Re: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?
Rakesh Kumar <rkkumar@juniper.net> Tue, 01 November 2016 18:57 UTC
Return-Path: <rkkumar@juniper.net>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F7B1298A3 for <i2nsf@ietfa.amsl.com>; Tue, 1 Nov 2016 11:57:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRnzFQ5cQoyV for <i2nsf@ietfa.amsl.com>; Tue, 1 Nov 2016 11:57:02 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0128.outbound.protection.outlook.com [104.47.34.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EDE212989F for <i2nsf@ietf.org>; Tue, 1 Nov 2016 11:57:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gxxP5Zs4cRBzQg3Ssflya7ocdnZaEyRp39WnmYMAe2o=; b=a4hK1cNZfJu+1sCPe1c9AhrfOmtqB5y7VXjN5PmnNWbO1USS5iDmp0u8w0P7tWY7WnAuO31GVPRJN6L9fsTtDfIZy5v6bfDrwJINOL+5jbEV5FBVyakZIj+0VyPDXYVVtL+1BBOEy1dr406u1epLewiGDKWHf7dtaYNR8Xsoo0U=
Received: from BN6PR05MB2993.namprd05.prod.outlook.com (10.173.19.11) by BLUPR0501MB2114.namprd05.prod.outlook.com (10.164.23.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.1; Tue, 1 Nov 2016 18:57:00 +0000
Received: from BN6PR05MB2993.namprd05.prod.outlook.com ([10.173.19.11]) by BN6PR05MB2993.namprd05.prod.outlook.com ([10.173.19.11]) with mapi id 15.01.0707.004; Tue, 1 Nov 2016 18:56:58 +0000
From: Rakesh Kumar <rkkumar@juniper.net>
To: Linda Dunbar <linda.dunbar@huawei.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?
Thread-Index: AQHSNGkxdWqqnaJsm0OtHOhFz0xPdaDEBUYA
Date: Tue, 01 Nov 2016 18:56:58 +0000
Message-ID: <18E4048E-18B8-4ECA-825C-FC0A3CFD014B@juniper.net>
References: <4A95BA014132FF49AE685FAB4B9F17F657F64B5C@dfweml501-mbb> <4A95BA014132FF49AE685FAB4B9F17F657F64C1C@dfweml501-mbb>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657F64C1C@dfweml501-mbb>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.18.0.160709
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rkkumar@juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [66.129.239.11]
x-microsoft-exchange-diagnostics: 1; BLUPR0501MB2114; 7:/uvfXBQB4LElTFghoX+vNZdbRG3Q9cMd7rRXEicHRG0/RMLvaHFastE9TPFvYReM/aF0NvieoBS5n6jAIu08Aj2drNsRCTeo74mv8Aj5XiRrmD8FTX7kq8OkmivU9XR7LyYkLk6jPpLu+9EOpKeVB/xZTkMacX/l5XARnXAIBwhmZKuQ0bRP90SBNC/51YQqsTAZqLfnQZu3cWCQ/cmgF9ezfLH5uVaP5YkOhsx1u52vGHByyKe5x2J8sLfCpy1SrT+0If5SERzGNzfY5DvU+YT0Nx9gh4LcpIsSE5a56h2gliIg2NZuMiHtgTjIkW1MgIBVPW+8vEoMujCr+FXJVN6e/RzwMLlGV7HxcU32ico=
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(7916002)(199003)(377454003)(45984002)(24454002)(377424004)(189002)(13464003)(10400500002)(99936001)(92566002)(586003)(16236675004)(87936001)(189998001)(3280700002)(3846002)(6116002)(4326007)(106356001)(17760045003)(15975445007)(2900100001)(230783001)(33656002)(19625215002)(102836003)(81166006)(81156014)(83716003)(5001770100001)(97736004)(3660700001)(82746002)(107886002)(8936002)(4001350100001)(50986999)(76176999)(2906002)(4001150100001)(66066001)(9326002)(83506001)(5660300001)(101416001)(68736007)(7906003)(19580395003)(8676002)(86362001)(18206015028)(36756003)(7846002)(19300405004)(54356999)(2950100002)(19627595001)(2501003)(106116001)(105586002)(77096005)(4001430100002)(7736002)(122556002)(19617315012)(19580405001)(99286002)(5002640100001)(7099028)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR0501MB2114; H:BN6PR05MB2993.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 4229d061-4444-4c75-d378-08d40288db92
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR0501MB2114;
x-microsoft-antispam-prvs: <BLUPR0501MB2114007FA6A2270410358FA4ADA10@BLUPR0501MB2114.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705)(50582790962513)(21748063052155)(138986009662008);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415321)(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:BLUPR0501MB2114; BCL:0; PCL:0; RULEID:; SRVR:BLUPR0501MB2114;
x-forefront-prvs: 01136D2D90
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related; boundary="_004_18E4048E18B84ECA825CFC0A3CFD014Bjunipernet_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2016 18:56:58.8202 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0501MB2114
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/7LMqymlZgOeTs1bQC8dcceds128>
Cc: Adrian Farrel <afarrel@juniper.net>
Subject: Re: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt?
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 18:57:06 -0000
Hi Linda, Thanks a lot for the review. One of the biggest challenges in the security world today is that, it is too complex with each vendor having their own set of features and functionality exposed in a very proprietary manner. We have to simplify this with I2NSF client-facing interface so that a security admin can express their business needs without having to worry about the complexity. It is very important that security requirements be expressed by security admin with simple rules. But it is easier said than done, this is one of the most complex problem as how to make rules simple but at the same time able to capture wide variety of use-cases in different environment. The work done so far in this draft is just the beginning and we should brain storm and see how to make it more complete. I will look at the link you have sent and see how to leverage from there. Even if we develop very generic rules, we still need to define some basic constructs which would be used to build a policy. We have taken a step in that direction, but this is just a start and work will continue with ideas from folks in this WG. Regards, Rakesh From: Linda Dunbar <linda.dunbar@huawei.com> Date: Tuesday, November 1, 2016 at 10:55 AM To: Rakesh Kumar <rkkumar@juniper.net>, "i2nsf@ietf.org" <i2nsf@ietf.org> Cc: Adrian Farrel <afarrel@juniper.net> Subject: RE: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt? Rakesh, By the way, the I2NSF framework has specified to use ECA (Event Condition Action) to describe “Rules”. https://datatracker.ietf.org/doc/draft-xibassnez-i2nsf-capability/ has the detailed description on how “Rules” information model. Is there any issue to utilize those information model? Thanks, Linda From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Linda Dunbar Sent: 2016年11月1日 12:10 To: Rakesh Kumar <rkkumar@juniper.net>; i2nsf@ietf.org Cc: Adrian Farrel <afarrel@juniper.net> Subject: [I2nsf] Will you provide more details on the Rules' Information model in draft-kumar-i2nsf-client-facing-interface-im-00.txt? Rakesh, Thank you very much for contributing the draft. Just curious, the current IM for Rules doesn't have much details: [cid:image001.jpg@01D23437.0C337430] Will you add more in future revision? Linda Dunbar -----Original Message----- From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Rakesh Kumar Sent: 2016年10月31日 12:14 To: i2nsf@ietf.org<mailto:i2nsf@ietf.org> Cc: Adrian Farrel <afarrel@juniper.net<mailto:afarrel@juniper.net>>; Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> Subject: [I2nsf] FW: New Version Notification for draft-kumar-i2nsf-client-facing-interface-im-00.txt We posted a new draft that captures an information model for the client-facing interfaces based on “draft-ietf-i2nsf-client-facing-interface-req”. This is an initial version, we plan to update this as we evolve based on new requirements and information. Thanks & Regards, Rakesh and other co-authors. On 10/31/16, 10:08 AM, "internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>" <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote: A new version of I-D, draft-kumar-i2nsf-client-facing-interface-im-00.txt has been successfully submitted by Rakesh Kumar and posted to the IETF repository. Name: draft-kumar-i2nsf-client-facing-interface-im Revision: 00 Title: Information model for Client-Facing Interface to Security Controller Document date: 2016-10-31 Group: Individual Submission Pages: 17 URL: https://www.ietf.org/internet-drafts/draft-kumar-i2nsf-client-facing-interface-im-00.txt Status: https://datatracker.ietf.org/doc/draft-kumar-i2nsf-client-facing-interface-im/ Htmlized: https://tools.ietf.org/html/draft-kumar-i2nsf-client-facing-interface-im-00 Abstract: This document defines information model for the client-facing interface to security controller based on the requirements identfied in the [I-D.kumar-i2nsf-client-facing-interface-req]. The information model defines various managed objects and the relationship among these objects needed to build the client interfaces. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf
- [I2nsf] Will you provide more details on the Rule… Linda Dunbar
- Re: [I2nsf] Will you provide more details on the … Linda Dunbar
- Re: [I2nsf] Will you provide more details on the … Rakesh Kumar
- Re: [I2nsf] Will you provide more details on the … Rakesh Kumar
- Re: [I2nsf] Will you provide more details on the … Diego R. Lopez
- Re: [I2nsf] Will you provide more details on the … John Strassner
- Re: [I2nsf] Will you provide more details on the … Rakesh Kumar