Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 06 October 2016 20:33 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62861129430 for <i2nsf@ietfa.amsl.com>; Thu, 6 Oct 2016 13:33:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r8bpT5odmdHd for <i2nsf@ietfa.amsl.com>; Thu, 6 Oct 2016 13:33:08 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2448F12943E for <i2nsf@ietf.org>; Thu, 6 Oct 2016 13:33:08 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id t193so20343128ywc.2 for <i2nsf@ietf.org>; Thu, 06 Oct 2016 13:33:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=HoYt9/K0+BUMZF2ViZLYKZr5XeQZAi7oEqks40SjI1o=; b=iT1MriHjundcZ+TyjPGbvuCSF5e6zbu4Y8pt6N66BCfdGoQNGXcEwTDMJ6LG2B9pmN k+wxOdbpTq9vxTozkBjNpuiRftRjJ+zUF7QiYkTJP0cPiNLX76Zgnkpsri5tyCSYsUXZ O/eILdU90xrcygg7yQp9yDPzyk9ea/Q8qhHbZvaBAzxnB1W50/wukjqRAty9rWdK3b1t c8O58t6uAV9oaRZIShYBEVAugdscJp5JHJ4Xy6ovbD9jTmpElTnQa1ohOTKRgSq+Fwwm hKXQ/WNjwzU5ufDHPjw+GHYz56fS6IETMcDsNr8BBm4nTgJtPm+4JvO1AaTwKGzyjtDf WGYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=HoYt9/K0+BUMZF2ViZLYKZr5XeQZAi7oEqks40SjI1o=; b=Ig5SSSnAIgM+avjwhmUVfM96PCslmp6kLcTlHq9tEfKbQmEUjhBj/jGj8uy5I/WMuK BtKJkUXznWyhxbYXP7rX9ZlUxEezKn7PKJ1fSAoMCkTYuYocT7TZYt9hcshy0cX3BJPw apFfPsxEwp5vW4Nc4zd0nS7KwrYA6xnBZkLHN9gzVh0xYyxP9syVyk4Py3f2mNzajnym 1tJ24aDvIniiU8NIGKKAxNmA95VtDefzp+xF0pjfxOhYUm6XtsxYfMSzGg7xbV7mZVPo uwK4XsmGFYeEGQRx4IruJ6sEQpWbza0Nuibsgep9PPhl1RZeSJQrPsBig1lybrCCAhs4 9n4Q==
X-Gm-Message-State: AA6/9Rn6cz+FHhQpowZodq8qmAYX/7j7kXei+nPdfPFRzx2qYqwGJ3GdtsFgLxTmSAkvYoxrNORfcNpX+2UG7g==
X-Received: by 10.129.162.80 with SMTP id z77mr12528682ywg.337.1475785987399; Thu, 06 Oct 2016 13:33:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.165.18 with HTTP; Thu, 6 Oct 2016 13:32:33 -0700 (PDT)
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657F4EE78@dfweml501-mbb>
References: <4A95BA014132FF49AE685FAB4B9F17F657F4EE78@dfweml501-mbb>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 06 Oct 2016 16:32:33 -0400
Message-ID: <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@huawei.com>
Content-Type: multipart/related; boundary="94eb2c128f788b707d053e383312"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/9fl_MbBeHUeiOMqVJxB41ZGYU3g>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" <hyoung@skku.edu>, "Pauljeong@skku.edu" <Pauljeong@skku.edu>, skku_secu-brain_all@googlegroups.com
Subject: Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 20:33:10 -0000
Hi Linda, As a coauthor of this draft, I will answer your questions inline below. On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <linda.dunbar@huawei.com> wrote: > Hyoungshick, et al, > > > > How would you position your draft-kim-i2nsf-security-management-architecture-01 > with regard to the I2NSF framework draft? I find there are a lot of > duplicated content to the I2nsf framework draft. > [Paul] We would like to merge our draft into the i2nsf framework draft because our draft has one depth more detailed architecture. This detailed architecture will be helpful to implement the i2nsf framework. > > There are some differences, such as the following: Are you trying to > define how “security policy” is structured? > > > > > [Paul] Our architecture allows an NSF to update a low-level policy and apply it to the related high-level policy via the control path of Security Controller and Policy Collector (renamed Event Collector in version 02) in Figure 1 of our version 02: https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02 For example, if an NSF of firewall detects a new DoS-attack host, it reports the updated blacklist having the IP address of such a host to Application Logic in I2NSF Client via Security Controller and Event Collector. Application Logic asks Policy Updater to disseminate the updated blacklist to the security controllers under the administration of the same I2NSF Client. > Will the “High Level security management” eventually lead to Client Facing > Policy data models? > [Paul] Yes, as explained above, the High-level security management leads to update and handle Client facing policy data models. > > > Do you plan to define interfaces between all those components depicted in > Figure 1? The interfaces between some of those components are not really > in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF > Capability Manager”, or the interface between “Application Logic” <-> > “Policy Updater”. > [Paul] Yes, we have a plan to define such interfaces. > > Are those components in your current implementation? Is it like an > “example of one implementation”? > [Paul] Though those components are not fully implemented yet in our implementation, my team at SKKU will make implement those components in a later version. Thanks for your clarification questions. Best Regards, Paul > > > > > Thanks, Linda > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] questions about draft-kim-i2nsf-security-… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Diego R. Lopez
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Rakesh Kumar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong