I would rather delay this until I can analyze the analysis. :-) However, I won't be able to do that until the weekend of October 7. I marked one evening that I can participate; I could also do the evening of Oct 18 or Oct 19, same time.
regards, John On Wed, Sep 20, 2017 at 9:18 AM, Linda Dunbar <[email protected]> wrote: > I2NSF participants, > > > > It has been pointed out that there are some inconsistency among the > Information Model and Data Model drafts. Specifically for those drafts: > > draft-kumar-i2nsf-client-facing-interface-im-03 > > draft-jeong-i2nsf-consumer-facing-interface-dm-02 > > draft-xibassnez-i2nsf-capability-02 > > > > So we will have a session among the authors to resolve the issues. The > discussion is open to all I2NSF participants. Please mark your availability > on this Doodle pool: > > > > https://doodle.com/poll/6qweb28327qgamtd > > > > > > > > Thanks, Linda & Yoav > > > > *From:* Xialiang (Frank) > *Sent:* Tuesday, September 19, 2017 8:55 PM > *To:* Mr. Jaehoon Paul Jeong <[email protected]> > *Cc:* Linda Dunbar <[email protected]> > *Subject:* 答复: 答复: Can we have a conference call among authors of I2NSF > consumer facing interface IM & DM drafts? ( was RE: [I2nsf] questions & > comments to draft-jeong-i2nsf-consumer-facing-interface-dm-03 > > > > Great, please review the attached file of my latest analysis of the > consistency between the I2NSF IM and DM drafts. Hoping it helpful for your > team. > > > > And I am looking forward to your update drafts of DMJ > > > > *发件人**:* Mr. Jaehoon Paul Jeong [mailto:[email protected] > <[email protected]>] > *发送时间:* 2017年9月20日 9:48 > *收件人:* Xialiang (Frank) > *抄送:* Linda Dunbar; Susan Hares; SecCurator_Team > *主题:* Re: 答复: Can we have a conference call among authors of I2NSF > consumer facing interface IM & DM drafts? ( was RE: [I2nsf] questions & > comments to draft-jeong-i2nsf-consumer-facing-interface-dm-03 > > > > Hi Frank, > > Sure, it will be good. > > Actually, my team tried to synchronized our DM with the IM for NSF-facing > interface. > > I will submit it this week after getting the review from Sue. > > > > Thanks. > > > > Best Regards, > > Paul > > > > On Wed, Sep 20, 2017 at 10:10 AM, Xialiang (Frank) < > [email protected]> wrote: > > In addition to the client-interface DM, should we also sync the NSF-facing > interface IM&DM drafts for alignment? > > It’s also a very important issue. > > > > It can be another conf call. > > > > *发件人**:* Linda Dunbar > *发送时间:* 2017年9月20日 4:13 > *收件人:* Mr. Jaehoon Paul Jeong; Xialiang (Frank); > [email protected]; Bitar, Nabil (Nokia - US) > *抄送:* [email protected]; > [email protected]; [email protected]; Yoav Nir > *主题:* Can we have a conference call among authors of I2NSF consumer > facing interface IM & DM drafts? ( was RE: [I2nsf] questions & comments to > draft-jeong-i2nsf-consumer-facing-interface-dm-03 > > > > Paul, et al, > > > > Thank you for addressing the questions raised for I2NSF consumer facing > interface DM draft. > > Is it beneficial to have a call among the authors of the Consumer Facing > Interface Information Model & Data Model drafts to better align the > content? > > If yes, I can setup a doddle poll for a feasible time. > > > > Thanks, Linda > > > > *From:* Mr. Jaehoon Paul Jeong [mailto:[email protected] > <[email protected]>] > *Sent:* Wednesday, August 23, 2017 8:12 PM > *To:* Linda Dunbar <[email protected]> > *Cc:* [email protected]; draft-jeong-i2nsf-consumer- > [email protected]; [email protected]; skku_secu-brain_all@ > googlegroups.com > *Subject:* Re: [I2nsf] questions & comments to draft-jeong-i2nsf-consumer- > facing-interface-dm-03 > > > > Hi Linda, > > My group checked your questions below and prepared answers as follows. > > > > On Fri, Aug 18, 2017 at 6:37 AM, Linda Dunbar <[email protected]> > wrote: > > Paul, > > Thanks. > > > > Also the “source” and “destination” of the “policy-rule*” in the general > data model (page 7) shouldn’t be “string”, should it refer to the > policy-endpoint-groups specified on Page 5 instead? > > > > > > +--rw policy-rule* [policy-rule-id] > > | +--rw policy-rule-id string > > | +--rw name? string > > | +--rw date? yang:date-and-time > > | +--rw source? > policy-endpoint-groups > > | +--rw destination? > policy-endpoint-groups > > | +--rw exception? string > > | +--rw action? string > > | +--rw precedence? uint8 > > > > > > => Yes, you are right. The source and destination fields have the type of > policy-endpoint-groups according to > > the information model of Consumer-Facing Interface: > > https://tools.ietf.org/html/draft-kumar-i2nsf-client- > facing-interface-im-03#page-14 > > > > More actually, we need to use a reference (called leafref) to the > policy-endpoint-groups's variable as follows: > > > > +-rw security-policy-instance > > +-rw policy-rule* [policy-rule-id] > > | +-rw policy-rule-id uint16 > > | +-rw name? string > > | +-rw date? yang:date-and-time > > | +-rw source? -> /ietf-i2nsf-consumer-facing- > interface/threat-prevention/threat-feed/threat-feed-id > > | +-rw destination? -> /ietf-i2nsf-consumer-facing- > interface/policy-endpoint-groups/user-group/user-group-id > > | +-rw exception? boolean > > | +-rw exception-detail? string > > +-rw action* [action-id] > > . > > . > > . > > +-rw policy-instance* [policy-instance-id] > > +-rw policy-instance-id string > > +-rw name? string > > +-rw date? yang:date-and-time > > +-rw rules? -> /ietf-i2nsf-consumer-facing- > interface/security-policy-instance/policy-rule/policy-rule-id > > +-rw scheduling? -> /ietf-i2nsf-consumer-facing- > interface/security-policy-instance/policy-calendar/policy-calendar-id > > +-rw owner? string > > > > In the above partial data tree, source refers to threat-feed-id as > an attack source and destination refers to > > user-group-id as a protected destination. > > In the same way, we let the fields of rules and scheduling have the > type of leafref as a reference. > > > > On page 7, your “policy-instance” has both “policy-rule*” and > “policy-instance*” listed under. Is it intended? Or typeo? > > > > => The current information model uses these duplicate name of > policy-instance to represent a security policy instance. > > So we rename the first policy-instance as security-policy-instance > above: > > > > I attach the data tree and yang code for the > security-policy-instance for your reference. > > > > Thanks. > > > > Best Regards, > > Paul > > > > > > Thanks, Linda > > > > > > *From:* Mr. Jaehoon Paul Jeong [mailto:[email protected]] > *Sent:* Wednesday, August 16, 2017 7:41 AM > *To:* Linda Dunbar <[email protected]> > *Cc:* [email protected]; draft-jeong-i2nsf-consumer- > [email protected]; [email protected]; skku_secu-brain_all@ > googlegroups.com > *Subject:* Re: [I2nsf] questions & comments to draft-jeong-i2nsf-consumer- > facing-interface-dm-03 > > > > Hi Linda, > > You are right. > > In the revision, we authors will revise the Consumer-Facing Interface data > model > > such that it lists individual values for rules. > > Also, we will explicitly list the 'Policy Endpoint Group' and > 'Custom-List'. > > > > Thanks for your good points. > > > > Best Regards, > > Paul > > > > On Wed, Aug 16, 2017 at 8:03 AM, Linda Dunbar <[email protected]> > wrote: > > Paul, Eunsoo, Tae-Jin, Rakesh, and Sue, > > > > Thank you very much for the updated i2nsf-consumer-facing-interface-dm03, > which matches much better with the i2nsf-consumer-facing-im draft. > > > > Just a few questions. > > > > I noticed that you don’t list individual value for the rules. For > example, “primary-action” list the “permit”, “deny”, “rate limit”, etc in > the description: > > > > leaf primary-action { > > type string; > > description > > "This field identifies the action when a rule > > is matched by NSF. The action could be one of > > 'PERMIT', 'DENY', 'RATE-LIMIT', 'TRAFFIC-CLASS', > > 'AUTHENTICATE-SESSION', 'IPS, 'APP-FIREWALL', etc."; > > } > > > > > > In draft-ietf-netmod-acl-model-11, the actions are listed as explicit > value. > > > > > > Similar paten goes with the definition of “Source” and “destination”. You > have: > > > > leaf source { > > type string; > > description > > "This field identifies the source of > > the traffic. This could be reference to > > either 'Policy Endpoint Group' or > > 'Threat-Feed' or 'Custom-List' if Security > > Admin wants to specify the source; otherwise, > > the default is to match all traffic."; > > } > > > > > > Not an expert in the data model, I am wondering if you need to explicitly > list the 'Policy Endpoint Group', 'Custom-List', etc > > > > > > Thank you very much, > > > > Linda > > > > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf > > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 <+82%2031-299-4957> > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf > > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 <+82%2031-299-4957> > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 <+82%2031-299-4957> > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf > > -- regards, John
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
