[Inventory-yang] IESG comments to charter
Daniele Ceccarelli <daniele.ietf@gmail.com> Thu, 11 May 2023 11:45 UTC
Return-Path: <daniele.ietf@gmail.com>
X-Original-To: inventory-yang@ietfa.amsl.com
Delivered-To: inventory-yang@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F5A1C151B26 for <inventory-yang@ietfa.amsl.com>; Thu, 11 May 2023 04:45:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1sMLvx159Sq for <inventory-yang@ietfa.amsl.com>; Thu, 11 May 2023 04:45:14 -0700 (PDT)
Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D3AC151B25 for <Inventory-yang@ietf.org>; Thu, 11 May 2023 04:45:13 -0700 (PDT)
Received: by mail-qv1-xf34.google.com with SMTP id 6a1803df08f44-61b5a6865dfso67444376d6.3 for <Inventory-yang@ietf.org>; Thu, 11 May 2023 04:45:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683805512; x=1686397512; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=rIaQ7sJYRTR0szsUGYMGXutBvADiF2K2eOsq87o1PZ0=; b=CE5HSwkYZLpaP2hEYqMRWvw6gPwA8ai7kfHAPVRFWWjqOs82s16Wns4QeHrn4l2ND8 JG0TUBPTlEswUGaHKgN2s15DxwQYOky1f/7T4O9c+2jwaq0Ha1DXiirV3Mj6pkarqZOM mKT3xHsQxeRawDpWHJglRpPmAGivLzfSlMtca1vFunQuyft4h+WBfTEeS3Ww0UzyjD2N 40Rmr63zNv4gAGERe7xPYg9Yqlv+aliZ5SsCeuVA6V045GA6sXF81z9f5u7y6NAEsv4Q FnNW4RJQE75edJj+YviRhS+BM8GYO/j7Hmo54SQNHFTzJPQoDcsVeJ07W2fxR9x/+bnz jExQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683805512; x=1686397512; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=rIaQ7sJYRTR0szsUGYMGXutBvADiF2K2eOsq87o1PZ0=; b=N/Y3+8UVafjAl9tCd/DSzAqv62teE6GSoSVALBynlhaRA+srM3JBeDPSTdTcPzG407 SZX/QjllevYvd4RYt1AfvLcsXv8V/TBYxCypL/jdALmIBCh5uk71HBV5kU6PDwKS0K0H T/k5L23Rj3/MWqimcYJqvOprACkfP0+7kW//R7q2rSzV+qWi4uLE3SDLHbZ2mS57RPla RPC6pmpsoz92Km81ZsjB4BmZUenL6TxgdCZFHR+nojSSk03TA2qPLRN1vp0+8Chi7izD zIkFTeSSWBQuOWXusEnkjibDqvvR2f9NDZcSrtIUVaTrUOyUAVqGvSrGxyOv+JoZHojj 2I/w==
X-Gm-Message-State: AC+VfDyzWYdavcO3NKvYgShZwaMXkHFw+G1w6bh+7+2b8WhE0JCJBgOC xXEkbYAEkLC5h47n/VLJoQwF9a48ZX5UwY+Lgw3Ld/ZFhXxPnA==
X-Google-Smtp-Source: ACHHUZ7B87N0wrAB4oQ67LfCU++EX7IkiNKR7d+AvrW/emzoJddD0UVu4Yk/blNQOjTuRHe45Cen0p+MOBakO67ZxOk=
X-Received: by 2002:a05:6214:d43:b0:5e9:5602:3af0 with SMTP id 3-20020a0562140d4300b005e956023af0mr35228691qvr.46.1683805512223; Thu, 11 May 2023 04:45:12 -0700 (PDT)
MIME-Version: 1.0
From: Daniele Ceccarelli <daniele.ietf@gmail.com>
Date: Thu, 11 May 2023 13:45:01 +0200
Message-ID: <CAB01kMi7DLy5QKcZnVMU_PKK9m5yecSaRMXtBHV-YxyPa0up8g@mail.gmail.com>
To: "inventory-yang@ietf.org" <Inventory-yang@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006d4d8805fb6985b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/inventory-yang/iFc_fkohogTqrjuIWeF87MAvsQs>
Subject: [Inventory-yang] IESG comments to charter
X-BeenThere: inventory-yang@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inventory Management using YANG <inventory-yang.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/inventory-yang>, <mailto:inventory-yang-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/inventory-yang/>
List-Post: <mailto:inventory-yang@ietf.org>
List-Help: <mailto:inventory-yang-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/inventory-yang>, <mailto:inventory-yang-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2023 11:45:18 -0000
Hi all, at the following link you can find the IESG comments to the proposed charter: https://datatracker.ietf.org/doc/charter-ietf-nimby/ballotpopup/918699/ I had just started replying to them when I realized that they were just sent to the chairs-to be of the WG. I'm copying below the comments and proposed replies. Please add/amend. Thanks Daniele *1. From Éric Vyncke* ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Coordinated work in this area is indeed very much needed! And I am supporting it, hoping that the comments below will be addressed before the external review. 1st §: should the past (i.e., removed equipment) be part of the inventory per symmetry with the 'planned' ones ? [DC]i don't have a strong opinion here. History is always good to have, but how to decide how long to keep the information? Weeks? Months? 2nd §: "venue for discussion of inventory YANG models" seems to contradict the work items list as some will be published (even already contradicting somehow [DC] If i get this right the word "discussion" means that the WG is not supposed to produce any document/model. Maybe we can just drop it and say: "provide a venue for inventory YANG models..." §3). s/IETF Areas and Working Groups/IETF Areas/ ? [DC] OK 5th §: are virtual networks/machines also in scope (including their physical 'anchors', i.e., hosts), it actually appears much later in the charter, i.e., could be mentioned earlier ? [DC] i'm open to suggestions. The intro speaks about inventory and then in the bullets we describe what is covered. Like Lars, I would prefer something like "that include layers 0-3 functions". Are licences part of the inventory ? Should this WG be able to update existing models ? [DC] "network elements that operate at layers 0-3" means optical devices, switches, routers etc. Does "layer 0-3 functions" have the same meaning? In the milestones, s/model/YANG data model/ [DC] ok Nothing is really said about the "The Working Group may also act as a coordinator of the inventory work" which assumes a controlling role, or should this sentence be replaced by "This WG will coordinate with other WG about the inventory work" ? [DC] makes sense Note: allow me to diverge a little: were there any BoF prior this chartering effort ? Was it the outcome of a dispatch WG ? [DC] Rob, some help here? Hope that the above points help Regards, -éric PS: to do some bike shedding, "Yet Another Inventory Model" (YAIM) to follow the YANG paradigm or "Yet Another Model for Inventory" (YAMI) or "YANG Used to Model Inventory" (YUMI) *2. Roman Danyliw* ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Recommend against using the name “NIMBY”. See https://en.wikipedia.org/wiki/NIMBY. > For auditing purposes, > inventories may also be used to collect information from the network, > as well as for cataloging and exposing that information. This text seems backwards to me. Doesn’t one “collect information from the network” to produce an “inventory” for “audit purposes”. [DC] indeed. What about: "Inventories are use to collect, catalog and expose information from the network as well as for auditing purposes." > F. Security and privacy issues: The information in a network > inventory is highly sensitive as it exposes critical information > about the internal topology and characterization of the > components that are used to build that topology. Mechanisms to > ensure topology hiding and prevent unauthorized access are > expected to be in place. However, the Working Group may consider > whether additional security mechanisms are needed to protect this > information from unauthorized access and manipulation. Can this scope of work be clarified as I’m have trouble envisioning how the work products manifesting in the context of the YANG model – is this about new protocols work or security mechanisms to secure the YANG models? or specification of operational practices to protect the YANG models? Is it work minimization of the data stored in the YANG model? [DC] This means to identify any new security gap, if any. The working group is not planning to define any protocol extension. > Jun 2024 Request publication of the above model. I’m having trouble finding the “model” referenced here in the charter text. > Sep 2023 Adopt an Internet-Draft describing a core network inventory model that can be used as a foundation by other models to establish technology-specific inventory models. I also don’t know where this milestone comes from based on the charter text. There is a long list of possible areas A – F, but the introduction to this list is a caution that most of these won’t be published. Nothing there suggested a unification/baseline model approach to me. I would recommend the text making crisp statement on what will be done and what might be be explored before this ships. [DC] what about the following change: OLD: An objective of this effort is to derive common building-blocks for inventory modeling that can be augmented, imported, or reused by other IETF models. The WG will also identify a set of requirements and some guidelines to ensure consistency across models related to inventory. NEW An objective of this effort is to define a core network inventory model deriving common building-blocks for inventory modeling that can be augmented, imported, or reused by other IETF models. The WG will also identify a set of requirements and some guidelines to ensure consistency across models related to inventory. *3. John Scudder* ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Although there's a milestone about a "core network inventory model", there is nothing in the charter text itself that says that. The closest I found was "An objective of this effort is to derive common building-blocks for inventory modeling that can be augmented, imported, or reused by other IETF models", which (to my eyes at least) is relatively vague and my first impulse wouldn't be "oh that means they're doing a core inventory model". The lack of a clear statement about producing a model makes it hard to know what to make of "Mapping the inventory models that will be produced by the WG into existing IETF models (e.g., ietf-network-topology) is also in scope." Even taking as read that a "core inventory model" is a first deliverable, I'm not sure what this sentence means, although that might just be my ignorance rather than a lack of precision in the language. [DC] this should be addressed by the text modification suggested in a reply to Roman's comment *4. Paul Wouters*---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This work seems closely related to the SBOM work done in OPSAWG. What was the reason behind not using that WG and starting a new one ? [DC] already replied as follows: the SBOM work only focuses on retrieving information on which systems have vulnerabilities. The scope of this work is to collect inventory information (both HW and SW) from all the devices in the network: optical devices, routers, switches, etc. *5. Erik Kline* ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Internet AD comments for charter-ietf-nimby-00-01 CC @ekline * I support finding an alternate working group name. Even plain YANI (YANG Network Inventory) might be okay. ## Comments ### P5 * What's an example of a "layer 0" element? [DC] Already replied as follows: an example of a Layer 0 element is an optical device. A ROADM for example (Reconfigurable Add Drop Multiplexer).
- Re: [Inventory-yang] IESG comments to charter Italo Busi
- [Inventory-yang] IESG comments to charter Daniele Ceccarelli
- Re: [Inventory-yang] IESG comments to charter daniele.ietf
- Re: [Inventory-yang] IESG comments to charter Daniele Ceccarelli
- Re: [Inventory-yang] IESG comments to charter Rob Wilton (rwilton)
- Re: [Inventory-yang] IESG comments to charter Adrian Farrel
- Re: [Inventory-yang] IESG comments to charter Rob Wilton (rwilton)
- Re: [Inventory-yang] IESG comments to charter Adrian Farrel