IETF Logo Mail Archive

Re: [I2nsf] WG scope follow-up

"Diego R. Lopez" <diego.r.lopez@telefonica.com> Tue, 30 July 2019 09:05 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58930120153 for <i2nsf@ietfa.amsl.com>; Tue, 30 Jul 2019 02:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telefonica.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCIUK4nfnnet for <i2nsf@ietfa.amsl.com>; Tue, 30 Jul 2019 02:05:40 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70090.outbound.protection.outlook.com [40.107.7.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F5BA120151 for <i2nsf@ietf.org>; Tue, 30 Jul 2019 02:05:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IsCMs62ewJTHiFT3v/ZJyx8MYJpPEMlz4Dx8fsgzJKH4l1ywa4+AhriT9KYcv37IokMmfBHpEn56V/fxLED+PmS3udF/lJvvmCYox+fP0+ICjX0mEMWlEcU8MdInY63qNLQLRFNDj+O/T+1QZ8e2XJoEKi8T4c0LHOxgqpjFrxU2EvuCcLlTglmfizX5sqEZOQS0LBcInVLljiZVSgvNCUHWDkKsz10EkDjezx3cYiiR6eyZ12yR8zC7Lz07FPo32kVt/kpcwwW7yiKQ6AEans1yGcYm4/VzdbzXB2MYDM1yuVDhBN3PMSRX0IxUZlzqNDXPLdamdcUWFaHzZb96uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WaqtVIctuRvCaUAoOgxg1us+ITvH0Bb0RomlePOYYy0=; b=No4428u072F9MFf/RtNO7lcv9/BH7YyuJvF/E9GDYR8KaMeHnPGzxVCEsvyB/kkMBre7TwS4Iycov36+j+07kNqDMsE10IMd5liy0oaewYDCCcxCCOBZq22kPjVdaUs13fWxSytbMVXs8y1ok9dQ+MVeEI1NtqpgJJCjsExWj3bmzBBIPPzcqN2eAVZtTdWKRIbqgLAgxou4N1j6eeeQ0xKB1k8RxKifyKoeu46VLsMSsU31HVrT1h7pD44cMEImADVGELdoUhtdslzeNSzeP+FBdzpnd27i+1Lh4PgyFlQDG+MAi7vtgHxrnmcbkyh6xanX44QJtyA6gQGDb8L28A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=telefonica.com;dmarc=pass action=none header.from=telefonica.com;dkim=pass header.d=telefonica.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telefonica.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WaqtVIctuRvCaUAoOgxg1us+ITvH0Bb0RomlePOYYy0=; b=M0fRWL8uXMFUw4U3xz5QNaOcFkC63H5dLJWUbrhOhj9zYVD1MPBexX/LIKo38TfeZAWyn7rFG/S4+vTf93lHpIuT6ub4zNzqPKsbAnPXQ7eyO6tPxtUGbBofwIkIHtcfC5KpWsSpKJ5T8wyMn7EVCsO8qP7KV/+QfGe0VMP3eVI=
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com (52.134.70.148) by DB3PR0602MB3756.eurprd06.prod.outlook.com (52.134.71.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.15; Tue, 30 Jul 2019 09:05:36 +0000
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::9c53:d10:400e:c71]) by DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::9c53:d10:400e:c71%5]) with mapi id 15.20.2115.005; Tue, 30 Jul 2019 09:05:36 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: 양현식 <yangun@dcn.ssu.ac.kr>, "i2nsf@ietf.org" <i2nsf@ietf.org>
CC: Roman Danyliw <rdd@cert.org>, "skku_iotlab_seminar@googlegroups.com" <skku_iotlab_seminar@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>, "skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@googlegroups.com>
Thread-Topic: [I2nsf] WG scope follow-up
Thread-Index: AdVC/n/cGQ1+pT6JSGqSEUMFh4PZHwAZVIMAAHqWJQAATofBAA==
Date: Tue, 30 Jul 2019 09:05:35 +0000
Message-ID: <535E34E0-678B-466E-AFAB-30485F1829C9@telefonica.com>
References: <359EC4B99E040048A7131E0F4E113AFC01B33E96A6@marchand> <CAPK2DezL4_DrinvkZEp3jMfz27EBB6tdEyX9iuFABLXBk+LrJA@mail.gmail.com> <CC40C7C0-9AB0-4983-A7D3-4D9940F506A1@dcn.ssu.ac.kr>
In-Reply-To: <CC40C7C0-9AB0-4983-A7D3-4D9940F506A1@dcn.ssu.ac.kr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.c.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-originating-ip: [195.235.92.33]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 57d78a0b-3f16-4840-73ac-08d714cd15bd
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DB3PR0602MB3756;
x-ms-traffictypediagnostic: DB3PR0602MB3756:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <DB3PR0602MB37567A507F32E2F65CF9EF0FDFDC0@DB3PR0602MB3756.eurprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0114FF88F6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(39860400002)(136003)(376002)(396003)(366004)(15404003)(40134004)(199004)(189003)(86362001)(486006)(25786009)(7736002)(66066001)(66574012)(54896002)(14444005)(256004)(2501003)(6512007)(2616005)(236005)(15188155005)(6306002)(8936002)(6436002)(446003)(33656002)(476003)(3846002)(6486002)(4326008)(6116002)(81166006)(81156014)(11346002)(16799955002)(8676002)(71200400001)(606006)(99286004)(53546011)(58126008)(316002)(786003)(53936002)(26005)(68736007)(14454004)(76116006)(71190400001)(6246003)(229853002)(36756003)(5660300002)(6506007)(110136005)(102836004)(91956017)(66946007)(966005)(2906002)(45080400002)(54906003)(76176011)(66556008)(64756008)(66446008)(66476007)(186003)(478600001)(325944009); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR0602MB3756; H:DB3PR0602MB3788.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HUAxau1FVXYPIMeP9Rbm/2W4C9UQbeKuuJL/v2UdeR44tjSWeHpP624zFu9DT6gvv0TA+2fwrzh8TUllXSo7UEmkdLryCmxf1+fssCcSzCPYkCAOiOrCshUPydaHNoT/xoJHiMWzQROZP2xN3s446307wrQLbILkXe4+NBVi+lScwRVmpgxIVPjEWRYLSc45klDH4auJ5RSTo/bdeSlni3fnE003R59Qyv/0EsiEyQ0CLjS+KcCLjhSh//xxa9jUlIC3GLsnC2VueRvgpoPD95U21a8EaYLZvNOTPZ3d42p+g1jEZTO1g6KTappVxqZhPxybgQVGovmsGE5IRZGKEDTiVCcVPCM204FeTNQ5ztzjIlkgDLajeGyrAuFcQODggqpGRSDZaZJBfb3oTZ6i/ilBcU1p0tN5PxF83sluXLM=
Content-Type: multipart/alternative; boundary="_000_535E34E0678B466EAFAB30485F1829C9telefonicacom_"
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 57d78a0b-3f16-4840-73ac-08d714cd15bd
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2019 09:05:35.9394 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: diego.r.lopez@telefonica.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0602MB3756
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/rEm1Kl-qmsm8Zj28Q7cdy3eZuPs>
Subject: Re: [I2nsf] WG scope follow-up
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 09:05:44 -0000

Hi,

I am not objecting to the work in the translating support techniques (what would be, in my opinion, the part of the work suitable to an IETF document), but to having it within a re-chartered I2NSF. I think those techniques should be general enough to constitute one of the essential aspects of the new work being considered for YANG, and therefore I’d like to see this activity directed there. You can count on my full support for that goal.

Be goode,

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
https://www.linkedin.com/in/dr2lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Tel:         +34 913 129 041
Mobile:  +34 682 051 091
----------------------------------

On 28/07/2019, 16:08, "I2nsf on behalf of 양현식" <i2nsf-bounces@ietf.org<mailto:i2nsf-bounces@ietf.org> on behalf of yangun@dcn.ssu.ac.kr<mailto:yangun@dcn.ssu.ac.kr>> wrote:

+1
Hi. I am Hyunsik Yang. I joined I2NSF hackathon from IETF102 to IETF105  and I am an author of NFV draft.
I agree with Paul's opinion based on my experience of I2NSF Hackathon.
 In order to use I2NSF in a real environment, I think we should  provide a document for guidelines on how to use it in addition to the basic framework. Although the document couldn't reflect all use cases, I think we can provide a basic direction to user who use I2NSF Framework. Therefore,  security policy translator draft also can be a good guideline.
 In addition, from an implementation point of view, I think current interface is not enough since it only deal with internal interface. We also need to define additional interfaces or information model to use I2NSF in real world such as interface for VNFM and SFC controller. I knew that this is not part of the current I2NSF WG scope, but, if I2NSF WG is going to re-chartering phase, I think it is necessary to add those item to re-chartering.

2019. 7. 26. 오후 12:40, Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>> 작성:

Hi Roman and I2NSF WG,
Though the system components of the I2NSF system (e.g., security policy translator) are not in the scope of
I2NSF WG, key components such as I2NSF User, Security Controller, and Developer's Management System (DMS)
need standard documents to let developers and operators grasp what information and parameters are required and
exchanged among those components.

Those documents can be published as Informational RFCs to provide the developers and operators with
the guidelines to build their own components interoperable with other components in the I2NSF system.

For an example, the security policy translation draft provides the audience with such guidelines
in terms of the design of implementation of their own security policy translator.
https://tools.ietf.org/html/draft-yang-i2nsf-security-policy-translation-04

To let the security policy translator perform security policy translation, it requires
the relationship between the consumer-facing interface and the nsf-facing interface data models.
This document explains such relationship (or mapping) between the two interfaces.
With the explicit representation of such a mapping, the developers need to figure it out.
It will be time-consuming and may mislead them.

It also explains what information (e.g., IP addresses of a user's devices and website URLs) should
be populated into the NSF database for security policy translation in the Security Controller.
This information needs to delivered from the I2NSF User to the Security Controller.
Assuming that the I2NSF User and the Security Controller are developed by two different operators and vendors,
an interface between them should be standardized for interoperability.
As said during today's WG session, this security policy translation draft will target at an Informational RFC.

For another example, the draft of I2NSF on NFV reference architecture provides the operators and
developers with the guidelines of how to build the I2NSF system on the NFV architecture.
https://tools.ietf.org/html/draft-yang-i2nsf-nfv-architecture-05

The draft explains the initial configuration procedure in NFV architecture.
When a proper NSF is not activated yet in the I2NSF system, the Security Controller
sends an NSF initiation request to the DMSs which has (or may have) the required NSF,
as shown in Figure 2 in the draft.
In this case, the DMS sends an NSF initiation request  to the VNF Manager (VNFM) using the Ve-Vnfm interface
that is an ETSI NFV interface. This DMS NSF initiation request should be specified by
the I2NSF system. This draft will describe the contents and format of the request in
the next revision. Thus, this will help the vendors and operators easily implement the I2NSF
in the NSF architecture.

During the last 9 I2NSF hackathon projects, my team recognized the necessity of
the drafts for the functionality and parameters of the I2NSF system components.
I believe that these drafts will accelerate the development and development of
I2NSF in the real world.

I think our I2NSF WG needs to recharter toward the second phase.

Thanks.

Best Regards,
Paul


On Thu, Jul 25, 2019 at 4:45 PM Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> wrote:
Hello!

During today's F2F meeting, we discussed the need to check the charter scope of the work proposed in draft-yang-i2nsf-security-policy-translation.  Making no value judgement on the utility of the work, in my review of the current charter, this class of work is not in scope.  The current charter doesn't currently cover standardization activity inside the NSF/DMS/controller.

If the WG wants to re-charter, by all means, let's have that conversation.

Roman


_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf


--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.23.0 | Report a Bug | By Email