Rules doesn't have much details:


[cid:image001.jpg@01D23437.0C337430]

Will you add more in future revision?

Linda Dunbar

-----Original Message-----
From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Rakesh Kumar
Sent: 2016年10月31日 12:14
To: i2nsf@ietf.org<mailto:i2nsf@ietf.org>
Cc: Adrian Farrel <afarrel@juniper.net<mailto:afarrel@juniper.net>>; Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>>
Subject: [I2nsf] FW: New Version Notification for draft-kumar-i2nsf-client-facing-interface-im-00.txt

We posted a new draft that captures an information model for the client-facing interfaces based on “draft-ietf-i2nsf-client-facing-interface-req”.
This is an initial version, we plan to update this as we evolve based on new requirements and information.


Thanks & Regards,
Rakesh and other co-authors.


On 10/31/16, 10:08 AM, "internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>" <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:


    A new version of I-D, draft-kumar-i2nsf-client-facing-interface-im-00.txt
    has been successfully submitted by Rakesh Kumar and posted to the
    IETF repository.

    Name:               draft-kumar-i2nsf-client-facing-interface-im
    Revision:   00
    Title:              Information model for Client-Facing Interface to Security Controller
    Document date:      2016-10-31
    Group:              Individual Submission
    Pages:              17
    URL:            https://www.ietf.org/internet-drafts/draft-kumar-i2nsf-client-facing-interface-im-00.txt
    Status:         https://datatracker.ietf.org/doc/draft-kumar-i2nsf-client-facing-interface-im/
    Htmlized:       https://tools.ietf.org/html/draft-kumar-i2nsf-client-facing-interface-im-00


    Abstract:
       This document defines information model for the client-facing
       interface to security controller based on the requirements identfied
       in the [I-D.kumar-i2nsf-client-facing-interface-req].  The
       information model defines various managed objects and the
       relationship among these objects needed to build the client
       interfaces.




    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.

    The IETF Secretariat



_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf

v2.23.0 | Report a Bug | By Email