Re: [Nsaas] : A ore accurate name....

Linda Dunbar <> Mon, 15 September 2014 19:01 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 42D391A8791 for <>; Mon, 15 Sep 2014 12:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.852
X-Spam-Status: No, score=-5.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hICoSEYzej0E for <>; Mon, 15 Sep 2014 12:01:18 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3C9FC1A6FC7 for <>; Mon, 15 Sep 2014 11:51:21 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.7-GA FastPath queued) with ESMTP id BJM22693; Mon, 15 Sep 2014 18:51:19 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 15 Sep 2014 19:51:18 +0100
Received: from ([]) by dfweml704-chm ([]) with mapi id 14.03.0158.001; Mon, 15 Sep 2014 11:51:17 -0700
From: Linda Dunbar <>
To: Myo Zarny <>, "" <>, "" <>
Thread-Topic: : A ore accurate name....
Thread-Index: AQHP0RYHRJncI4sVW0eTfmzyno6NPw==
Date: Mon, 15 Sep 2014 18:51:16 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F645E00334@dfweml701-chm>
References: <4A95BA014132FF49AE685FAB4B9F17F645DECABE@dfweml701-chm> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F645E00334dfweml701chm_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "Zarny, Myo" <>
Subject: Re: [Nsaas] : A ore accurate name....
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*NSaaS: Network Security as a Service mailing list*" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Sep 2014 19:01:23 -0000

Agree with Myo that prioritization/scoping of NSaaS will be crucial.
IMHO, standard Interface to Virtual Network Security Functions (I2NSF, or I2VNSF)  is a tool to enable NSaaS.  NSaaS might have broader scope, which might touch upon services model, SLA, etc.

IETF has traditionally been good in building tools, instead of broad service model (not to say that IETF can’t do it).

Another important point, strictly speaking, API is normally referring to function calls among different functions on one system, what we want to achieve is the interface between separate entities (boxes), as what I2RS is doing.

Therefore,  “Programmatic interfaces” might be more accurate.

Any thoughts?


From: Myo Zarny []
Sent: Sunday, September 14, 2014 8:27 PM
Cc: Zarny, Myo; Linda Dunbar
Subject: Re: FW: A ore accurate name....

Hi Brian,

I agree that the scopes of SACM and NSaaS aren't the same even though there is overlap. NSaaS is broader. Its domain/scope is more than just endpoints, consistent APIs, communication protocols between endpoints and network-based security services. It's all that plus--as you've pointed out--how security policies are translated and provisioned on the "southbound" side--regardless of their form-factor (hardware, software, hypervisor-based, container-based). And so on.

The challenge is in determining which ones should be prioritized. To me, as a user (not a vendor) of services, being able to dynamically reserve network (security) services and have appropriate (security) policies dynamically applied is the holy grail. (Especially if those policies can be defined in user friendly terms and the system be smart enough to translate them.) The question is how do we define and prioritize the steps towards achieving them.


From: Nsaas [] On Behalf Of Brian Ford (brford)
Sent: Wednesday, September 10, 2014 7:10 PM
Subject: [Nsaas] A ore accurate name....


IMO someone can make the argument that just about any acronym is like a ‘Marketing program’.  Changing the name of the pre-WG effort for that reason alone doesn’t seem wise ego me.  Changing it from something …’was’ to include ‘Open’ doesn’t seem like a big win.

When I first read your messages about Network Security as a Service I was interested.  I still am even though I know little more than the name.

I have been watching and involved in SACM, Security Automation and Continuous Monitoring.  One of my concerns that I have about SACM are its almost myopic endpoint focus.  I’m particularly interested in NSaaS because it could or might address the application of security policy in networks that protect all devices be they endpoints or VMs or intelligent lightbulbs in an IoT (or IoE).

I see ‘daylight’ between SACM and NSaaS.  But they could help each other.  Let’s start working on the real problem.



Via the offline discussion with Melinda, I learned that many people may think that NSaaS is more like Marketing slogan.

Since the goal is to define a common interface for network security functions (like what I2RS has done for routers), so that Service Providers or 3rd party operators can offer Network Security Functions that may not physically present in the client premises.

Is  "I2NSF" (Open Interface to Network Security functions) a more appropriate name? Any more suggestions?


  Brian Ford | OCTAO |<> | Direct 212.714.4288<tel:212.714.4288> | Mobile: 516.769.5884<tel:516.769.5884> |<>