Skip to main content

Shepherd writeup

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)? Why is this the proper
type of RFC? Is this type of RFC indicated in the title page header?

This document defines a YANG model for configuring security policy rules on
Network Security Functions (NSF), and thus a standard track document is
appropriate. The standards track is noted in the header of the document.

(2) The IESG approval announcement includes a Document Announcement Write-Up.
Please provide such a Document Announcement Write-Up. Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary:

This document defines a YANG data model for configuring security policy rules
on Network Security Functions (NSF) in the I2NSF framework. The YANG data model
in this document focuses on security policy configuration for generic network
security functions. This YANG data model uses an "Event-Condition-Action" (ECA)
policy model that is used as the basis for the design of I2NSF Policy described
in [RFC8329].

Working Group Summary:

This document was one of the milestones for the I2NSF WG. The document went
through long period discussions within the I2NSF WG and with NETMOD WG
participants. Many changes were made to utilize the modules that are already
specified by draft-ietf-netmod-acl-model as much as possible.   The document
then went through the YANG Doctor review process. Got good comments and
feedback from YANG Doctor Review. The authors addressed feedbacks promptly
until the YANG Doctor are satisfied with the YANG models and entered READY for
the document.

Document Quality:

This document has gone through multiple cycles of YANG Doctors' reviews. The
comments raised from the SECDIR review during the IETF LastCall are more about
the overall philosophical discussion of the IETF ecosystem on the common YANG
module, not specific to the draft. Therefore, those comments shouldn't need
revision of the draft.

There have been IETF Hackathon implementation and Open source implementation
( for the YANG model specified
by this document. In addition, multiple vendors on the co-author list all
indicated that they plan to implement.


Who is the Document Shepherd? Who is the Responsible Area Director?

Document Shepherd is Linda Dunbar
The Responsible Area Director is Roman Danyliw

(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for
publication, please explain why the document is being forwarded to the IESG.

I have read this document and have provided feedback on previous revisions to
the authors.  I feel this document is ready for publication.

(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

No, I do not.

(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.

I don’t think so.

(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should be
aware of? For example, perhaps he or she is uncomfortable with certain parts of
the document, or has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated that it still
wishes to advance the document, detail those concerns here.

No specific concerns for this document.

(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed. If not, explain why?

Yes.  All authors replied.  These responses can be found in the archives of the
I2nsf list.

(8) Has an IPR disclosure been filed that references this document? If so,
summarize any WG discussion and conclusion regarding the IPR disclosures.

2 IPR disclosures were filed against this document. There were some concerns of
the IPR terms. After some discussion, the authors had their respective
companies change the IPR terms to satisfy WG participants’ requests.

(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it?

Consensus was strong with no vocalized dissension.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?
If so, please summarise the areas of conflict in separate email messages to the
Responsible Area Director. (It should be in a separate email because this
questionnaire is publicly available.)

Not to my knowledge.

(11) Identify any ID nits the Document Shepherd has found in this document.
(See and the Internet-Drafts Checklist).
Boilerplate checks are not enough; this check needs to be thorough.

No ID nits found during Shepherd review.

(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

The document has gone through YANG Doctor review. Has revised to address
comments received from YANG Doctor review. YANG Doctor thinks this document
ready for publication.

(13) Have all references within this document been identified as either
normative or informative?


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative references
exist, what is the plan for their completion?

No. All normative references are published RFCs.

(15) Are there downward normative references references (see RFC 3967)? If so,
list these downward references to support the Area Director in the Last Call


(16) Will publication of this document change the status of any existing RFCs?
Are those RFCs listed on the title page header, listed in the abstract, and
discussed in the introduction? If the RFCs are not listed in the Abstract and
Introduction, explain why, and point to the part of the document where the
relationship of this document to the other RFCs is discussed. If this
information is not in the document, explain why the WG considers it unnecessary.

No. it will not.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes are
associated with the appropriate reservations in IANA registries. Confirm that
any referenced IANA registries have been clearly identified. Confirm that newly
created IANA registries include a detailed specification of the initial
contents for the registry, that allocations procedures for future registrations
are defined, and a reasonable name for the new registry has been suggested (see
RFC 8126).

This document does not define any new IANA registries, but it does request the
following URI in the "IETF XML Registry" [RFC3688]: URI:

This document requests IANA to register the following YANG module in the "YANG
Module Names" registry [RFC7950]: name: ietf-i2nsf-policy-rule-for-nsf

All the referenced IANA registries have been clearly identified by the document.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find useful in
selecting the IANA Experts for these new registries.


(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as XML
code, BNF rules, MIB definitions, YANG modules, etc.

This document has passed the automated YANG check, which includes a number of

(20) If the document contains a YANG module, has the module been checked with
any of the recommended validation tools
( for syntax and
formatting validation? If there are any resulting errors or warnings, what is
the justification for not fixing them at this time? Does the YANG module comply
with the Network Management Datastore Architecture (NMDA) as specified in

The YANG module specified by the document has passed the validation and pass
the YANG Doctor review.