I2NSF Security Policy Object YANG Data Model
draft-xia-i2nsf-sec-object-dm-01

Document Type Active Internet-Draft (individual)
Last updated 2018-10-21
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Yang Validation 0 errors, 0 warnings.
Additional URLs
- Yang catalog entry for ietf-policy-object@2018-10-12.yang
- Yang impact analysis for draft-xia-i2nsf-sec-object-dm
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Interface to Network Security Functions (I2NSF)                   L. Xia
Internet-Draft                                                    Q. Lin
Intended status: Standards Track                                  Huawei
Expires: April 24, 2019                                 October 21, 2018

              I2NSF Security Policy Object YANG Data Model
                    draft-xia-i2nsf-sec-object-dm-01

Abstract

   This document describes a set of policy objects which are reusable
   and can be referenced by variable I2NSF policy rules.  And the YANG
   data models of these policy objects are provided.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 24, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Xia & Lin                Expires April 24, 2019                 [Page 1]
Internet-Draft      Security Policy Object Data Model       October 2018

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   3
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . . .   3
   5.  Policy Object . . . . . . . . . . . . . . . . . . . . . . . .   4
     5.1.  Address Object and Address Group  . . . . . . . . . . . .   4
     5.2.  Service Object and Service Group  . . . . . . . . . . . .   5
     5.3.  Application Object and Application Group  . . . . . . . .   7
     5.4.  User Object, User Group and Security Group  . . . . . . .   9
     5.5.  Time Range Object . . . . . . . . . . . . . . . . . . . .  11
     5.6.  Region Object and Region Group  . . . . . . . . . . . . .  11
     5.7.  Domain Object . . . . . . . . . . . . . . . . . . . . . .  12
   6.  I2NSF Security Policy Object YANG Module  . . . . . . . . . .  13
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  46
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  46
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  46
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  46
     10.1.  Normative References . . . . . . . . . . . . . . . . . .  46
     10.2.  Informative References . . . . . . . . . . . . . . . . .  46
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  47

1.  Introduction

   As described in [RFC8329], provisioning to NSFs can be standardized
   by using policy rules, and I2NSF uses Event-Condition-Action (ECA)
   model to represent policy rules.  According to
   [I-D.ietf-i2nsf-terminology], an I2SNF condition is defined as a set
   of attributes, features, and/or values that are to be compared with a
   set of known attributes, features, and/or values in order to
   determine whether the set of actions in that I2NSF policy rules can
   be executed or not.  Information Model of NSFs Capabilities
   [I-D.ietf-i2nsf-capability] describes attributes of different
   condition subclasses.  When configuring I2NSF condition clause by
   attributes or features, it is common to see that the same value of an
   attribute or the same value set of several attributes are configured
   for many times.  And modifications of the policy rules are also very
   tedious and time-consuming.

   To facilitate the provisioning of NSF instances, this document
   describes a set of policy objects which are reusable.  These policy
   objects can then be referenced in the condition clause of variable
   I2NSF policy rules.  A policy object consists of a name attribute
   that identifies itself and one or several attributes that are
   typically used together to represent a certain condition.  For
Show full document text