Re: [Rats] Call for adoption (after draft rename) for Yang module draft

"Eric Voit (evoit)" <evoit@cisco.com> Fri, 15 November 2019 22:23 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D1571208D1 for <rats@ietfa.amsl.com>; Fri, 15 Nov 2019 14:23:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=j6KV1hLR; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=0mlj+Xeu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSNFFUBDU9IR for <rats@ietfa.amsl.com>; Fri, 15 Nov 2019 14:23:26 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81327120864 for <rats@ietf.org>; Fri, 15 Nov 2019 14:23:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=31945; q=dns/txt; s=iport; t=1573856606; x=1575066206; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=+Fpd4oMqkF9tU13VTCQDhoUqn2VgJnahvvmv4mCAmhU=; b=j6KV1hLR6WeTA6Rh5uTMrXurRaXIsoZ78MrCK6rVyaYdJfrIkr6pGNPA z6BbOWdYJ8mYyz2f19B/zBOHjvCWv645CelFdgY+g/Z6zTQeKmT6XvOn8 tAW4l4bmKEgQc0EaQ/HcxVGF4/tl5Mi0S/z7+3n8Kfa6NsAuANAVWuMps I=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3AB5A50BV1HHNtxE1+qkzKZbn0S8PV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSANWJ8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtank3AsNDSHdu/mqwNg5eH8OtL1A=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B/AAABJM9d/5tdJa1kGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYFtAgEBAQELAYEbLyQsBWwrLSAECyoKhB+DRgO?= =?us-ascii?q?Kc06CEJgAgUKBEANUAgcBAQEJAwEBGAEKCgIBAYRAAoIjJDcGDgIDCwEBBAE?= =?us-ascii?q?BAQIBBQRthTcMhVEBAQEBAwEBEAsGChMBASwLAQ8CAQYCDgQDDwETBwMCAgI?= =?us-ascii?q?lCxQDDgIEAQ0FCAYUgwGBeU0DHw8BAgyVDJBkAoE4iGB1gTKCfgEBBYUgGII?= =?us-ascii?q?QBwMGgTYBgVKKQhiBQD+BEUaCTD6CYgEBgS4BEgEhFRYJgloygiyPWjmPCo4?= =?us-ascii?q?ebgqCKoNNgjSPZ5oOjkiaCAIEAgQFAg4BAQWBaCNncXAVO4JsUBEUgjeOYww?= =?us-ascii?q?Xg1CFFIU/dAGBJ44WgSIBgQ4BAQ?=
X-IronPort-AV: E=Sophos;i="5.68,309,1569283200"; d="p7s'?scan'208,217";a="651994889"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Nov 2019 22:23:24 +0000
Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id xAFMNOu8007088 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 15 Nov 2019 22:23:24 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 15 Nov 2019 16:23:24 -0600
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 15 Nov 2019 17:23:22 -0500
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 15 Nov 2019 16:23:22 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ntks2HdHtCt9iH651nIjIzgMKlTqRXou1wSzBHiBQO96OFOGzlL//OlNZbu/N25xmx1a9mMWE+V+pEUfmx5Y/nnxtGcNGvD8zVs3Sy8z43i9rBmWVu3YkSmj6X1wDVw4Jhqgzr7eFlH19JHCikYd56rKPSvbqJYwEloPC8XBLKlv8IM58RLiEFpa11mUhYMN9m4+i8y5RRIEYghoSlyvni5mL/bQhgfss+4UZPTjRBqfwqYXkksaj5WPh6F0pDavqvWaZQgeiqjQVpPrgHPesxVCOIOY7d0VewyDm/ihsEoKq8BelSSO0vrySJQhfaSdECUbvq2gVykSdNemhKcF3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cmWVyfwrr6Zx/FGvQaVp63jRCTCeSQaVjQUDFz+H1ew=; b=er/V1ZCF961DKRIs3KH6dFfhBUAoXzlFn3Q6uck87u3kR7HhrmW30mZSEbIevvrqDdrHWsIB8S/uampAbS8cLbexuw6ClSO4hHq7W3jJqwS6XAw0+aFkiqXFF9C4o/+oCVqxgbkIadGWgdEvsaZoZWWXozt2wEPOwL5UdRTc1H1o8u5uacv1sd3OzAKDgIqBKz6Pt3hCkAO0JCgnz62kHTTIPVAagi0Nx9sVv1+rlWYYBHtqKLSDxjJtOxoh3mdGD7fMtbQUo8N4Gcllsdtn3Bcx81XjFVyB7f7/m6TOFFZk/k+i/zpNxZ0fXPneTKI07i02DjkInzGKGSiI8E0lBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cmWVyfwrr6Zx/FGvQaVp63jRCTCeSQaVjQUDFz+H1ew=; b=0mlj+Xeu4FGJ+vIQ4z/20NYV9bEHqzsbJGLoDK82Tc5veP3j7cqdmlLWDPparRdArJAemd8NfFHLRah8EdSnGn5BnI1MnKXVfvdggqDqAOCqgjKMk25Nws5luGTovu8VwyXb5d5nQ0hU09qsrRdr1UNMK28obkxORJ3dYebEKws=
Received: from DM6PR11MB4154.namprd11.prod.outlook.com (20.176.126.215) by DM6PR11MB3497.namprd11.prod.outlook.com (20.177.219.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Fri, 15 Nov 2019 22:23:21 +0000
Received: from DM6PR11MB4154.namprd11.prod.outlook.com ([fe80::64fd:c810:5c47:243f]) by DM6PR11MB4154.namprd11.prod.outlook.com ([fe80::64fd:c810:5c47:243f%3]) with mapi id 15.20.2451.029; Fri, 15 Nov 2019 22:23:21 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Laurence Lundblade <lgl@island-resort.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: "Smith, Ned" <ned.smith@intel.com>, =?utf-8?B?IlNjaMO2bnfDpGxkZXIsIErDvHJnZW4i?= <J.Schoenwaelder@jacobs-university.de>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, Dave Thaler <dthaler@microsoft.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for adoption (after draft rename) for Yang module draft
Thread-Index: AQHVmvyW8/lytau3hU+AhCwtIdg/0aeKzjHAgABIPICAAABN4IABhOcAgAAEp4CAABVMAIAAA4fw
Date: Fri, 15 Nov 2019 22:23:21 +0000
Message-ID: <DM6PR11MB4154F67DBC7A394BB9D727C2A1700@DM6PR11MB4154.namprd11.prod.outlook.com>
References: <8B173958-FC2A-4D1D-A81C-F324AB632CD7@cisco.com> <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <HE1PR0702MB375366C5F7FE5C497C35D73B8F740@HE1PR0702MB3753.eurprd07.prod.outlook.com> <7106C9D3-8ED1-419E-81F8-4CDA799BEDAE@intel.com> <MWHPR21MB07844F61BEFAE03F9E7DD290A3770@MWHPR21MB0784.namprd21.prod.outlook.com> <6E7D64B4-2049-4D0A-ADC5-CA3F0647779B@island-resort.com> <20191114140600.itrr5mjiysgutsj5@anna.jacobs.jacobs-university.de> <59707a99-8cec-2005-b1ee-72f171234cbe@sit.fraunhofer.de> <DM6PR11MB4154A67956517DF2D9D305ADA1710@DM6PR11MB4154.namprd11.prod.outlook.com> <5C6D6C7C-05DC-4103-9A80-A029F0151996@intel.com> <DM6PR11MB41548D92CF35A134264E56E1A1710@DM6PR11MB4154.namprd11.prod.outlook.com> <B6DF89B0-6BB9-430D-8741-A3010045414D@island-resort.com> <29ab5ec2-789a-fff8-14ac-07ebbf9e918a@sit.fraunhofer.de> <C4665D6F-B14D-4769-87F7-1405FB868777@island-resort.com>
In-Reply-To: <C4665D6F-B14D-4769-87F7-1405FB868777@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.91]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4dc8d594-157e-404c-cae3-08d76a1a6c33
x-ms-traffictypediagnostic: DM6PR11MB3497:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB34977974A35B47639E781CE9A1700@DM6PR11MB3497.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:883;
x-forefront-prvs: 02229A4115
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(39860400002)(346002)(396003)(136003)(366004)(189003)(199004)(51444003)(54906003)(71190400001)(71200400001)(316002)(76176011)(561944003)(26005)(76116006)(966005)(6246003)(3846002)(74316002)(186003)(256004)(66616009)(86362001)(33656002)(6506007)(486006)(4326008)(478600001)(102836004)(25786009)(229853002)(6436002)(14444005)(446003)(14454004)(11346002)(53546011)(476003)(7736002)(7696005)(66476007)(52536014)(81166006)(790700001)(6116002)(8676002)(81156014)(5660300002)(66946007)(66574012)(99286004)(6306002)(110136005)(606006)(9686003)(54896002)(66066001)(236005)(55016002)(66556008)(64756008)(2906002)(66446008)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB3497; H:DM6PR11MB4154.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mL2yJ96jdvw/mRcETPht6pMa3FDewbDwAv4BJXE7YjahvrrZXuJ76G8Z46phWaUBuCyPoSGiZcEA6kcomh3x9PfZvw00sZUmlQ6XqntlTS1JOKywmc58MSH5Y+fH34rmV99tTgxEv11qR6ew+7YBz5/L0J+KevUVIcnM4gmLQgHW4FzubyB0g+tcw6K3wFztsZfVqO4q5mgWpFL2Rt/uaKyKpuVz0tuVghCAoGrp1WuZRDOVKS2HIpopYbju1b2gcr7JIttgJg4pj2wKN66j2eTc1gKcJuUgDL4S+oTILHnUKSCPxX4VdE8Wrj36VdoqAR2ZA/Mc3hjZM5Fdc4AyisQdCPKPTNrGJWI5zv6/cm94BkYcFdoaZ36lVaMC5vOkG2aOfAnTPYvJeXguexKgAzicm2Jkj2xiAIqVkQSXbpNTI5HE0SP0B/HLSRzf/wyA
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0424_01D59BD8.D2774250"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4dc8d594-157e-404c-cae3-08d76a1a6c33
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2019 22:23:21.2652 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AOrI9QdYmUXNCnV+crY9dUS9ThRtNxQjGgzgw2Ym2kwuCDMgG/jkbKLgGufVYiLe
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3497
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/-3R8EonjhLDI4B6BT_4P9gzkiAM>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Nov 2019 22:23:30 -0000

From: Laurence Lundblade, November 15, 2019 3:47 PM
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>



 

I want to do it like the current EAT document (current draft’s labeling of info and data model aside)

1.	Normative definitional text per claim
2.	CDDL per claim
3.	Largely mechanical rules to go from CDDL to CBOR & JSON.

 

The subtleties of info vs data model escape me (and don’t seem that critical to me for the work at hand). The main thing I care about is that we one main definition of a claim that is not replicated and it can mechanically to go CBOR, JSON and maybe other serializations.

 

You can tell me how to label 1, 2, and 3 however you want and I’ll probably just use that in the EAT doc.

 

 

Also, by this I meant

 

I’d also like EAT to only use CDDL for the data model and nothing else

 

no YANG for the primal definition of claims and no YANG in the EAT document (see my other recent email with the X.509 analogy for suggestion on how to integrate with YANG expression of claims).

 

This is fine with me.  Let's expose EAT claims within YANG objects when somebody needs this.

 

Eric

 

 

LL

 

 

 





On Nov 15, 2019, at 11:30 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de> > wrote:

 

Hi Laurence,

I would like to highlight this quote:




I’d also like EAT to only use CDDL for the data model and nothing else


This is a significant change of turn. I would like to get more background about why you are not intending to use CDDL as an information model anymore and also why you think using CDDL as a data model specification is helpful to define Claims.

I can see the point that CDDL was not done when CWT was done. And I think that would be a good argument.

Alas, I am more at a loss now how we intend to deal with the IM aspect in RATS now. The thing we tried to propose initially was an English description. That did not find consensus and CDDL seemed to be the new approach. What are we doing now, if you are proposing to down-level CDDL to data model again, creates a vacuum. Are we going back to English text es we initially proposed? In retrospect, why are you dropping the approach your were advocating for quite some time?

My concern is that this accumulation of changes in a lot of places has the exact opposite effect of expedition - which was the primary incentive for the initial proposal, I think?

Having said that, cddl is literally a data definition language. I just think it is hard to argue why we are changing horses do close to the finish line. I do not object on a technical level, I just want to highlight that is a significant change of direction.

Viele Grüße,

Henk


On 15.11.19 20:13, Laurence Lundblade wrote:



Here’s a try at an analogy of EAT Tokens with X.509 Certificates.
For both the core of the definition is of the signed serialized data format. A set of fields / claims is defined in the core standard. That core standard is solely focused on the definition of those fields / claims and shouldn't get intertwined with other protocol definitions.
However, other protocols may decide to have fields that are the same as, maybe even defined in terms of the fields  / claims in the token / certificate. Those definitions are probably normative references to the fields / claims in the core token / certificate standard. TLS makes normative references to PKIX this way in section 4.2.5. I think this is perfectly reasonable things to do.
So, I have no trouble with some EAT claims being used in YANG designs, but I’d like it to be by reference to EAT. I’d also like EAT to only use CDDL for the data model and nothing else.
I think trying for a single information model that is common to EAT and YANG designs is too big, too much intertwining and is scary. It will lead to schedule interlocks between the documents.
Another reason is that I view router / YANG use of attestation as only one (well-represented) use case for EAT. YANG-based use cases shouldn’t be central to EAT's design. If we were to intertwine with YANG, maybe we should intertwine with JavaScript and a bunch of IoT protocols too.
LL



On Nov 14, 2019, at 12:42 PM, Eric Voit (evoit) <evoit@cisco.com <mailto:evoit@cisco.com> > wrote:

My belief is that a Relying Party will rarely want the full universe of signed claims coming from some Attester's chip.   We need ways to pre-filter the results.  How would we do this without a model?

To fill this need, I always hoped that EAT claims could become leafs of some future YANG data model.  This would allow GET and SUBSCRIBE requests to be made to an Attester.  What would be returned to the Relying Party would be the signed results of interest from some chip within the Attester.

I have no position on whether the WG wants to integrate GET and SUBSCRIBE requests so that they can provision claims are ultimately placed within the EAT token.

Eric




@Eric Voit (evoit) Is this suggesting that RATS architecture should define a
token-like DM structure that is a *request* "token" having only tags
identifying interesting claims while a *response* "token" would have claims
with data values populated?

On 11/14/19, 8:02 AM, "Eric Voit (evoit)" <evoit@cisco.com <mailto:evoit@cisco.com> > wrote:

   Hi Jürgen,
   Hi Henk,

   What routers need is exactly what you said.
    - currently: the retrieval of TPM originated/signed quotes.
    - in the future: the retrieval EAT Tokens

   Knowing when to retrieve these items is a function of the value of specific
claims inside those structures.  For example, I might want to use RFC-8641 to
make a YANG Subscription to a router so that I will be pushed the latest TPM
quote when a specific PCR changes.  For this to work in the router world, we
must have the structures of Quotes/Tokens exposed by a YANG model.

   Eric




Hi Jürgen,

I think this is very useful input.

On the list, Laurence and I already started to discuss Claims for "YANG
modeled data" and Claims for "TPM modled data" (referred to as tpm

tokens



recently).

The remaining questions are about: What do you think is the

upcoming/TBD



impact on the current YANG module for challenge-response RATS?

Leveraging YANG modeled data comes up again and again. Maybe there

is



good approach here.

The TPM Interface based YANG Module does not simply convey native

TPM



structure, but decomposes them down the values that are useful and
common on the management plane because the building blocks

themselves



have well defined semantics (always ensuring canonical re-composition).

Viele Grüße,

Henk

On 14.11.19 15:06, Schönwälder, Jürgen wrote:



On Wed, Nov 13, 2019 at 10:07:02AM -0800, Laurence Lundblade

wrote:




I see EAT as applicable to all these worlds, where the YANG module is

just



for the smallish router world. So I mostly agree with Dave about

proportions,



however this is the IETF where YANG modules are created.  (Maybe I

should



go join the W3C world and work on attestations APIs for browsers after

RATS



is done).



 


If EAT is the common format for "token", then it does not make sense
to me to define a YANG version of it. It may make sense to carry EAT
token over protocols such as NETCONF or RESTCONF and to have a

YANG



module defining this may make sense for the networking device world.
This is then a definition of an interaction protocol, but not the
token format itself.

If EAT is the common format for "token", then it may make sense to be
able to include "claims" that are YANG defined data. That may be an
extension of the core EAT definition (but EAT would have to allow for
such an extension to work). There is a lot of formally defined data in
YANG modules that would be convenient to reuse as claims in a
networking world.

/js


_______________________________________________
RATS mailing list
RATS@ietf.org <mailto:RATS@ietf.org> 
https://www.ietf.org/mailman/listinfo/rats

 


_______________________________________________
RATS mailing list
RATS@ietf.org <mailto:RATS@ietf.org> 
https://www.ietf.org/mailman/listinfo/rats