Re: [I2nsf] Service Layer Policies - Post 0: note structure
Aldo Basile <cataldo.basile@polito.it> Wed, 09 December 2015 11:43 UTC
Return-Path: <cataldo.basile@polito.it>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCA9D1A87D0 for <i2nsf@ietfa.amsl.com>; Wed, 9 Dec 2015 03:43:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.331
X-Spam-Level:
X-Spam-Status: No, score=-0.331 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, J_CHICKENPOX_24=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PLpvf1z1QrC for <i2nsf@ietfa.amsl.com>; Wed, 9 Dec 2015 03:43:22 -0800 (PST)
Received: from antispam.polito.it (fm1nodo1.polito.it [130.192.180.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32F861A87B8 for <i2nsf@ietf.org>; Wed, 9 Dec 2015 03:43:21 -0800 (PST)
Received: from polito.it (frontmail1.polito.it [130.192.180.41]) by antispam.polito.it with ESMTP id tB9BhBtc007195-tB9BhBte007195 (version=TLSv1.0 cipher=AES128-SHA bits=128 verify=CAFAIL); Wed, 9 Dec 2015 12:43:11 +0100
X-AttachExt: p7s
X-ExtScanner: Niversoft's FindAttachments (free)
Received: from [151.33.131.205] (account d011649@polito.it HELO [192.168.1.4]) by polito.it (CommuniGate Pro SMTP 6.1.5) with ESMTPSA id 99777919; Wed, 09 Dec 2015 12:43:10 +0100
To: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>, Linda Dunbar <linda.dunbar@huawei.com>
References: <CAJwYUrFofZHG+b5oPjsi8cMoJ9MjUnoHY5kcE_KW0NKxSrc2fA@mail.gmail.com> <4A95BA014132FF49AE685FAB4B9F17F657DADCA6@dfweml701-chm> <A56B1B45-FBAF-49DC-BB57-DBC035490C3C@telefonica.com>
From: Aldo Basile <cataldo.basile@polito.it>
Message-ID: <566813CC.3090709@polito.it>
Date: Wed, 09 Dec 2015 12:43:08 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <A56B1B45-FBAF-49DC-BB57-DBC035490C3C@telefonica.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010702060409030300020306"
X-FEAS-SYSTEM-WL: 130.192.180.41
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/EmVLhq5TIpw0B-neS3dwXAWeT-I>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, John Strassner <strazpdj@gmail.com>
Subject: Re: [I2nsf] Service Layer Policies - Post 0: note structure
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2015 11:43:25 -0000
Dear all, I agree it is not worth considering the whole PCIM or PCIMe models and suggested implementations. They are too complex to implement and maintain and far from being perfect (John Strassner's Posts 0/1 are much more precise references to PCIM issues). However, I think PCIM/PCIMe are excellent starting points for the design of the an information model, thus they can be used for I2NSF as well. In my experience, all the policy-related concepts that one may need during such a design phase can be described by referring to PCIM/PCIMe-defined concepts (regardless of the way they are represented, classes, associations, association classes), concepts that PCIM/PCIMe miss, and concepts that are not correctly/optimally represented in PCIM/PCIMe. In the SECURED project (and before in the PoSecCo project), PCIM/PCIMe have been considered as starting point to design the information and data models (which are now similar but not equal), while the actual implementation of the repositories and management tasks have been completely detached from PCIM/PCIMe (we had indeed a bad experience in fully agreeing with PCIM during a previous POSITIF project). Therefore, it is probably worth considering the 'refinement' of the I2NSF requirements (which, to the best of my knowledge are presented here https://datatracker.ietf.org/wg/i2nsf/charter/, please correct me if I'm wrong) to a set of more formal/precisely defined requirements and probably also inputs from use cases. Only at that point it would be possible to precisely understand what we can reuse from existing (de facto) standards or models. Regards, Cataldo On 08/12/2015 10:37, DIEGO LOPEZ GARCIA wrote: > Hi, > > I support this. I think it is good to be aligned with common usage of > terms, unless there are very good reasons to do otherwise. > > Just for the record, we are collecting some of the (already mature) > results of the SECURED project policy efforts into a document we will > contribute anytime soon. I hope we will be well aligned with John’s ideas. > > Be goode, > >> On 7 Dec 2015, at 22:25 , Linda Dunbar <linda.dunbar@huawei.com >> <mailto:linda.dunbar@huawei.com>> wrote: >> >> John, >> Thank you very much for structuring the discussion. This is very helpful. >> Maybe I am jumping ahead. For Post 5, the “object” currently used in >> I2NSF framework is same as the “Condition” in PCIM to describe the >> constraints. If no one disagree, I propose to align with PCIM, i.e. >> call it “Subject-Condition-Action-Function”. >> Regards, >> Linda >> *From:*I2nsf [mailto:i2nsf-bounces@ietf.org]*On Behalf Of*John Strassner >> *Sent:*Sunday, December 06, 2015 7:00 PM >> *To:*i2nsf@ietf.org <mailto:i2nsf@ietf.org> >> *Subject:*[I2nsf] Service Layer Policies - Post 0: note structure >> The I2NSF framework draft mentions PCIM (RFC3060) and PCIMe (RFC3460) >> as possible candidates for guiding the policy structure that can be >> mapped to the Capability Layer's "Subject-Object-Action-Function" >> paradigm. >> During IETF94, I expressed discomfort with the above paradigm. >> However, this is a complex subject, and is more easily understood by >> breaking this up into smaller discussions. Here is the order of notes >> that I will post: >> Post 0: this post >> Post 1: problems in using PCIM >> Post 2: problems in using PCIMe >> Post 3: differentiating between groups and roles >> Post 4: differentiating between context, constraints, and conditions >> Post 5: specific worries about the >> "Subject-Object-Action-Function" paradigm >> Post 6: proposed replacement policy structure >> Posts 1 and 2 clarify the problems in using PCIM and PCIMe, >> respectively, which I volunteered to do. >> Posts 3 and 4 are fundamental to posts 5 and 6, as they represent >> software building blocks that are critical for designing and >> implementing Service Policies in a scalable and robust manner. These >> also expand on points in posts 1 and 2. >> Post 5 is the heart of the manner, but can't really be tackled until >> the preceding posts were done. Post 6 builds on the previous posts. >> regards, >> John >> -- >> regards, >> John >> _______________________________________________ >> I2nsf mailing list >> I2nsf@ietf.org <mailto:I2nsf@ietf.org> >> https://www.ietf.org/mailman/listinfo/i2nsf > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: diego.r.lopez@telefonica.com <mailto:diego.r.lopez@telefonica.com> > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > > ------------------------------------------------------------------------ > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, > puede contener información privilegiada o confidencial y es para uso > exclusivo de la persona o entidad de destino. Si no es usted. el > destinatario indicado, queda notificado de que la lectura, utilización, > divulgación y/o copia sin autorización puede estar prohibida en virtud > de la legislación vigente. Si ha recibido este mensaje por error, le > rogamos que nos lo comunique inmediatamente por esta misma vía y proceda > a su destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual or > entity named above. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this communication is strictly prohibited. If you have > received this transmission in error, do not read it. Please immediately > reply to the sender that you have received this communication in error > and then delete it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu > destinatário, pode conter informação privilegiada ou confidencial e é > para uso exclusivo da pessoa ou entidade de destino. Se não é vossa > senhoria o destinatário indicado, fica notificado de que a leitura, > utilização, divulgação e/ou cópia sem autorização pode estar proibida em > virtude da legislação vigente. Se recebeu esta mensagem por erro, > rogamos-lhe que nos o comunique imediatamente por esta mesma via e > proceda a sua destruição > > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf >
- [I2nsf] Service Layer Policies - Post 0: note str… John Strassner
- Re: [I2nsf] Service Layer Policies - Post 0: note… Linda Dunbar
- Re: [I2nsf] Service Layer Policies - Post 0: note… John Strassner
- Re: [I2nsf] Service Layer Policies - Post 0: note… DIEGO LOPEZ GARCIA
- Re: [I2nsf] Service Layer Policies - Post 0: note… Aldo Basile
- Re: [I2nsf] Service Layer Policies - Post 0: note… Linda Dunbar
- Re: [I2nsf] Service Layer Policies - Post 0: note… John Strassner