[netmod] WG documents for I2RS Protocol - WG calls 5/27 to 6/9
"Susan Hares" <shares@ndzh.com> Tue, 09 June 2015 21:32 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53FB81A1B21; Tue, 9 Jun 2015 14:32:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.155
X-Spam-Level:
X-Spam-Status: No, score=-97.155 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UYu0fEIRb4aH; Tue, 9 Jun 2015 14:32:05 -0700 (PDT)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) by ietfa.amsl.com (Postfix) with ESMTP id 3C7BB1A1B05; Tue, 9 Jun 2015 14:32:05 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=184.157.82.115;
From: Susan Hares <shares@ndzh.com>
To: i2rs@ietf.org
Date: Tue, 09 Jun 2015 17:31:54 -0400
Message-ID: <026e01d0a2fb$b52d99e0$1f88cda0$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_026F_01D0A2DA.2E1DA790"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdCi90273nYdXGB4SLeA1ZmD/g423g==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/arIz38IXVo89kJ6JTopthbm2QXQ>
Cc: 'Alia Atlas' <akatlas@juniper.net>, netconf@ietf.org, netmod@ietf.org
Subject: [netmod] WG documents for I2RS Protocol - WG calls 5/27 to 6/9
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2015 21:32:07 -0000
The following I2RS Protocol Requirements will be passed to NETCONF later this week https://datatracker.ietf.org/doc/draft-haas-i2rs-ephemeral-state-reqs (adopted by I2RS WG) (will be sent as draft-ietf-i2rs-ephemeral-state-reqs) http://datatracker.ietf.org/doc/draft-ietf-i2rs-pub-sub-requirements/ ( WG LC completed, consensus) http://datatracker.ietf.org/doc/draft-ietf-i2rs-traceability/ WG LC complete, consensus Come and discuss these at the I2RS Interim before the documents are passed to NETCONF. Below are 10 requirements that NETCONF SHOULD meet. There has been debate on the I2RS list whether NETCONF can provide requirement 2. If you have an opinion on these requirements, the interim tomorrow is your chance to provide feedback before the requirements go to NETCONF. Sue Hares ============================================= 1. The I2RS protocol SHOULD support highly reliable notifications (but not perfectly reliable notifications) from an I2RS agent to an I2RS client. 2. The I2RS protocol SHOULD support a high bandwidth, asynchronous interface, with real-time guarantees on getting data from an I2RS agent by an I2RS client. 3. The I2RS protocol will operate on data models which may be protocol independent or protocol dependent. 4. I2RS Agent needs to record the client identity when a node is created or modified. The I2RS Agent needs to be able to read the client identity of a node and use the client identity's associated priority to resolve conflicts. The secondary identity is useful for traceability and may also be recorded. 5. Client identity will have only one priority for the client identity. A collision on writes is considered an error, but priority is utilized to compare requests from two different clients in order to modify an existing node entry. Only an entry from a client which is higher priority can modify an existing entry (First entry wins). Priority only has meaning at the time of use. 6. The Agent identity and the Client identity should be passed outside of the I2RS protocol in a authentication and authorization protocol (AAA). Client priority may be passed in the AAA protocol. The values of identities are originally set by operators, and not standardized. 7. An I2RS Client and I2RS Agent mutually authenticate each other based on pre-established authenticated identities. 8. Secondary identity data is read-only meta-data that is recorded by the I2RS agent associated with a data model's node is written, updated or deleted. Just like the primary identity, the secondary identity is only recorded when the data node is written or updated or deleted. 9. I2RS agent can have a lower priority I2RS client attempting to modify a higher priority client's entry in a data model. The filtering out of lower priority clients attempting to write or modify a higher priority client's entry in a data model SHOULD be effectively handled and not put an undue strain on the I2RS agent. Note: Jeff's suggests that priority is kept at the NACM at the client level (rather than the path level or the group level) will allow these lower priority clients to be filtered out using an extended NACM approach. This is only a suggestion of a method to provide the requirement 9. 10. The I2RS protocol MUST support the use of a secure transport. However, certain functions such as notifications MAY use a non-secure transport. Each model or service (notification, logging) must define within the model or service the valid uses of a non-secure transport.