Information Model of NSFs Capabilities
draft-ietf-i2nsf-capability-04

Document Type Active Internet-Draft (i2nsf WG)
Last updated 2018-10-22
Replaces draft-xibassnez-i2nsf-capability
Stream IETF
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
I2NSF                                                            L. Xia
Internet Draft                                             J. Strassner
Intended status: Standard Track                                  Huawei
Expires: April 23, 2019                                       C. Basile
                                                                 PoliTO
                                                               D. Lopez
                                                                    TID
                                                       October 23, 2018

                  Information Model of NSFs Capabilities
                    draft-ietf-i2nsf-capability-04.txt

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on April 23, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents

Xia, et al.            Expires April 23, 2019                 [Page 1]
Internet-Draft           I2NSF Capability IM              October 2018

   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Abstract

   This draft defines the concept of an NSF (Network Security Function)
   capability, as well as its information model. Capabilities are a set
   of features that are available from a managed entity, and are
   represented as data that unambiguously characterizes an NSF.
   Capabilities enable management entities to determine the set of
   features from available NSFs that will be used, and simplify the
   management of NSFs.

Table of Contents

   1. Introduction ................................................ 3
   2. Conventions used in this document ........................... 3
      2.1. Acronyms ............................................... 4
   3. Capability Information Model Design ......................... 4
      3.1. Design Principles and ECA Policy Model Overview ........ 5
      3.2. Relation with the External Information Model ........... 8
      3.3. I2NSF Capability Information Model Theory of Operation . 9
         3.3.1. I2NSF Capability Information Model ............... 11
         3.3.2. The SecurityCapability class ..................... 14
      3.4. Modelling NSF Features as Security Capabilities ....... 15
         3.4.1. Matched Policy Rule .............................. 15
         3.4.2. Conflict, Resolution Strategy and Default Action . 16
         3.4.3. I2NSF Condition Clause Operator Types ............ 17
         3.4.4. Uses of the capability information model ......... 19
         3.4.5. A Syntax to Describe the Capability of an NSF .... 19
         3.4.6. Capability Algebra ............................... 20
   4. Considerations on the Practical Use of the CapIM ........... 21
   5. Security Considerations .................................... 22
   6. Contributors ............................................... 22
   7. Acknowledgements ........................................... 23
   8. References ................................................. 23
      8.1. Normative References .................................. 23
      8.2. Informative References ................................ 24

Xia, et al.            Expires April 23, 2019                 [Page 2]
Internet-Draft           I2NSF Capability IM              October 2018

  1. Introduction

   The rapid development of virtualized systems requires advanced
   security protection in various scenarios. Examples include network
   devices in an enterprise network, User Equipment in a mobile
   network, devices in the Internet of Things, or residential access
Show full document text