Information Model of Interface to Network Security Functions Capability Interface
draft-xia-i2nsf-capability-interface-im-05

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2016-03-21
Replaced by draft-xibassnez-i2nsf-capability
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
I2NSF                                                          L. Xia
Internet Draft                                                 Huawei
Intended status: Standard Track                              D. Zhang
                                                              Alibaba
                                                             E. Lopez
                                                             Fortinet
                                                          N. BOUTHORS
                                                               Qosmos
                                                          Luyuan Fang
                                                            Microsoft

Expires: September 2016                                 March 21, 2016

        Information Model of Interface to Network Security Functions
                           Capability Interface
              draft-xia-i2nsf-capability-interface-im-05.txt

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on September 21,2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors. All rights reserved.

Xia, et al.          Expires September 21, 2016               [Page 1]
Internet-Draft      I2NSF Capability Interface IM           March 2016

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Abstract

   This draft is focused on the capability interface of NSFs (Network
   Security Functions) and proposes its information model for
   controlling the various network security functions.

Table of Contents

   1. Introduction ................................................ 2
   2. Conventions used in this document ........................... 3
      2.1. Terminology ............................................ 4
   3. Overall Analysis of Security Capability ..................... 5
      3.1. Network Security Control ............................... 5
      3.2. Content Security Control ............................... 7
      3.3. Attack Mitigation Control .............................. 9
   4. Information Model Design .................................... 9
      4.1. Overall Structure ...................................... 9
      4.2. Information Model for Network Security Control ........ 10
      4.3. Information Model for Content Security Control ........ 17
      4.4. Information Model for Attack Mitigation Control ....... 18
   5. IM Grammar of Security Policy .............................. 19
   6. Security Considerations .................................... 22
   7. IANA Considerations ........................................ 22
   8. References ................................................. 23
      8.1. Normative References .................................. 23
      8.2. Informative References ................................ 23
   9. Acknowledgments ............................................ 23

 1. Introduction

   As with the rapid development and the more deployment of cloud
   computing, the demand of cloud-based security services is also
   rapidly growing. Such services can provide security protection in
   various scenarios, e.g., network devices in an enterprise network,
   User Equipments (UE) of mobile network, Internet of Things (IoT), or

Xia, et al.          Expires September 21, 2016               [Page 2]
Internet-Draft      I2NSF Capability Interface IM           March 2016

   residential access users [I-D.draft-ietf-i2nsf-problem-and-use-
   cases].

   According to [I-D.draft-merged-i2nsf-framework], there are two types
   of I2NSF interfaces for security rules provisioning:
Show full document text