Information Model of NSFs Capabilities
draft-ietf-i2nsf-capability-02
Document Type Active Internet-Draft (i2nsf WG)
Last updated 2018-07-02
Replaces draft-xibassnez-i2nsf-capability
Stream IETF
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
I2NSF                                                            L. Xia
Internet Draft                                             J. Strassner
Intended status: Standard Track                                  Huawei
Expires: January 02, 2019                                     C. Basile
                                                                 PoliTO
                                                               D. Lopez
                                                                    TID
                                                          July 02, 2018

                  Information Model of NSFs Capabilities
                    draft-ietf-i2nsf-capability-02.txt

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on January 02, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents

Xia, et al.           Expires January 02, 2019                [Page 1]
Internet-Draft           I2NSF Capability IM                 July 2018

   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Abstract

   This draft defines the concept of an NSF (Network Security Function)
   capability, as well as its information model. Capabilities are a set
   of features that are available from a managed entity, and are
   represented as data that unambiguously characterizes an NSF.
   Capabilities enable management entities to determine the set of
   features from available NSFs that will be used, and simplify the
   management of NSFs.

Table of Contents

   1. Introduction ................................................. 2
   2. Conventions used in this document ............................ 3
      2.1. Acronyms ................................................ 3
   3. Capability Information Model Design .......................... 4
      3.1. Design Principles and ECA Policy Model Overview ......... 5
      3.2. Relation with the External Information Model ............ 8
      3.3. I2NSF Capability Information Model Theory of Operation .. 9
         3.3.1. I2NSF Capability Information Model ................ 11
         3.3.2. The SecurityCapability class ...................... 13
         3.3.3. I2NSF Condition Clause Operator Types ............. 14
         3.3.4. Capability Selection and Usage .................... 16
         3.3.5.  Capability Algebra ............................... 17
   4. IANA Considerations ......................................... 19
   5. References .................................................. 19
      5.1. Normative References ................................... 19
      5.2. Informative References ................................. 20
   6. Acknowledgments ............................................. 22

  1. Introduction

   The rapid development of virtualized systems requires advanced
   security protection in various scenarios. Examples include network

Xia, et al.           Expires January 02, 2019                [Page 2]
Internet-Draft           I2NSF Capability IM                 July 2018

   devices in an enterprise network, User Equipment in a mobile
   network, devices in the Internet of Things, or residential access
   users [RFC8192].

   NSFs produced by multiple security vendors provide various security
   capabilities to customers. Multiple NSFs can be combined together to
   provide security services over the given network traffic, regardless
   of whether the NSFs are implemented as physical or virtual
   functions.

   Security Capabilities describe the functions that Network Security
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA