IETF Logo Mail Archive

[I2nsf] what does the term "Policy Domain" commonly refer to? (was RE: WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

Linda Dunbar <linda.dunbar@huawei.com> Thu, 08 February 2018 22:59 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F103012D77A for <i2nsf@ietfa.amsl.com>; Thu, 8 Feb 2018 14:59:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.229
X-Spam-Level:
X-Spam-Status: No, score=-4.229 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5h5oEgIi7VCm for <i2nsf@ietfa.amsl.com>; Thu, 8 Feb 2018 14:59:15 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68A3D12785F for <i2nsf@ietf.org>; Thu, 8 Feb 2018 14:59:15 -0800 (PST)
Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 2A02893C93F50 for <i2nsf@ietf.org>; Thu, 8 Feb 2018 22:59:11 +0000 (GMT)
Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 8 Feb 2018 22:59:12 +0000
Received: from SJCEML521-MBB.china.huawei.com ([169.254.6.91]) by SJCEML701-CHM.china.huawei.com ([169.254.3.93]) with mapi id 14.03.0382.000; Thu, 8 Feb 2018 14:59:07 -0800
From: Linda Dunbar <linda.dunbar@huawei.com>
To: John Strassner <strazpdj@gmail.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: what does the term "Policy Domain" commonly refer to? (was RE: [I2nsf] WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04
Thread-Index: AdOhMDoM+3vuLnxNSG6PcRyOwMOHmA==
Date: Thu, 08 Feb 2018 22:59:06 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F66B00899A@SJCEML521-MBB.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.98]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F66B00899ASJCEML521MBBchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/ERIatqG_OlTtMgyMWREbS2b_6j0>
Subject: [I2nsf] what does the term "Policy Domain" commonly refer to? (was RE: WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2018 22:59:18 -0000

John,

Since you are the policy expert, what does “Policy Domain” commonly refer to?
Can “Policy domain” be one policy applying to a set of tenants? Or one policy applying to a set of geographic regions? Or Policy domain being a set of policies?

Thank you.
Linda

From: John Strassner [mailto:strazpdj@gmail.com]
Sent: Tuesday, February 06, 2018 5:47 PM
To: Linda Dunbar <linda.dunbar@huawei.com>
Cc: i2nsf@ietf.org
Subject: Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

IMHO, the purpose of a WG adopting a draft is to acknowledge that the draft is a good starting point for the work that WG wants to accomplish. To be perfectly clear, I am NOT objecting on the completeness of the document. Rather, I am objecting on the technical correctness of the starting point.

I do NOT feel that the proposed documents represent a good starting point. Ignoring things that can be easily fixed (e.g., grammar), there are a host of problems, such as:
   - what, exactly, is this draft trying to do? I thought I would see YANG for policy rules sent over the Consumer-Facing Interface.
     Instead, I see the name of the interface, whose first element is multi-tenancy, that also contains policies? Policies do not care
     about multi-tenancy. They do care about domains. The organization of the YANG is incorrect.
   - sec 4: in the ieft-i2nsf-cf-interface module
      - why is multi-tenancy at the top of the tree? Shouldn't a DOMAIN be able to have multiple tenants?
      - why does a domain have an authentication-method? First, multiple such methods should be able to be used. Second, how would a domain know what an authentication method even is?
      - why is tenant a sibling of domain, and not a child?
      - why is domain a leaf within policy-tenant? This should be a reference, and why doesn't domain have a reference to policy-tenant?
      - policy roles have nothing to do with multi-tenancy - why are they here?

 I could go on, but even the above means that the rest of the YANG will be wrong.

Therefore, the document is NOT a good starting point, and will NOT accelerate the path to getting a good RFC.

regards,
John

On Fri, Jan 26, 2018 at 3:23 PM, Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote:


The authors of I2NSF Consumer-Facing Interface YANG Data Model
https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

Have requested working group adoption of this draft.

Please bear in mind that WG Adoption doesn’t mean that the draft current content is ready, WG Adoption only means that it is a good basis for a working group to work on.

While all feedback is helpful, comments pro or con with explanations are much more helpful than just "yes please" or "no thank you".

Thank you.

Linda & Yoav


_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf



--
regards,
John

v2.23.0 | Report a Bug | By Email