[Inventory-yang] IESG comments to charter

[Daniele Ceccarelli <daniele.ietf@gmail.com>]

Hi all,

at the following link you can find the IESG comments to the proposed
charter:

https://datatracker.ietf.org/doc/charter-ietf-nimby/ballotpopup/918699/

I had just started replying to them when I realized that they were just
sent to the chairs-to be of the WG.
I'm copying below the comments and proposed replies. Please add/amend.

Thanks
Daniele

*1. From Éric Vyncke*
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Coordinated work in this area is indeed very much needed! And I am
supporting it, hoping that the comments below will be addressed before the
external review.

1st §: should the past (i.e., removed equipment) be part of the inventory
per
symmetry with the 'planned' ones ?
[DC]i don't have a strong opinion here. History is always good to have, but
how to decide how long to keep the information? Weeks? Months?

2nd §: "venue for discussion of inventory YANG models" seems to contradict
the work items list as some will be published (even already contradicting
somehow
[DC] If i get this right the word "discussion" means that the WG is not
supposed to produce any document/model. Maybe we can just drop it and say:
"provide a venue for inventory YANG models..."

§3). s/IETF Areas and Working Groups/IETF Areas/ ?
[DC] OK

5th §: are virtual networks/machines also in scope (including their physical
'anchors', i.e., hosts), it actually appears much later in the charter,
i.e.,
could be mentioned earlier ?
[DC] i'm open to suggestions. The intro speaks about inventory and then in
the bullets we describe what is covered.

Like Lars, I would prefer something like "that
include layers 0-3 functions". Are licences part of the inventory ? Should
this
WG be able to update existing models ?
[DC] "network elements that operate at layers 0-3" means optical devices,
switches, routers etc. Does "layer 0-3 functions" have the same meaning?

In the milestones, s/model/YANG data model/
[DC] ok

Nothing is really said about the "The Working Group may also act as a
coordinator of the inventory work" which assumes a controlling role, or
should
this sentence be replaced by "This WG will coordinate with other WG about
the inventory work" ?
[DC] makes sense

Note: allow me to diverge a little: were there any BoF prior this chartering
effort ? Was it the outcome of a dispatch WG ?
[DC] Rob, some help here?

Hope that the above points help

Regards,

-éric

PS: to do some bike shedding, "Yet Another Inventory Model" (YAIM) to follow
the YANG paradigm or "Yet Another Model for Inventory" (YAMI) or "YANG Used
to
Model Inventory" (YUMI)

*2. Roman Danyliw*
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Recommend against using the name “NIMBY”.  See
https://en.wikipedia.org/wiki/NIMBY.

> For auditing purposes,
> inventories may also be used to collect information from the network,
> as well as for cataloging and exposing that information.

This text seems backwards to me.  Doesn’t one “collect information from the
network” to produce an “inventory” for “audit purposes”.
[DC] indeed. What about: "Inventories are use to collect, catalog and
expose information from the network as well as for auditing purposes."

>  F. Security and privacy issues: The information in a network
>     inventory is highly sensitive as it exposes critical information
>     about the internal topology and characterization of the
>     components that are used to build that topology.  Mechanisms to
>     ensure topology hiding and prevent unauthorized access are
>     expected to be in place. However, the Working Group may consider
>     whether additional security mechanisms are needed to protect this
>     information from unauthorized access and manipulation.

Can this scope of work be clarified as I’m have trouble envisioning how the
work products manifesting in the context of the YANG model – is this about
new protocols work or security mechanisms to secure the YANG models?  or
specification of operational practices to protect the YANG models?  Is it
work
minimization of the data stored in the YANG model?
[DC] This means to identify any new security gap, if any. The working group
is not planning to define any protocol extension.

> Jun 2024      Request publication of the above model.
I’m having trouble finding the “model” referenced here in the charter text.
> Sep 2023      Adopt an Internet-Draft describing a core network inventory
model that can be used as a foundation by other models to establish
technology-specific inventory models.

I also don’t know where this milestone comes from based on the charter text.
There is a long list of possible areas A – F, but the introduction to this
list
is a caution that most of these won’t be published.  Nothing there
suggested a
unification/baseline model approach to me.  I would recommend the text
making crisp statement on what will be done and what might be be explored
before this ships.
[DC] what about the following change:

OLD:
 An objective of this effort is to derive common building-blocks for

inventory modeling that can be augmented, imported, or reused by other
IETF models. The WG will also identify a set of requirements and some
guidelines to ensure consistency across models related to inventory.


NEW

 An objective of this effort is to define a core network inventory
model deriving common building-blocks for

inventory modeling that can be augmented, imported, or reused by other
IETF models. The WG will also identify a set of requirements and some
guidelines to ensure consistency across models related to inventory.

*3. John Scudder*

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Although there's a milestone about a "core network inventory model", there is
nothing in the charter text itself that says that. The closest I found was "An
objective of this effort is to derive common building-blocks for inventory
modeling that can be augmented, imported, or reused by other IETF models",
which (to my eyes at least) is relatively vague and my first impulse wouldn't
be "oh that means they're doing a core inventory model".

The lack of a clear statement about producing a model makes it hard to know
what to make of "Mapping the inventory models that will be produced by
the WG into existing IETF models (e.g., ietf-network-topology) is also
in scope." Even taking as read that a "core inventory model" is a
first deliverable, I'm not
sure what this sentence means, although that might just be my
ignorance rather than a lack of precision in the language.

[DC] this should be addressed by the text modification suggested in a
reply to Roman's comment


*4. Paul Wouters*----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

This work seems closely related to the SBOM work done in OPSAWG. What was the
reason behind not using that WG and starting a new one ?

[DC] already replied as follows:
the SBOM work only focuses on retrieving information on which systems
have vulnerabilities.
The scope of this work is to collect inventory information (both HW
and SW) from all the devices in the network: optical devices, routers,
switches, etc.

*5. Erik Kline*
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

# Internet AD comments for charter-ietf-nimby-00-01
CC @ekline

* I support finding an alternate working group name. Even plain YANI (YANG
  Network Inventory) might be okay.

## Comments

### P5

* What's an example of a "layer 0" element?
[DC] Already replied as follows:
an example of a Layer 0 element is an optical device. A ROADM for
example (Reconfigurable Add Drop Multiplexer).