[Ibnemo] Network user role definition and classification.
"Lifengkai (Fengkai)" <lifengkai@huawei.com> Tue, 14 July 2015 02:36 UTC
Return-Path: <lifengkai@huawei.com>
X-Original-To: ibnemo@ietfa.amsl.com
Delivered-To: ibnemo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0431A8990 for <ibnemo@ietfa.amsl.com>; Mon, 13 Jul 2015 19:36:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Level:
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A2xYNU2Gip-M for <ibnemo@ietfa.amsl.com>; Mon, 13 Jul 2015 19:36:45 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6302B1A8998 for <ibnemo@ietf.org>; Mon, 13 Jul 2015 19:36:44 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml406-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BYS44158; Tue, 14 Jul 2015 02:36:42 +0000 (GMT)
Received: from NKGEML408-HUB.china.huawei.com (10.98.56.39) by lhreml406-hub.china.huawei.com (10.201.5.243) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 14 Jul 2015 03:36:41 +0100
Received: from NKGEML505-MBS.china.huawei.com ([169.254.2.59]) by nkgeml408-hub.china.huawei.com ([10.98.56.39]) with mapi id 14.03.0158.001; Tue, 14 Jul 2015 10:36:29 +0800
From: "Lifengkai (Fengkai)" <lifengkai@huawei.com>
To: "ibnemo@ietf.org" <ibnemo@ietf.org>
Thread-Topic: Network user role definition and classification.
Thread-Index: AdC917TEpc/AIaewREqe8+mb7gfItA==
Date: Tue, 14 Jul 2015 02:36:28 +0000
Message-ID: <865C20BAAE8BBD4C89E7D6FE694F6B3B31C26D7F@nkgeml505-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.243]
Content-Type: multipart/alternative; boundary="_000_865C20BAAE8BBD4C89E7D6FE694F6B3B31C26D7Fnkgeml505mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/ibnemo/DK0CihVTnFBHPx66OYh9lFFc7zY>
Subject: [Ibnemo] Network user role definition and classification.
X-BeenThere: ibnemo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of Nemo, an intent-based North Bound \(NB\) interface consisting of an application protocol running over HTTP \(RESTful interfaces\) to exchange intent-based primitives between applications and meta-controllers controlling virtual network resources \(networks, storage, CPU\)." <ibnemo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ibnemo>, <mailto:ibnemo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ibnemo/>
List-Help: <mailto:ibnemo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ibnemo>, <mailto:ibnemo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 02:36:48 -0000
Hi all,
>From the discussion in the mail list, I tend to draw the conclusion that people agreed on the concept for role-based intent.
Considering the further progressing of this technical field, I would like to start this thread for the network user role definition and classification.
For the work in the role classification related field, I think the followings sequenced steps are needed:
1. Clear specifications of "role", which includes the definitions, attributes, features etc.
2. Types of roles for classification, based on the definitions, example of roles provided by Bert and Sue from previous emails, working out the preliminary role type list.
3. Detailed illustrations of one role type's intent as a starting point, from the role type list, choose one typical role type, and give the illustrations.
Any comments about the above proposed steps?
And the following is the text proposed, and welcome comments again.
Step 1: Role definition:
Role is a set of network user's responsibilities for specifying the scope of their intents. A network user's intent scope is for restricting the network user's corresponding desires and requirements. Network user's intent scope is unique and specific to the network users with a particular role.
The role specifies the network user's intent by taking two dimensions into account for role attributes. The first dimension is for functional abstraction and expressions. With this dimension, the network objects with which the network users want to interact and the intent expression would be defined or restricted. The second dimension is for the authorization and accessing control. With this dimension, the network users' authority or permissions for accessing to the network objects would be defined or restricted. The second dimension is controlled via an RBAC system which takes this role dimension into account.
The network user's role is constituted of object-attribute concept. With the two pattern concept, a network user can have access or no-access to specific attributes of specific object via intended abstractions and expressions
Through the role compositional semantics, one network user can be assigned with more than one roles to enjoy a broader scope for intent expression. Network user's role may not be explicit mutually exclusive, and the role overlapping part for different network users indicates that the network users share some same desires and requirements.
Step 2: Type list of roles:
Method: I want to categorize the network user role types by analyzing one typical organization's department organizational structure. Departments are grouped with the network users' same responsibilities and requirements.
I have talked with people from China Unicom, which I chose as the concrete organization to analyze, and I will send out our initial output later.
Step 3: Concrete intent requirements:
Method: I want to finalize a enterprise's Virtual Wide-Area Network intent requirements as an output, which falls into the use case section in https://datatracker.ietf.org/doc/draft-hares-ibnemo-overview/.
Thanks.
Best Regards,
Fengkai
- [Ibnemo] Network user role definition and classif… Lifengkai (Fengkai)
- Re: [Ibnemo] Network user role definition and cla… Lifengkai (Fengkai)