Re: [I2nsf] WG scope follow-up
"Diego R. Lopez" <diego.r.lopez@telefonica.com> Tue, 30 July 2019 09:05 UTC
Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58930120153 for <i2nsf@ietfa.amsl.com>; Tue, 30 Jul 2019 02:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telefonica.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCIUK4nfnnet for <i2nsf@ietfa.amsl.com>; Tue, 30 Jul 2019 02:05:40 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70090.outbound.protection.outlook.com [40.107.7.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F5BA120151 for <i2nsf@ietf.org>; Tue, 30 Jul 2019 02:05:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IsCMs62ewJTHiFT3v/ZJyx8MYJpPEMlz4Dx8fsgzJKH4l1ywa4+AhriT9KYcv37IokMmfBHpEn56V/fxLED+PmS3udF/lJvvmCYox+fP0+ICjX0mEMWlEcU8MdInY63qNLQLRFNDj+O/T+1QZ8e2XJoEKi8T4c0LHOxgqpjFrxU2EvuCcLlTglmfizX5sqEZOQS0LBcInVLljiZVSgvNCUHWDkKsz10EkDjezx3cYiiR6eyZ12yR8zC7Lz07FPo32kVt/kpcwwW7yiKQ6AEans1yGcYm4/VzdbzXB2MYDM1yuVDhBN3PMSRX0IxUZlzqNDXPLdamdcUWFaHzZb96uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WaqtVIctuRvCaUAoOgxg1us+ITvH0Bb0RomlePOYYy0=; b=No4428u072F9MFf/RtNO7lcv9/BH7YyuJvF/E9GDYR8KaMeHnPGzxVCEsvyB/kkMBre7TwS4Iycov36+j+07kNqDMsE10IMd5liy0oaewYDCCcxCCOBZq22kPjVdaUs13fWxSytbMVXs8y1ok9dQ+MVeEI1NtqpgJJCjsExWj3bmzBBIPPzcqN2eAVZtTdWKRIbqgLAgxou4N1j6eeeQ0xKB1k8RxKifyKoeu46VLsMSsU31HVrT1h7pD44cMEImADVGELdoUhtdslzeNSzeP+FBdzpnd27i+1Lh4PgyFlQDG+MAi7vtgHxrnmcbkyh6xanX44QJtyA6gQGDb8L28A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=telefonica.com;dmarc=pass action=none header.from=telefonica.com;dkim=pass header.d=telefonica.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telefonica.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WaqtVIctuRvCaUAoOgxg1us+ITvH0Bb0RomlePOYYy0=; b=M0fRWL8uXMFUw4U3xz5QNaOcFkC63H5dLJWUbrhOhj9zYVD1MPBexX/LIKo38TfeZAWyn7rFG/S4+vTf93lHpIuT6ub4zNzqPKsbAnPXQ7eyO6tPxtUGbBofwIkIHtcfC5KpWsSpKJ5T8wyMn7EVCsO8qP7KV/+QfGe0VMP3eVI=
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com (52.134.70.148) by DB3PR0602MB3756.eurprd06.prod.outlook.com (52.134.71.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.15; Tue, 30 Jul 2019 09:05:36 +0000
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::9c53:d10:400e:c71]) by DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::9c53:d10:400e:c71%5]) with mapi id 15.20.2115.005; Tue, 30 Jul 2019 09:05:36 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: 양현식 <yangun@dcn.ssu.ac.kr>, "i2nsf@ietf.org" <i2nsf@ietf.org>
CC: Roman Danyliw <rdd@cert.org>, "skku_iotlab_seminar@googlegroups.com" <skku_iotlab_seminar@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>, "skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@googlegroups.com>
Thread-Topic: [I2nsf] WG scope follow-up
Thread-Index: AdVC/n/cGQ1+pT6JSGqSEUMFh4PZHwAZVIMAAHqWJQAATofBAA==
Date: Tue, 30 Jul 2019 09:05:35 +0000
Message-ID: <535E34E0-678B-466E-AFAB-30485F1829C9@telefonica.com>
References: <359EC4B99E040048A7131E0F4E113AFC01B33E96A6@marchand> <CAPK2DezL4_DrinvkZEp3jMfz27EBB6tdEyX9iuFABLXBk+LrJA@mail.gmail.com> <CC40C7C0-9AB0-4983-A7D3-4D9940F506A1@dcn.ssu.ac.kr>
In-Reply-To: <CC40C7C0-9AB0-4983-A7D3-4D9940F506A1@dcn.ssu.ac.kr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.c.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-originating-ip: [195.235.92.33]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 57d78a0b-3f16-4840-73ac-08d714cd15bd
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DB3PR0602MB3756;
x-ms-traffictypediagnostic: DB3PR0602MB3756:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <DB3PR0602MB37567A507F32E2F65CF9EF0FDFDC0@DB3PR0602MB3756.eurprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0114FF88F6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(39860400002)(136003)(376002)(396003)(366004)(15404003)(40134004)(199004)(189003)(86362001)(486006)(25786009)(7736002)(66066001)(66574012)(54896002)(14444005)(256004)(2501003)(6512007)(2616005)(236005)(15188155005)(6306002)(8936002)(6436002)(446003)(33656002)(476003)(3846002)(6486002)(4326008)(6116002)(81166006)(81156014)(11346002)(16799955002)(8676002)(71200400001)(606006)(99286004)(53546011)(58126008)(316002)(786003)(53936002)(26005)(68736007)(14454004)(76116006)(71190400001)(6246003)(229853002)(36756003)(5660300002)(6506007)(110136005)(102836004)(91956017)(66946007)(966005)(2906002)(45080400002)(54906003)(76176011)(66556008)(64756008)(66446008)(66476007)(186003)(478600001)(325944009); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR0602MB3756; H:DB3PR0602MB3788.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HUAxau1FVXYPIMeP9Rbm/2W4C9UQbeKuuJL/v2UdeR44tjSWeHpP624zFu9DT6gvv0TA+2fwrzh8TUllXSo7UEmkdLryCmxf1+fssCcSzCPYkCAOiOrCshUPydaHNoT/xoJHiMWzQROZP2xN3s446307wrQLbILkXe4+NBVi+lScwRVmpgxIVPjEWRYLSc45klDH4auJ5RSTo/bdeSlni3fnE003R59Qyv/0EsiEyQ0CLjS+KcCLjhSh//xxa9jUlIC3GLsnC2VueRvgpoPD95U21a8EaYLZvNOTPZ3d42p+g1jEZTO1g6KTappVxqZhPxybgQVGovmsGE5IRZGKEDTiVCcVPCM204FeTNQ5ztzjIlkgDLajeGyrAuFcQODggqpGRSDZaZJBfb3oTZ6i/ilBcU1p0tN5PxF83sluXLM=
Content-Type: multipart/alternative; boundary="_000_535E34E0678B466EAFAB30485F1829C9telefonicacom_"
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 57d78a0b-3f16-4840-73ac-08d714cd15bd
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2019 09:05:35.9394 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: diego.r.lopez@telefonica.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0602MB3756
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/rEm1Kl-qmsm8Zj28Q7cdy3eZuPs>
Subject: Re: [I2nsf] WG scope follow-up
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 09:05:44 -0000
Hi, I am not objecting to the work in the translating support techniques (what would be, in my opinion, the part of the work suitable to an IETF document), but to having it within a re-chartered I2NSF. I think those techniques should be general enough to constitute one of the essential aspects of the new work being considered for YANG, and therefore I’d like to see this activity directed there. You can count on my full support for that goal. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D https://www.linkedin.com/in/dr2lopez/ e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com> Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- On 28/07/2019, 16:08, "I2nsf on behalf of 양현식" <i2nsf-bounces@ietf.org<mailto:i2nsf-bounces@ietf.org> on behalf of yangun@dcn.ssu.ac.kr<mailto:yangun@dcn.ssu.ac.kr>> wrote: +1 Hi. I am Hyunsik Yang. I joined I2NSF hackathon from IETF102 to IETF105 and I am an author of NFV draft. I agree with Paul's opinion based on my experience of I2NSF Hackathon. In order to use I2NSF in a real environment, I think we should provide a document for guidelines on how to use it in addition to the basic framework. Although the document couldn't reflect all use cases, I think we can provide a basic direction to user who use I2NSF Framework. Therefore, security policy translator draft also can be a good guideline. In addition, from an implementation point of view, I think current interface is not enough since it only deal with internal interface. We also need to define additional interfaces or information model to use I2NSF in real world such as interface for VNFM and SFC controller. I knew that this is not part of the current I2NSF WG scope, but, if I2NSF WG is going to re-chartering phase, I think it is necessary to add those item to re-chartering. 2019. 7. 26. 오후 12:40, Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>> 작성: Hi Roman and I2NSF WG, Though the system components of the I2NSF system (e.g., security policy translator) are not in the scope of I2NSF WG, key components such as I2NSF User, Security Controller, and Developer's Management System (DMS) need standard documents to let developers and operators grasp what information and parameters are required and exchanged among those components. Those documents can be published as Informational RFCs to provide the developers and operators with the guidelines to build their own components interoperable with other components in the I2NSF system. For an example, the security policy translation draft provides the audience with such guidelines in terms of the design of implementation of their own security policy translator. https://tools.ietf.org/html/draft-yang-i2nsf-security-policy-translation-04 To let the security policy translator perform security policy translation, it requires the relationship between the consumer-facing interface and the nsf-facing interface data models. This document explains such relationship (or mapping) between the two interfaces. With the explicit representation of such a mapping, the developers need to figure it out. It will be time-consuming and may mislead them. It also explains what information (e.g., IP addresses of a user's devices and website URLs) should be populated into the NSF database for security policy translation in the Security Controller. This information needs to delivered from the I2NSF User to the Security Controller. Assuming that the I2NSF User and the Security Controller are developed by two different operators and vendors, an interface between them should be standardized for interoperability. As said during today's WG session, this security policy translation draft will target at an Informational RFC. For another example, the draft of I2NSF on NFV reference architecture provides the operators and developers with the guidelines of how to build the I2NSF system on the NFV architecture. https://tools.ietf.org/html/draft-yang-i2nsf-nfv-architecture-05 The draft explains the initial configuration procedure in NFV architecture. When a proper NSF is not activated yet in the I2NSF system, the Security Controller sends an NSF initiation request to the DMSs which has (or may have) the required NSF, as shown in Figure 2 in the draft. In this case, the DMS sends an NSF initiation request to the VNF Manager (VNFM) using the Ve-Vnfm interface that is an ETSI NFV interface. This DMS NSF initiation request should be specified by the I2NSF system. This draft will describe the contents and format of the request in the next revision. Thus, this will help the vendors and operators easily implement the I2NSF in the NSF architecture. During the last 9 I2NSF hackathon projects, my team recognized the necessity of the drafts for the functionality and parameters of the I2NSF system components. I believe that these drafts will accelerate the development and development of I2NSF in the real world. I think our I2NSF WG needs to recharter toward the second phase. Thanks. Best Regards, Paul On Thu, Jul 25, 2019 at 4:45 PM Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> wrote: Hello! During today's F2F meeting, we discussed the need to check the charter scope of the work proposed in draft-yang-i2nsf-security-policy-translation. Making no value judgement on the utility of the work, in my review of the current charter, this class of work is not in scope. The current charter doesn't currently cover standardization activity inside the NSF/DMS/controller. If the WG wants to re-charter, by all means, let's have that conversation. Roman _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php> _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
- [I2nsf] WG scope follow-up Roman Danyliw
- Re: [I2nsf] WG scope follow-up Diego R. Lopez
- Re: [I2nsf] WG scope follow-up Xialiang (Frank, Network Standard & Patent Dept)
- Re: [I2nsf] WG scope follow-up John Strassner
- Re: [I2nsf] WG scope follow-up Mr. Jaehoon Paul Jeong
- Re: [I2nsf] WG scope follow-up 양현식
- Re: [I2nsf] WG scope follow-up Diego R. Lopez