IETF Logo Mail Archive

Re: [Ibnemo] [Sdn] Defining a Common Model for intent

DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com> Sun, 14 June 2015 10:47 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: ibnemo@ietfa.amsl.com
Delivered-To: ibnemo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFF011B2C7F for <ibnemo@ietfa.amsl.com>; Sun, 14 Jun 2015 03:47:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClEaosrTBs1g for <ibnemo@ietfa.amsl.com>; Sun, 14 Jun 2015 03:47:08 -0700 (PDT)
Received: from smtptc.telefonica.com (smtptc.telefonica.com [195.76.34.108]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 432711B2C7D for <ibnemo@ietf.org>; Sun, 14 Jun 2015 03:47:06 -0700 (PDT)
Received: from smtptc.telefonica.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D3C00880B5; Sun, 14 Jun 2015 12:47:04 +0200 (CEST)
Received-SPF: PermError (tgtim3c04.telefonica.com: domain of diego.r.lopez@telefonica.com uses mechanism not recognized by this client) identity=MAILFROM; client-ip=10.92.4.9; envelope-from=diego.r.lopez@telefonica.com; helo=ESTGVMSP102.EUROPE.telefonica.corp)
Received: from ESTGVMSP102.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtptc.telefonica.com (Postfix) with ESMTPS id BA8228809F; Sun, 14 Jun 2015 12:47:04 +0200 (CEST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.93.6.49) with Microsoft SMTP Server (TLS) id 14.3.195.1; Sun, 14 Jun 2015 12:47:03 +0200
Received: from AM2PR06MB0611.eurprd06.prod.outlook.com (10.161.18.141) by AM2PR06MB0626.eurprd06.prod.outlook.com (10.161.18.144) with Microsoft SMTP Server (TLS) id 15.1.190.14; Sun, 14 Jun 2015 10:47:02 +0000
Received: from AM2PR06MB0611.eurprd06.prod.outlook.com ([10.161.18.141]) by AM2PR06MB0611.eurprd06.prod.outlook.com ([10.161.18.141]) with mapi id 15.01.0190.013; Sun, 14 Jun 2015 10:47:02 +0000
From: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
To: PEDRO ANDRES ARANDA GUTIERREZ <pedroa.aranda@telefonica.com>
Thread-Topic: [Ibnemo] [Sdn] Defining a Common Model for intent
Thread-Index: AQHQpo9ypBzImTsnLEGvNEAMzv5Ssg==
Date: Sun, 14 Jun 2015 10:47:02 +0000
Message-ID: <4127E43B-08C9-448C-9394-6C5AF33092A0@telefonica.com>
References: <00f301d09b13$79cc2410$6d646c30$@ndzh.com> <8D15A2BAF93E9C49AB037A0647E5FA643F8490D8@eusaamb105.ericsson.se> <865C20BAAE8BBD4C89E7D6FE694F6B3B2D3CA540@nkgeml505-mbs.china.huawei.com> <017101d09d89$1d9ca570$58d5f050$@ndzh.com> <865C20BAAE8BBD4C89E7D6FE694F6B3B2D3CD945@nkgeml505-mbs.china.huawei.com> <013e01d09ef5$190b6e20$4b224a60$@ndzh.com> <865C20BAAE8BBD4C89E7D6FE694F6B3B2D3CDF47@nkgeml505-mbs.china.huawei.com> <021a01d09fb6$e1c51c00$a54f5400$@ndzh.com> <80B0B523-E50E-46F8-9FDC-CC861D2BF96E@telefonica.com> <A747A0713F56294D8FBE33E5C6B8F58129514E55@szxeml513-mbx.china.huawei.com> <1BCA2E06-E15A-46C5-9ED5-7A1042CB3DAE@telefonica.com> <A747A0713F56294D8FBE33E5C6B8F58129515001@szxeml513-mbx.china.huawei.com> <D19D9CAB.1DC4D%pedroa.aranda@telefonica.com> <BBA82579FD347748BEADC4C445EA0F2166BC1508@nkgeml512-mbx.china.huawei.com> <D19DD720.1DC80%pedroa.aranda@telefonica.com> <BBA82579FD347748BEADC4C445EA0F2166BC182B@nkgeml512-mbx.china.huawei.com> <D19F1478.1DD9A%pedroa.aranda@telefonica.com>
In-Reply-To: <D19F1478.1DD9A%pedroa.aranda@telefonica.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: telefonica.com; dkim=none (message not signed) header.d=none;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [88.30.44.134]
x-microsoft-exchange-diagnostics: 1; AM2PR06MB0626; 3:gM8Esw/1nbCI+ev8ohWz/XsbOpWx1Tgk62QleWmQqGpKLgNwe5KyuaTmSCEe+o0EfIwUAMMbgQLFsnS0rv1a582Jh6ZRDOehAxBnZ/6IaJIOst3prItPfIac1Dt5uPsyMDHd6amOpe0dc2R8o7PWCw==; 10:LPSjqxAy2J414Z9/lPOkUKnb/FdP37T+6Xu5Z0pv3pJo/eoiDYXeXbUMs9RQL4NU9cIHDcXlHOEz/rYm+eW3YgUMVQfRB3zZE0sxa6UbR7I=; 6:OEDn2Dk9ilwRN1B3ZLhUIARm2j+DQD8/QlkQ/vj0ShSPW5Z1d2lSWfiLdDEIzU5H
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM2PR06MB0626;
x-microsoft-antispam-prvs: <AM2PR06MB06262D27037DE7659D324EA6DFB90@AM2PR06MB0626.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(520003)(3002001); SRVR:AM2PR06MB0626; BCL:0; PCL:0; RULEID:; SRVR:AM2PR06MB0626;
x-forefront-prvs: 06070568C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(252514010)(24454002)(19300405004)(83716003)(2656002)(82746002)(87936001)(93886004)(19580405001)(54356999)(86362001)(575784001)(19580395003)(76176999)(50986999)(19617315012)(106116001)(5002640100001)(77096005)(16236675004)(189998001)(66066001)(62966003)(5001960100002)(40100003)(77156002)(33656002)(110136002)(102836002)(92566002)(15975445007)(122556002)(46102003)(2950100001)(36756003)(2900100001)(104396002)(4001450100001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM2PR06MB0626; H:AM2PR06MB0611.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: multipart/alternative; boundary="_000_4127E43B08C9448C93946C5AF33092A0telefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2015 10:47:02.3148 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR06MB0626
X-OriginatorOrg: telefonica.com
X-TM-AS-MML: No
Archived-At: <http://mailarchive.ietf.org/arch/msg/ibnemo/7Tt4v9uRQxeAC_4GvKicq_vT3Wk>
Cc: "zhangyali \(D\)" <zhangyali369@huawei.com>, "ibnemo@ietf.org" <ibnemo@ietf.org>, Susan Hares <shares@ndzh.com>
Subject: Re: [Ibnemo] [Sdn] Defining a Common Model for intent
X-BeenThere: ibnemo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of Nemo, an intent-based North Bound \(NB\) interface consisting of an application protocol running over HTTP \(RESTful interfaces\) to exchange intent-based primitives between applications and meta-controllers controlling virtual network resources \(networks, storage, CPU\)." <ibnemo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ibnemo>, <mailto:ibnemo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ibnemo/>
List-Help: <mailto:ibnemo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ibnemo>, <mailto:ibnemo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jun 2015 10:47:12 -0000

Hi,

May be we should start using different words for both meanings of "role", focused on the different mechanisms that would define them.

Functional roles would consist of the set of actions (functionality) available, according to the view that role has via the network abstraction available to it.

Access roles would consist of the the set of objects and actions that are available to that role when the security policies are applied, typically by means of RBAC.

Thinking about it, access role permissions should be applied on the objects and actions available to the functional roles the user has, so we are not talking about independent dimensions here, but of an ordered composition of the different kind of roles.

Be goode,

On 11 Jun 2015, at 10:35 , PEDRO ANDRES ARANDA GUTIERREZ <pedroa.aranda@telefonica.com<mailto:pedroa.aranda@telefonica.com>> wrote:

Hi Tianran,

Let Diego clarify, I might be introducing noise here. So I’d like to start exploring the infrastructure vs. Role intent ‘plane’.

Best, /PA
De: Zhoutianran <zhoutianran@huawei.com<mailto:zhoutianran@huawei.com>>
Fecha: jueves, 11 de junio de 2015 09:48
Para: PEDRO ANDRES ARANDA GUTIERREZ <pedroa.aranda@telefonica.com<mailto:pedroa.aranda@telefonica.com>>, "zhangyali (D)" <zhangyali369@huawei.com<mailto:zhangyali369@huawei.com>>, DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>>
CC: Sue Hares <shares@ndzh.com<mailto:shares@ndzh.com>>, "ibnemo@ietf.org<mailto:ibnemo@ietf.org>" <ibnemo@ietf.org<mailto:ibnemo@ietf.org>>
Asunto: RE: [Ibnemo] RE: [Sdn] Defining a Common Model for intent

Hi Pedro,

These examples are good starting point.
But I think the security you mentioned in the example is different from what Diego mentioned in other email.
I guess the security dimension Diego metioned is something like the Role Based Access Control.
That means, IMHO, a user can have the accessable/usable intent based on his role.
In your second example, the security is the more about function in firewall or router, like ACL.


Terence

---
Dr. Pedro A. Aranda Gutiérrez

Technology Exploration -
Network Innovation & Virtualisation
email: pedroa d0t aranda At telefonica d0t com
Telefónica, Investigación y Desarrollo
C/ D. Ramón de la Cruz,84
28006 Madrid, Spain

Fragen sind nicht da, um beantwortet zu werden.
Fragen sind da, um gestellt zu werden.
Georg Kreisler

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.8.7 | Report a Bug | By Email