IETF Logo Mail Archive

Re: [I2nsf] Requests for Comments on I2NSF WG Re-chartering Text

Linda Dunbar <linda.dunbar@futurewei.com> Fri, 18 December 2020 16:07 UTC

Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4001D3A098D for <i2nsf@ietfa.amsl.com>; Fri, 18 Dec 2020 08:07:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GmFTqNzzTkDS for <i2nsf@ietfa.amsl.com>; Fri, 18 Dec 2020 08:07:39 -0800 (PST)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-co1nam04on0705.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe4d::705]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF0C53A0989 for <i2nsf@ietf.org>; Fri, 18 Dec 2020 08:07:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cyxX10MqjXGJr1qX5h6vVGnXan79l2UK0R7RaCCI4LLCRzPuqaU6JlNjTSNdNyMHqdWvacEe68pAIV5KomRm0dmV1tIWVAK9BK0CD5Q+3nbUQ2vJuWK0HDPn0EZGyjXjIW5hLyAaIKY0/YoN8pikKOjUC/7n4WsdpFTMptOG+rER/QEYzspkl21T1SAccFNhx9b4y4wAXiE7RuO052E5guV0uulpL6jsxrn/sQwqME//MC3o+sudLAXgX+GIrcHuchtmSoQ49X56q0cT3Z5QSCjT4DrBmB31F0kBnDujlSxxfgi/GmmALxv+dorfMLN0+us5fsi1e3rMOkw2v2GoCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yGZF8oucPD6tFwVCmF5C/2N4hNv2aPz6KzjTo5GDaGo=; b=PfnHnrh0baUA6sqfF9QyLU47QhEqoy2DCKMKaqrxp7s4voWW3QdMZf2kFniyamYhMjI8vFkQNOnclzv5F4yDJnOxQvtDg0/tPdIvicpPXEuNNRbpqBuUq99udxcWRWWoQh5FQTc02Vz/P+BNwoRC0RsEbrV6pmGvHwKeF9dRBkDdeOC4ygMVu8zXXZnm/as3qtV2wixRs/b3uBamUp7M8pVC+O6MWOU/+jpJDzSwnT4y8th7TVyxVvFVSgo9ZVqYL7L/pZpEt72hH/+q2B7YMNvFAQSDbk08fWCcQh2nfyXbWN5pD07p50xaVcw9AeimrR9EZiYj+l6tGC8eISWheg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yGZF8oucPD6tFwVCmF5C/2N4hNv2aPz6KzjTo5GDaGo=; b=OfbkjDl0HFokmxM5U17fSgPIrvdQyMt1jBRIYw6cplxk/uPzW5uJW7T6cdLOBEr8D72OebBjCLOm//vRBQkp9fl/PDQl9pR4IcG3w78wyL+bIETou6IqtN2FQiqsIebKokSq1FI7Bf0J4zD6v+IXmDCMdcvVWV+YQ3qDz9v2Q4o=
Received: from DM6PR13MB2330.namprd13.prod.outlook.com (2603:10b6:5:cc::16) by DM6PR13MB3387.namprd13.prod.outlook.com (2603:10b6:5:149::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.13; Fri, 18 Dec 2020 16:07:37 +0000
Received: from DM6PR13MB2330.namprd13.prod.outlook.com ([fe80::c1e2:96dd:2538:b0c4]) by DM6PR13MB2330.namprd13.prod.outlook.com ([fe80::c1e2:96dd:2538:b0c4%3]) with mapi id 15.20.3676.013; Fri, 18 Dec 2020 16:07:37 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>, Yoav Nir <ynir.ietf@gmail.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>, Roman Danyliw <rdd@cert.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>
Thread-Topic: Requests for Comments on I2NSF WG Re-chartering Text
Thread-Index: AQHWzpqGJ+4rh3fbWUq1fiEDFhc9danvnlWAgADWFgCADHpagIAAI0aA
Date: Fri, 18 Dec 2020 16:07:37 +0000
Message-ID: <DM6PR13MB23303CE6FAE5CF614DB01CD285C30@DM6PR13MB2330.namprd13.prod.outlook.com>
References: <CAPK2DezSjGQxCTm+ZzLPT5bD62N8+=_vEurZLVmyQqP+q-6eKA@mail.gmail.com> <CAPK2DeyjX=vzK11Cu=wr0BL7yY6EFQJVBogWVK-LM1wcFb_d+A@mail.gmail.com> <SN6PR13MB23349F810F0945789AD080DC85CB0@SN6PR13MB2334.namprd13.prod.outlook.com> <CAPK2DexubwzDBJVdBfQNmqBnvBHFFsG9CBR0zamSNQ0KxcsyGg@mail.gmail.com>
In-Reply-To: <CAPK2DexubwzDBJVdBfQNmqBnvBHFFsG9CBR0zamSNQ0KxcsyGg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [72.180.73.64]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e21c4bc3-2a3f-4647-4ab4-08d8a36f099f
x-ms-traffictypediagnostic: DM6PR13MB3387:
x-microsoft-antispam-prvs: <DM6PR13MB33879E896EDA64A96D1696AB85C30@DM6PR13MB3387.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AkXfLaGFP3C+hGquuLlziaXeqanbHLzJ/fUUGgpg3rZbHmvsms/i/W1lC1+2PhnxIs1ebEqxjjWHFcT4yxwiJNbcGsQxc14q9Q4wMcz3euC9jzUKmoViKlRiwkJhbLK/Q+YDqTd4YbxSjvAWuHL1+nP94gHNQm8/2I7XY8jc37o0t/fUWcuUMb78IIak2LFTsCCdIc0Q2usParwNT/lTVX1F0NKAJKwnZMwgCdYe+shEF0ZD5mHVj14oa0FEgzlw23FFSFCQmdHjBrjzKzqVmly/UEA9dxdO2V4boTjQbUnNSF5ZPuLtvgS0sRufwTcNYBjI/QJ/GQiLaPiCz7ZEx3SoREIL5WI6Rj4iRIwv3d34am7JSxam1TTEf5ahglojVRjLx19MSDjUWMVTwSfkLBFG0LyVJFpq/tGXTtGiwRpqGDs/agtocAuK6yealwWMb5uw6ehLbk0DtaKwWpB0tQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB2330.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39840400004)(136003)(376002)(346002)(366004)(396003)(966005)(478600001)(186003)(16799955002)(71200400001)(15188155005)(26005)(7696005)(6506007)(53546011)(44832011)(8676002)(5660300002)(4326008)(52536014)(55016002)(33656002)(9686003)(83380400001)(2906002)(76116006)(316002)(86362001)(166002)(66556008)(64756008)(66476007)(66446008)(66946007)(54906003)(110136005)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: c4ls4yX6AIA6SDAsFVx5+v0ns1AHQwhZauqaZ4bHuAEij7dZXiskUxrVpvT4CXl+X7IRKPBTiESHvxMfiA0AdwTBeupEQ0WMqmI21kUDswrCH1WvI7eJnwFhlpjVyrWM8NJXnzEUH1F8JqnKKkfGIzqh0jerWnEuUwPnLpkCJHG/JZPwYE8sOxuwz7YdLc0Yv1u89WIkUNS8JNcn97JfisZtpdKLkgdZ/1Fp1JGmoW3Am8qgIlIjYdcRjUZEbPii4jQ1ek2RFrl9g/hvayFKi/oEe1q0KBCpVZih2d/wen6RSAl/PoYH74gAz5uVWo4hT9TljI5aQ2qLNn6vpp0kLP00Fv5zEft0Po7sCVBNAsULx6oDL7ZAsojtwkqCkWi3o0KEugS8lyZiD6I+94VxL+h5N7vjA3gAGCfOWxY8GWgvgmYm2j/qvajNqBqAignZ7oVE9cbm7Nu+UZJ0kZjPuePd1Dplbcx/c8GlBosKfmWKQpYqE9xKk9S3nMfwxW5zXYL8SdRof7q35tOYUpv4+eir3JWBtuzpB02sq71JK6pNZxARilkS6MgvNdr/D5MFrCg2G24eFMUu+V1lg3QDwPfmDI9ogpnbNjtAPYpgCIP8VcFHKc3ibIgVtFB/ZogiyCcf4nnS5vyO9KIngRnRaG2F5iPg1V5sDKRrTE0VEIVmXi8g1uKI+UhE9OJCWTTALhiBuS8XjpXLwEzELjMz5OkJLg7lfPJ8VXeQo6gbXVN9NmOK768t1XAf+bbVlTys9Mg2+fBwikhfWexgZgFxI+n8lGW1co/ZHpRVQo81o73oSGzOGnYMchvJ3tlEdXREmYnsPCAWaA9s+C+9DpGVTEzSp0JyeDfRSq5/4i+8WzU2btiSjQ50VJs9KnKYdYua3eMD4QdaU+afaYUjNppyqWgoCtlL4QqxU6khL3lfniNpv8dFwB9aEB6Gn1z1l27RBSuplCUPncpAMAG+aa9GRliWozGUefO5mz1dVFOsITE=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR13MB23303CE6FAE5CF614DB01CD285C30DM6PR13MB2330namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR13MB2330.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e21c4bc3-2a3f-4647-4ab4-08d8a36f099f
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2020 16:07:37.0317 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BWgztHTH8tO4Wf/xzkClOU7DVVYYbu4mtmEmZiYBPEiUPsuvTtPUGbfvHRuasBfsFoQeoLt5vP7+erLGZn7ePA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB3387
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/A95HAvlMarb1iPLqye7GzYunyLY>
Subject: Re: [I2nsf] Requests for Comments on I2NSF WG Re-chartering Text
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2020 16:07:43 -0000

Paul,

Thank you very much for the update. No worry.
Have a nice holiday.

Linda

From: Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com>
Sent: Friday, December 18, 2020 7:59 AM
To: Linda Dunbar <linda.dunbar@futurewei.com>; Yoav Nir <ynir.ietf@gmail.com>
Cc: i2nsf@ietf.org; Roman Danyliw <rdd@cert.org>; skku-iotlab-members <skku-iotlab-members@googlegroups.com>; Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com>
Subject: Re: Requests for Comments on I2NSF WG Re-chartering Text

Hi Linda and Yoav,
For I2NSF Capability YANG Data Model Draft (draft-ietf-i2nsf-capability-data-model-13),
I need more time to finish the revision for the IESG and Tsvart.
I will try to finish the revision by December 24, 2020.
At the end of the fall semester, I am overloaded with my university work.

Thanks for your considerations.

Best Regards,
Paul

On Fri, Dec 11, 2020 at 12:26 AM Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>> wrote:
Paul,

Thank you very much for the update.
The schedule looks very good.

Linda

From: Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>>
Sent: Wednesday, December 9, 2020 8:40 PM
To: i2nsf@ietf.org<mailto:i2nsf@ietf.org>
Cc: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>; Linda Dunbar <linda.dunbar@futurewei.com<mailto:linda.dunbar@futurewei.com>>; Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com>>; skku-iotlab-members <skku-iotlab-members@googlegroups.com<mailto:skku-iotlab-members@googlegroups.com>>; Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>>
Subject: Re: Requests for Comments on I2NSF WG Re-chartering Text

Hi I2NSF WG,
I have the schedule to submit our I2NSF YANG Data Model Drafts to the IESG as follows.

o I2NSF Capability YANG Data Model Draft
  (https://datatracker.ietf.org/doc/draft-ietf-i2nsf-capability-data-model/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-capability-data-model%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030569227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w0m%2F3KDyMmqpTDGPOeLE26dT8pi3Pw4YQPUKdsqw%2FIQ%3D&reserved=0>)
  - The revised draft for the IESG's and Tsvart's reviews will be submitted on December 18, 2020.

o I2NSF NSF-Facing Interface YANG Data Model Draft
  (https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-dm/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-nsf-facing-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030569227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PGvdiiDlAbttfcannW85n2swlRrWXuakv5Ael7H8OtY%3D&reserved=0>)
  - The revised draft for our AD Roman's review will be submitted on January 18, 2021.

o I2NSF Consumer-Facing Interface YANG Data Model Draft
  (https://datatracker.ietf.org/doc/draft-ietf-i2nsf-consumer-facing-interface-dm/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-consumer-facing-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030579226%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0LpR6mdhRgkITnNDFCMXCcjTZiVl8FZfK4cr32r71yw%3D&reserved=0>)
 - The draft will be submitted to the IESG for our AD's review on January 25, 2021.

o I2NSF NSF Monitoring Interface YANG Data Model Draft
  (https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-monitoring-data-model/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-nsf-monitoring-data-model%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030579226%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PZ%2BWKYREt41aMq1h0NZ6B3sbibdOSvKRWjekDOAzgU0%3D&reserved=0>)
 - The revised draft for the 1st YANG Doctor review will be submitted to the YANG Doctor
 on January 31, 2021.

o I2NSF Registration Interface YANG Data Model Draft
  (https://datatracker.ietf.org/doc/draft-ietf-i2nsf-registration-interface-dm/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-registration-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030589218%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yqp8Tfc62T3Vy7jib1o0LdmLgGB5chb%2Fu6WpF9NUHaQ%3D&reserved=0>)
 - The draft will be submitted to the IESG for our AD's review on February 15, 2021.

Thanks.

Best Regards,
Paul

On Thu, Dec 10, 2020 at 11:16 AM Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>> wrote:
Hi I2NSF WG,
I2NSF WG chairs (Linda and Yoav) and members including Susan, Diego, and me
had an online meeting for I2NSF WG Re-chartering Text on December 3, 2020.

Could you read the following text and give us your comments on it?

-------------------------------------------------------------------------------------------------------------------------------
<I2NSF WG Re-chartering Text>

Interface to Network Security Functions (I2NSF) provides security function vendors, users, and
operators with a standard framework and interfaces for cloud-based security services. I2NSF
enables the enforcement of a high-level security policy, which is expressed according to a user's
perspective of the target network. This security policy enforcement in I2NSF is a data-driven
approach using NETCONF/YANG or RESTCONF/YANG, where a security policy is constructed
based on a YANG data model.

The I2NSF framework consists of four components such as I2NSF User, Security Controller,
Network Security Function (NSF), and Developer's Management System (DMS). The I2NSF
User specifies a high-level security policy for a target network. The Security Controller is aware
of the capabilities of the attached NSFs, using them to build the security service(s) satisfying
the policy expressed by the I2NSF User. An NSF provides a set of specific security capabilities
(e.g., firewalling, web filtering, packet inspection, and DDoS-attack mitigation), applying security
policy rules. The DMS registers the capabilities of an NSF with the Security Controller.

The I2NSF framework has four interfaces such as Consumer-Facing Interface, NSF-Facing
Interface, Registration Interface, and Monitoring Interface. Consumer-Facing Interface is used
to deliver high-level security policies from the I2NSF User to the Security Controller. NSF-Facing
Interface is used to deliver low-level security policies from the Security Controller to an NSF.
The Registration Interface is used to register the capabilities of an NSF with the Security
Controller. The Monitoring Interface is used to collect monitoring data from an NSF.

The goal of I2NSF is to define a set of software interfaces and data models of such interfaces
for configuring, maintaining, and monitoring NSFs in cloud environments, including NFV and
edge deployments. For security management automation in an autonomous security system,
I2NSF needs to have a feedback control loop consisting of security policy configuration in an
NSF, monitoring for an NSF, data analysis for NSF monitoring data, feedback delivery, and
security policy augmentation/generation. For this security management automation, the I2NSF
framework requires a new component to collect NSF monitoring data and analyze them, which
is called I2NSF Analyzer. Also, the I2NSF framework needs a new interface to deliver feedback
messages for security policy adjustment from I2NSF Analyzer to Security Controller. A proper
translation of the planned actions onto NSF capabilities requires a well-defined model for
representing these actions.

I2NSF is vulnerable to inside and supply chain attacks since it trusts NSF capability declarations
as provided by DMS, assuming that NSFs work appropriately in all circumstances, as well as
I2NSF User's policy declarations and the actions of the Security Controller. The registration of
NSF capabilities, the declaration of a security policy from either the I2NSF User or its
enforcement by the Security Controller, and the monitoring data from an NSF are assumed to be
genuine and non-malicious. If one of such activities is malicious, the security system based on
I2NSF may collapse. To prevent this malicious activity from happening in the I2NSF framework
or detect the root of a security attack, all the activities in the I2NSF framework should be logged
in either a centralized or decentralized (e.g., blockchain) way. Also, the provenance and status
of the I2NSF components (i.e., I2NSF User, Security Controller, NSF, DMS, and I2NSF Analyzer)
need to be verified by remote attestation, leveraging the current results mostly focused on IT
environments.

Finally, the current YANG data models for the I2NSF interfaces are designed on the basis of NSFs
implemented as virtual machines, and therefore they need to be redesigned for the case where
I2NSF components are instantiated by containers.

The I2NSF working group's deliverables include:

o A single document for an extension of I2NSF framework for security management automation.
This document will initially be produced for reference as a living list to track and record discussions:
the working group may decide to not publish this document as an RFC.
o A YANG data model document for I2NSF Application Interface to deliver feedback from I2NSF
Analyzer to Security Controller.
o A single document for applicability and use cases in I2NSF-based security management
automation.
o A single document for a framework for security policy translation to support the mapping
between a high-level YANG module and a low-level YANG module: the working group may decide
to not publish this document as an RFC. This document will apply the recommendations under
discussion in NETMOD and OPSAWG on event modeling.
o A single document for remote attestation for I2NSF components, based on the work of the
RATS WG.
o A single document for I2NSF on container deployments in a cloud native NFV architecture.

--------------
Milestones

o July 2022: Adopt applicability and use cases in I2NSF-based security management automation
as WG document
o March 2022: Adopt I2NSF on container deployments in a cloud native NFV architecture as WG
document
o November 2021: Adopt a framework for security policy translation as WG document
o July 2021: Adopt remote attestation for I2NSF components as WG document
o July 2021: Adopt a YANG data model for I2NSF Application Interface as WG document
o March 2021: Adopt an extension of I2NSF framework for security management automation as
WG document
-------------------------------------------------------------------------------------------------------------------------------

After submitting all the I2NSF YANG data model drafts, we will be able to work on
the I2NSF WG re-chartering in earnest.

Thanks.

Best Regards,
Paul
--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Computer Science and Engineering
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030589218%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=TjsT%2BDqEBHy80rPalA1kNMOyFHaac5mSf8BpKLKRzuQ%3D&reserved=0>


--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Computer Science and Engineering
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030599205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RHDeHONoyLkPBCuf5MVhmJ6JcRSy9W6DMAtj6XjpfgY%3D&reserved=0>


--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Computer Science and Engineering
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030609206%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=m2cWjpSryresNb5uVccLhFXEQtLY2YfUE8I3dhlzWU8%3D&reserved=0>

v2.23.0 | Report a Bug | By Email