IETF Logo Mail Archive

Re: [I2nsf] Service Layer Policies - Post 1: Background Information on PCIM

Linda Dunbar <linda.dunbar@huawei.com> Tue, 08 December 2015 21:11 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35E941A8774 for <i2nsf@ietfa.amsl.com>; Tue, 8 Dec 2015 13:11:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.61
X-Spam-Level:
X-Spam-Status: No, score=-3.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_45=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bRh53nYuVan for <i2nsf@ietfa.amsl.com>; Tue, 8 Dec 2015 13:11:15 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B58F21A876F for <i2nsf@ietf.org>; Tue, 8 Dec 2015 13:11:13 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml401-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CFE42707; Tue, 08 Dec 2015 21:11:11 +0000 (GMT)
Received: from DFWEML702-CHM.china.huawei.com (10.193.5.72) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.235.1; Tue, 8 Dec 2015 21:11:10 +0000
Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml702-chm ([10.193.5.72]) with mapi id 14.03.0235.001; Tue, 8 Dec 2015 13:10:57 -0800
From: Linda Dunbar <linda.dunbar@huawei.com>
To: John Strassner <strazpdj@gmail.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: [I2nsf] Service Layer Policies - Post 1: Background Information on PCIM
Thread-Index: AQHRMIrJ6daShQrvbEyJJCyiaN8JqJ7BjHvg
Date: Tue, 08 Dec 2015 21:10:57 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657DAE627@dfweml701-chm>
References: <CAJwYUrE=Lqf1tzggRoJ=yRCTGa2BsGuWs34XVVUmoA7WkhJ5gA@mail.gmail.com>
In-Reply-To: <CAJwYUrE=Lqf1tzggRoJ=yRCTGa2BsGuWs34XVVUmoA7WkhJ5gA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.76]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F657DAE627dfweml701chm_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.5667476F.03C4, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 3f704aacd1979e0e6743c704efdc5d9a
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/UP_fEY18BZZkLGFEs01EPTokXnY>
Subject: Re: [I2nsf] Service Layer Policies - Post 1: Background Information on PCIM
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2015 21:11:19 -0000

John,

Thank you very much for the in-depth analysis of PCIM and its suitability as something that I2NSF should be based on. What you write is very valuable. I think the analysis should be added to the I2NSF gap analysis, (or be a standalone Policy Analysis ID).

I have some questions inserted below:

From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of John Strassner
Sent: Sunday, December 06, 2015 7:01 PM
To: i2nsf@ietf.org
Subject: [I2nsf] Service Layer Policies - Post 1: Background Information on PCIM

<Snipped>

2.  Brief description of PCIM

The PCIM Class Hierarchy is very simple, as this is a CA (condition-action) model. Events are NOT represented. PCIM defines a PolicyRule, a PolicyGroup (group of PolicyRules), PolicyCondition, and PolicyAction. These are all siblings; their common superclass is called Policy, as shown below:

ManagedElement (abstract)
  |
  +---Policy (abstract)
  |     |
  |     +---PolicyGroup
  |     |
  |     +---PolicyRule
  |     |
  |     +---PolicyCondition (abstract)
  |     |      |
  |     |      +---PolicyTimePeriodCondition
  |     |      |
  |     |      +---VendorPolicyCondition
  |     |
  |     +---PolicyAction (abstract)
  |            |
  |            +---VendorPolicyAction

Note: PCIM does have a simple notion of Roles, but implements them as attributes, instead of objects. This is not scalable, and does not fully realize the power of using roles. This will be discussed more in Post 3.

Note: It is possible to define limited constraints in PCIM as conditions. For example, the VendorPolicyCondition class has two attributes, Constraint and ConstraintEncoding, that do this. This will be discussed more in Post 4.

Note: Context is NOT defined in the PCIM.

[Linda]  Do you agree that “Condition of the PCIM” == “I2NSF subject” & “the Contextual states (or the I2NSF object)”?


3.  Summary: main drawbacks of using PCIM

Note that the current CIM Policy Model (2.44.1) is significantly different than either PCIM or PCIMe. PCIM is based on CIM 2.4; PCIMe is based on CIM 2.5. PCIMe is NOT backwards compatible with PCIM in all areas.

Critical Problems:

  *   There is no unique ID that can be used to distinguish different
instances of the same PolicyRule, PolicyGroup, PolicyCondition,
or PolicyAction.
[Linda] Can we simply create an ID (string or numeric) for instances of the same PolicyRule? Or it is more complicated?

  *   Relationships are implemented by defining an abstract class
with keys, and then overriding the keys in the subclasses of the
relationship. This is broken. Would you override keys in an RDBMS?
[Linda] Is the “Key” to differentiating different “PolicyRule”?   Can you give an example of “subclasses of the relationship”?
What events can cause “overriding the keys in the subclasses of the relationship”?

  *   Most of the classes that are used to implement the relationships
do NOT have attributes, so it is impossible to restrict which
classes are related to which other classes (e.g., by context).
Put another way, the same relationship must always be used
between two types, even if the semantics varies. (The two
exceptions are PolicyConditionInPolicyRule and
PolicyActionInPolicyRule).
[Linda] Does “classes” == “PolicyRule”?

  *   The "ignore this unless you need this" philosophy does not
work. How do you know if other implementations that you are
supposed to interoperate with are using them?
[Linda] Is “Ignore this unless you need this” an new type of “PolicyRule”?

  *   There is no concept of error or exception handling
  *   There is no concept of the subject or the target of a policy
[Linda] Does your “subject” have the same meaning as the “I2NSF subject” which means bits&bytes extracted from packets?

  *   Adding a new type of policy (e.g., declarative or functional)
will cause a major rewrite of the entire model

[Linda] Can we say that  I2NSF policies have one type “Subject-ContextualStates- action- function? So in I2NSF environment, there is only the notion of adding a new “PolicyRule”, but no adding a new policy type. Is this correct statement?

  *   There is no approach to detecting and solving policy conflicts;
this is due to the simplistic notion of just using a PDP and a
PEP for applying policies.

[Linda] in I2NSF, there could be a lot of conflicts, for example, there could be two rules entered at different time:

1.       Virtual Network X can’t access “YouTube”,

2.      10.1.1.1 can access “YouTube” (where 10.1.1.1 is a host within the Virtual Network X).

Do you call the 2 rules above conflict?



4. Recommendations

Given the large amount of problems, I recommend that we not consider PCIM further.
[Linda] should I2NSF reference PCIM?

Thank you very much. Linda

5. Origin of PCIM/PCIMe

This is a **theory** section; please skip unless you want to understand the model in more detail.

The PCIM is based on the DMTF CIM, which is actually a **data model** (despite its name) because it uses relational technologies (e.g., keys and weak references) to create its model. PCIM is based on an early version of the CIM (2.4); the current version of the CIM is 2.44.1 as of this writing. Since this is tied to the CIM, this means that:

   1) Policy is subclassed from a more generic class (ManagedElement)
   2) ALL relationships (associations, aggregations, and compositions)
       are realized as **classes**
   3) As a result of 2), relationships are subclassed
   4) Both attributes and associations are **inherited**
   5) The same design approach (as much as possible) was used in
        PCIM/PCIMe as was in CIM. Specifically, it was thought better
        to define a generic, but optional, relationship instead of not
        defining the relationship.
   6) The CIM does NOT have a single rooted hierarchy; this makes
        code generation more complex
   7) The CIM uses a proprietary language and is not strictly UML
        compliant, even though it looks like UML (unfortunately, this
        language is also called MOF)

Depending on the complexity of the implementation, the above have been shown to produce problems in large environments. For example, the spirit of "let's define an attribute or association in case it is useful, and make it optional so you don't have to worry about it" not only violates some well-known software architectural guidelines (e.g., Single Responsibility Principle and the Liskov Substitution Principle), but it makes things difficult to interoperate with (since you never really know if an attribute or relationship should be instantiated or not).


regards,
John

v2.29.0 | Report a Bug | By Email | System Status