Information Model of NSFs Capabilities
draft-ietf-i2nsf-capability-05

Document Type Active Internet-Draft (i2nsf WG)
Last updated 2019-09-06 (latest revision 2019-04-24)
Replaces draft-xibassnez-i2nsf-capability
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf htmlized bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd Linda Dunbar
Shepherd write-up Show (last changed 2019-06-05)
IESG IESG state AD Evaluation::Revised I-D Needed
Consensus Boilerplate Yes
Telechat date
Responsible AD Roman Danyliw
Send notices to Linda Dunbar <dunbar.ll@gmail.com>
I2NSF                                                            L. Xia
Internet Draft                                             J. Strassner
Intended status: Standard Track                                  Huawei
Expires: October 23, 2019                                     C. Basile
                                                                 PoliTO
                                                               D. Lopez
                                                                    TID
                                                         April 23, 2019

                  Information Model of NSFs Capabilities
                    draft-ietf-i2nsf-capability-05.txt

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on October 23, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents

Xia, et al.           Expires October 23, 2019                [Page 1]
Internet-Draft           I2NSF Capability IM                April 2019

   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Abstract

   This draft defines the concept of an NSF (Network Security Function)
   capability, as well as its information model. Capabilities are a set
   of features that are available from a managed entity, and are
   represented as data that unambiguously characterizes an NSF.
   Capabilities enable management entities to determine the set of
   features from available NSFs that will be used, and simplify the
   management of NSFs.

Table of Contents

   1. Introduction ................................................ 3
   2. Conventions used in this document ........................... 3
      2.1. Acronyms ............................................... 4
   3. Capability Information Model Design ......................... 4
      3.1. Design Principles and ECA Policy Model Overview ........ 5
      3.2. Relation with the External Information Model ........... 8
      3.3. I2NSF Capability Information Model Theory of Operation . 9
         3.3.1. I2NSF Capability Information Model ............... 11
         3.3.2. The SecurityCapability class ..................... 14
      3.4. Modelling NSF Features as Security Capabilities ....... 15
         3.4.1. Matched Policy Rule .............................. 15
         3.4.2. Conflict, Resolution Strategy and Default Action . 16
         3.4.3. I2NSF Condition Clause Operator Types ............ 17
         3.4.4. Uses of the capability information model ......... 19
         3.4.5. A Syntax to Describe the Capability of an NSF .... 19
         3.4.6. Capability Algebra ............................... 20
   4. Considerations on the Practical Use of the CapIM ........... 21
   5. Security Considerations .................................... 22
   6. Contributors ............................................... 22
   7. Acknowledgements ........................................... 23
   8. References ................................................. 23
      8.1. Normative References .................................. 23
      8.2. Informative References ................................ 24

Xia, et al.           Expires October 23, 2019                [Page 2]
Internet-Draft           I2NSF Capability IM                April 2019

  1. Introduction

   The rapid development of virtualized systems requires advanced
   security protection in various scenarios. Examples include network
   devices in an enterprise network, User Equipment in a mobile
   network, devices in the Internet of Things, or residential access
Show full document text