Information Model of NSFs Capabilities
draft-xibassnez-i2nsf-capability-02
I2NSF L. Xia
Internet-Draft J. Strassner
Intended status: Standard Track Huawei
Expires: January 5, 2018 C. Basile
PoliTO
D. Lopez
TID
July 3, 2017
Information Model of NSFs Capabilities
draft-xibassnez-i2nsf-capability-02.txt
Abstract
This document defines the concept of an NSF (Network Security
Function) Capability, as well as its information model. Capabilities
are a set of features that are available from a managed entity, and
are represented as data that unambiguously characterizes an NSF.
Capabilities enable management entities to determine the set offer
features from available NSFs that will be used, and simplify the
management of NSFs.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current
Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
This Internet-Draft will expire on January 5, 2018.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided
without warranty as described in the Simplified BSD License.
Xia, et al. Expires December 5, 2018 [Page 1]
Internet-Draft Information Model of I2NSF Capabilities Jul 2017
Table of Contents
1. Introduction ................................................... 4
2. Conventions used in this document .............................. 5
2.1. Acronyms .................................................. 5
3. Capability Information Model Design ............................ 6
3.1. Design Principles and ECA Policy Model Overview ........... 6
3.2. Relation with the External Information Model .............. 8
3.3. I2NSF Capability Information Model Theory of Operation ... 10
3.3.1. I2NSF Condition Clause Operator Types ............... 11
3.3.2 Capability Selection and Usage ...................... 12
3.3.3. Capability Algebra ................................. 13
3.4. Initial NSFs Capability Categories ....................... 16
3.4.1. Network Security Capabilities ....................... 16
3.4.2. Content Security Capabilities ....................... 17
3.4.3. Attack Mitigation Capabilities ...................... 17
4. Information Sub-Model for Network Security Capabilities ....... 18
4.1. Information Sub-Model for Network Security ............... 18
4.1.1. Network Security Policy Rule Extensions ............. 19
4.1.2. Network Security Policy Rule Operation .............. 20
4.1.3. Network Security Event Sub-Model .................... 22
4.1.4. Network Security Condition Sub-Model ................ 23
4.1.5. Network Security Action Sub-Model ................... 25
4.2. Information Model for I2NSF Capabilities ................. 26
4.3. Information Model for Content Security Capabilities ...... 27
4.4. Information Model for Attack Mitigation Capabilities ..... 28
5. Security Considerations ....................................... 29
6. IANA Considerations ........................................... 29
7. Contributors .................................................. 29
8. References .................................................... 29
8.1. Normative References ..................................... 29
Show full document text