SACM Working Group H. Birkholz
Internet-Draft Fraunhofer SIT
Intended status: Standards Track N. Cam-Winget
Expires: January 20, 2018 Cisco Systems
July 19, 2017
YANG subscribed notifications via SACM Statements
draft-birkholz-sacm-yang-content-00
Abstract
This document summarizes the data model designed at the IETF 99
Hackathon and is intended to grow in to a definition of general XML
SACM statements (and later JSON and CBOR, respectively) for virtually
every kind of Content Element (e.g. software identifiers, assessment
guidance/results, ECA Policy rules, VDD, etc.). The SACM Statement
data structure is based on the Information Element (IE) definitions
provided by the SACM Information Model. The initial Content Element
type transferred are YANG Subscribed Notification acquired via YANG
push. In combination with the Origin Metadata Annotation defined in
draft-ietf-netmod-revised-datastores the data model defined in this
document will ultimately be able to express collected endpoint
characteristics, imperative guidance that define and orchestrate
assessment instructions, and also the declarative guidance for
endpoint attributes.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 20, 2018.
Birkholz & Cam-Winget Expires January 20, 2018 [Page 1]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements notation . . . . . . . . . . . . . . . . . . . . 3
3. Brokering of YANG push telemetry via SACM statements . . . . 3
4. Encapsulation of YANG notifications in SACM content-elements 3
4.1. Enumeration definition for content-type . . . . . . . . . 4
4.2. Element definition for content-metadata . . . . . . . . . 4
4.3. Definition of the yang-output-metadata element included
in content-metadata . . . . . . . . . . . . . . . . . . . 5
5. SACM Component Composition . . . . . . . . . . . . . . . . . 7
6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
9. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 7
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 7
11. Normative References . . . . . . . . . . . . . . . . . . . . 7
Appendix A. Minimal SACM Statement Definition for YANG Output . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction
YANG modules are a powerful established tool to provide endpoint
attributes (IE) with well-defined semantics. YANG push
[I-D.ietf-netconf-yang-push] and the corresponding YANG subscribed
notification [I-D.ietf-netconf-subscribed-notifications] drafts make
use of these modules to create streams of notifications (telemetry)
providing SACM content on the data plane. Correspondingly, filter
expressions used in the context of YANG subscriptions constitute SACM
content that is imperative guidance consumed by SACM components on
the management plane.
Birkholz & Cam-Winget Expires January 20, 2018 [Page 2]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
The SACM component illustrated in this draft incorporates a YANG Push
client function and an xmpp-grid publisher function. The output of
the YANG Push client function is encapsulated in a SACM Content
Element envelope, which is again encapsulated in a SACM statement
envelope. The corresponding SACM statements are published via the
xmpp-grid publisher function into a SACM Domain.
2. Requirements notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC
2119, BCP 14 [RFC2119].
3. Brokering of YANG push telemetry via SACM statements
Every SACM content is published into a SACM domain using a statement
envelope/encapsulation. The general structure of a Statement is
based in the Information Element defintion in
[I-D.ietf-sacm-information-model] and can be summarized as follows:
o a statement encapsulates statement-metadata and content-elements
o a content-element encapsulates content-metadata and SACM content
In the scope of this document, only one type of SACM content is
covered: YANG output. Correspondingly, only the minimal required
structure of statements, statement-metadata, content-elements, and
content-metadata are defined. A complete XML schema definition of
this minimal statement can be found in Appendix A.
4. Encapsulation of YANG notifications in SACM content-elements
A YANG notification is associated with a set of YANG specific
metadata. Hence, a YANG notification published to a SACM Domain MUST
be encapsulated with its corresponding metadata in a Content Element
as defined below.
YANG output that is SACM content is represented as an element
defintion included in the content choice of the content-element.
Birkholz & Cam-Winget Expires January 20, 2018 [Page 3]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<CODE BEGINS>
<xs:complexType name="content-element">
<xs:sequence>
<xs:element name="content-metadata" type="content-metadata" maxOccurs="unbounded"/>
<xs:choice>
<xs:element name="yang-output" type="yang-output" />
<!-- There is only one element here now, but virtually every other content choice
will go here, i.e. data models, such as OVAL, SCAP, SWID, etc. -->
</xs:choice>
</xs:sequence>
</xs:complexType>
<CODE ENDS>
4.1. Enumeration definition for content-type
One occurrence of the yang-output element MUST be instantiated in the
content-metadata element if YANG push output is to be transferred.
Also, the content-type must be set to the enumeration value "yang-
output", respectively.
In general, the list of content-type enumerations is including every
subject as defined in the SACM Information Model. For the scope of
this document, the list of potential content is reduced to "yang-
output" only.
<CODE BEGINS>
<xs:simpleType name="content-type">
<xs:restriction base="xs:string">
<xs:enumeration value="yang-output" />
<!-- There is only one type here now, but virtually every other content-type
will go here, i.e. data models, such as OVAL, SCAP, SWID, etc. -->
</xs:restriction>
</xs:simpleType>
<CODE ENDS>
4.2. Element definition for content-metadata
The list of optional elements included in content-metadata will
incorporate any every potential metadata type. For the scope of this
document, the list of elements is also limited to the minimal
required set of metadata elements and the yang-output metadata
element to support the encapsulation of NETCONF subscribed
notifications and YANG query result. As defined above, one
occurrence of the yang-output element has to be included in the
content-metadata element.
The general content-metadata elements are illustrated in the
Appendix A.
Birkholz & Cam-Winget Expires January 20, 2018 [Page 4]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<CODE BEGINS>
<xs:complexType name="content-metadata">
<xs:sequence>
<xs:element name="content-element-guid" type="content-element-guid"/>
<xs:element name="content-creation-timestamp" type="content-creation-timestamp"/>
<xs:element name="content-topic" type="content-topic"/>
<xs:element name="content-type" type="content-type"/>
<xs:element name="data-source" type="data-source" minOccurs="0"/>
<xs:element name="data-origin" type="data-origin" minOccurs="0"/>
<xs:element name="relationship" type="relationship" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="yang-output-metadata" type="yang-output-metadata" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<CODE ENDS>
4.3. Definition of the yang-output-metadata element included in
content-metadata
The composition of metadata that can be associated with a XML NETCONF
result depends on multiple factors:
o acquisition method: query / subscription
o encoding: XML / JSON / CBOR
o subscription interval: periodic / on-change
o filter-type: xpath / subtree
Additionally, the actual filter expression (or in future iterations
of this work a referencing label, such as a URI, UUID or other
composed identifier) has to be included in the content-metadata.
Birkholz & Cam-Winget Expires January 20, 2018 [Page 5]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<CODE BEGINS>
<xs:complexType name="yang-output-metadata">
<xs:sequence>
<xs:choice maxOccurs="1">
<xs:element name="yang-query" type="yang-query" />
<xs:element name="yang-subscribe" type="yang-subscribe" />
</xs:choice>
<xs:element name="encoding" type="yang-encoding" />
<xs:element name="module-names" type="module-name" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="yang-subscribe">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="periodic" />
<xs:enumeration value="on-change" />
</xs:restriction>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="xpath" />
<xs:enumeration value="subtree" />
</xs:restriction>
<xs:complexType>
<xs:simpleType name="filter-expression">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="yang-query">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="yang-encoding">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="netconf" />
<xs:enumeration value="restconf" />
<xs:enumeration value="comi" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="module-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<CODE ENDS>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 6]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
5. SACM Component Composition
A SACM Component able to process YANG subscribed notifications
requires at least two functions:
o a YANG push client function [I-D.ietf-netconf-yang-push],
[I-D.ietf-netconf-subscribed-notifications]
o an xmpp-grid provider function [I-D.ietf-mile-xmpp-grid]
Orchestattion of functions inside a component, their discovery as
capabiliites and the internal communication of SACM content inside a
SACM component is out of scope of this document for now.
6. IANA considerations
This document includes requests to IANA.
7. Security Considerations
TBD
8. Acknowledgements
Christoph Vigano, Guangying Zheng, Eric Voit, Alexander Clemm
9. Change Log
First version -00
10. Contributors
11. Normative References
[I-D.ietf-mile-xmpp-grid]
Cam-Winget, N., Appala, S., and S. Pope, "Using XMPP
Protocol and its Extensions for Use with IODEF", draft-
ietf-mile-xmpp-grid-03 (work in progress), July 2017.
[I-D.ietf-netconf-subscribed-notifications]
Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and
A. Tripathy, "Custom Subscription to Event Notifications",
draft-ietf-netconf-subscribed-notifications-03 (work in
progress), July 2017.
Birkholz & Cam-Winget Expires January 20, 2018 [Page 7]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
[I-D.ietf-netconf-yang-push]
Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen-
Nygaard, E., Bierman, A., and B. Lengyel, "Subscribing to
YANG datastore push updates", draft-ietf-netconf-yang-
push-07 (work in progress), June 2017.
[I-D.ietf-sacm-information-model]
Waltermire, D., Watson, K., Kahn, C., Lorenzin, L., Cokus,
M., Haynes, D., and H. Birkholz, "SACM Information Model",
draft-ietf-sacm-information-model-10 (work in progress),
April 2017.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
Appendix A. Minimal SACM Statement Definition for YANG Output
The definitions of statements, statement-metadata, content-element,
and content-metadata are provided by the SACM Information Model
[I-D.ietf-sacm-information-model].
Due to the stripping down of content-elements to YANG output, the
enumerations still included in the relationship type are not able to
point to other content actually.
<CODE BEGINS>
<?xml version="1.0"?>
<xs:schema version="1.0"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified">
<xs:complexType name="StatementMetadata">
<xs:sequence>
<xs:element name="statement-guid" type="statement-guid" />
<xs:element name="data-origin" type="data-origin" />
<xs:element name="statement-creation-timestamp" type="statement-creation-timestamp" minOccurs="0" />
<xs:element name="statement-publish-timestamp" type="statement-creation-timestamp" />
<xs:element name="statement-type" type="statement-type" />
<xs:element name="content-elements" type="content-elements" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="sacm-statement">
<xs:sequence>
<xs:element name="statement-metadata" type="StatementMetadata" />
<xs:element name="content-element" type="content-element" minOccurs="1" maxOccurs="unbounded" />
Birkholz & Cam-Winget Expires January 20, 2018 [Page 8]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
</xs:sequence>
</xs:complexType>
<xs:element name="sacm-statement" type="sacm-statement">
</xs:element>
<xs:simpleType name="statement-guid">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="decimal-fraction-denominator">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:simpleType name="decimal-fraction-numerator">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:simpleType name="content-elements">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:complexType name="statement-creation-timestamp">
<xs:sequence>
<xs:element name="decimal-fraction-denominator" type="decimal-fraction-denominator"/>
<xs:element name="decimal-fraction-numerator" type="decimal-fraction-numerator"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="content-creation-timestamp">
<xs:sequence>
<xs:element name="decimal-fraction-denominator" type="decimal-fraction-denominator"/>
<xs:element name="decimal-fraction-numerator" type="decimal-fraction-numerator"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="statement-type">
<xs:restriction base="xs:string">
<xs:enumeration value="Observation" />
<xs:enumeration value="DirectoryContent" />
<xs:enumeration value="Correlation" />
<xs:enumeration value="Assessment" />
<xs:enumeration value="Guidance" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="content-topic">
<xs:restriction base="xs:string">
Birkholz & Cam-Winget Expires January 20, 2018 [Page 9]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:enumeration value="Session" />
<xs:enumeration value="User" />
<xs:enumeration value="Interface" />
<xs:enumeration value="PostureProfile" />
<xs:enumeration value="Flow" />
<xs:enumeration value="PostureAssessment" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="content-type">
<xs:restriction base="xs:string">
<xs:enumeration value="EndpointConfiguration" />
<xs:enumeration value="EndpointState" />
<xs:enumeration value="DirectoryEntry" />
<xs:enumeration value="Event" />
<xs:enumeration value="Incident" />
<xs:enumeration value="yang-output" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="content-element-guid">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="yang-output-metadata">
<xs:sequence>
<xs:choice maxOccurs="1">
<xs:element name="yang-query" type="yang-query" />
<xs:element name="yang-subscribe" type="yang-subscribe" />
</xs:choice>
<xs:element name="encoding" type="yang-encoding" />
<xs:element name="module-names" type="module-name" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="yang-subscribe">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="periodic" />
<xs:enumeration value="on-change" />
</xs:restriction>
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="xpath" />
<xs:enumeration value="subtree" />
</xs:restriction>
</xs:complexType>
<xs:simpleType name="filter-expression">
<xs:restriction base="xs:string" />
Birkholz & Cam-Winget Expires January 20, 2018 [Page 10]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
</xs:simpleType>
<xs:simpleType name="yang-query">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="yang-encoding">
<xs:restriction base="xs:NMTOKEN">
<xs:enumeration value="netconf" />
<xs:enumeration value="restconf" />
<xs:enumeration value="comi" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="module-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="relationship-type">
<xs:restriction base="xs:string">
<xs:enumeration value="associated_with_user" />
<xs:enumeration value="applies_to_session" />
<xs:enumeration value="seen_on_interface" />
<xs:enumeration value="associated_with_flow" />
<xs:enumeration value="contains_virtual_device" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="relationship-content-element-guid">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="relationship-statement-guid">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="relationship-object-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="data-source-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="data-origin">
<xs:restriction base="xs:string" />
</xs:simpleType>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 11]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:simpleType name="host-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="administrative-domain-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="sub-administrative-domain">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="super-administrative-domain">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="relationship">
<xs:sequence>
<xs:element name="relationship-type" type="relationship-type" />
<xs:element name="relationship-content-element-guid" type="relationship-content-element-guid" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="relationship-statement-guid" type="relationship-statement-guid" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="relationship-object-label" type="relationship-object-label" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="flow-element">
<xs:sequence>
<xs:element name="network-address" type="network-address"/>
<xs:element name="layer4-port-address" type="layer4-port-address" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="flow-record">
<xs:sequence>
<xs:element name="src-flow-element" type="flow-element" />
<xs:element name="dst-flow-element" type="flow-element" />
<xs:element name="protocol" type="protocol" />
<xs:element name="layer4-protocol" type="layer4-protocol" />
<xs:element name="flow-statistics" type="flow-statistics" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="content-metadata">
<xs:sequence>
<xs:element name="content-element-guid" type="content-element-guid" />
<xs:element name="content-creation-timestamp" type="content-creation-timestamp" />
<xs:element name="content-topic" type="content-topic" />
<xs:element name="content-type" type="content-type" />
Birkholz & Cam-Winget Expires January 20, 2018 [Page 12]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:element name="data-source" type="data-source" minOccurs="0" />
<xs:element name="data-origin" type="data-origin" minOccurs="0" />
<xs:element name="relationship" type="relationship" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="yang-output-metadata" type="yang-output-metadata" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="content-element">
<xs:sequence>
<xs:element name="content-metadata" type="content-metadata" maxOccurs="unbounded"/>
<xs:choice maxOccurs="unbounded">
<xs:element name="yang-output" type="yang-output" />
<xs:element name="flow" type="flow-record" />
<xs:element name="posture" type="xs:string" />
<xs:element name="user" type="user" />
<xs:element name="session" type="session" />
<xs:element name="ethernet-interface" type="ethernet-interface" />
<xs:element name="target-endpoint" type="target-endpoint" />
<xs:element name="port" type="port" />
<xs:element name="posture-assessment" type="posture-assessment" />
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:complexType name="posture-assessment"></xs:complexType>
<xs:complexType name="target-endpoint">
<xs:sequence>
<xs:element name="host-name" type="host-name" />
<xs:element name="te-label" type="te-label" />
<xs:element name="administrative-domain" type="administrative-domain" minOccurs="0" />
<xs:element name="application-instance" type="application-instance" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="ethernet-interface" type="ethernet-interface" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="address-association" type="address-association" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="data-source" type="data-source" minOccurs="0" />
<xs:element name="operating-system" type="operating-system" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="te-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="application-instance">
<xs:sequence>
<xs:element name="application-label" type="application-label" />
<xs:element name="target-endpoint" type="target-endpoint" />
</xs:sequence>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 13]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
</xs:complexType>
<xs:simpleType name="attribute-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="attribute-value">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="attribute-value-pair">
<xs:sequence>
<xs:element name="attribute-name" type="attribute-name" />
<xs:element name="attribute-value" type="attribute-value" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="application-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="application-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="application-version">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="application-manufacturer">
<xs:restriction base="xs:string" />
</xs:simpleType>
<!-- TODO: is it possible to declare this as an enumeration or is that unrealistic? -->
<xs:simpleType name="application-type">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="application-component">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="application">
<xs:sequence>
<xs:element name="application-label" type="application-label" minOccurs="0" />
<xs:element name="application-name" type="application-name" />
Birkholz & Cam-Winget Expires January 20, 2018 [Page 14]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:element name="application-type" type="application-type" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="application-component" type="application-component" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="application-manufacturer" type="application-manufacturer" minOccurs="0" />
<xs:element name="application-version" type="application-version" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="address-association">
<xs:sequence>
<xs:element name="address" type="address" />
<xs:element name="address-association-type" type="address-association-type" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="address">
<xs:sequence>
<xs:element name="address-mask-value" type="address-mask-value" />
<xs:element name="address-type" type="address-type" />
<xs:element name="address-value" type="address-value" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="address-type">
<xs:restriction base="xs:string">
<xs:enumeration value="Ethernet" />
<xs:enumeration value="ZigBee" />
<xs:enumeration value="ModBus" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="session-state-type">
<xs:restriction base="xs:string">
<xs:enumeration value="Authenticating"></xs:enumeration>
<xs:enumeration value="Authenticated"></xs:enumeration>
<xs:enumeration value="Postured"></xs:enumeration>
<xs:enumeration value="Started"></xs:enumeration>
<xs:enumeration value="Disconnected"></xs:enumeration>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="session">
<xs:sequence>
<xs:element name="session-state-type" type="session-state-type" />
<!-- TODO: add additional elements for Session Type -->
</xs:sequence>
</xs:complexType>
<xs:simpleType name="user-id">
Birkholz & Cam-Winget Expires January 20, 2018 [Page 15]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="username">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="user-directory">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="user">
<xs:sequence>
<xs:element name="user-id" type="user-id" />
<xs:element name="username" type="username" minOccurs="0" />
<xs:element name="data-source" type="data-source" minOccurs="0" />
<xs:element name="user-directory" type="user-directory" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="ethernet-interface">
<xs:sequence>
<xs:element name="interface-label" type="interface-label" />
<xs:element name="network-interface-name" type="network-interface-name" minOccurs="0"/>
<xs:element name="mac-address" type="mac-address" />
<xs:element name="network-name" type="network-name" minOccurs="0"/>
<xs:element name="network-id" type="network-id" minOccurs="0"/>
<xs:element name="layer2-interface-type" type="layer2-interface-type" minOccurs="0"/>
<xs:element name="sub-interface-label" type="sub-interface-label" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="super-interface-label" type="super-interface-label" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="event-type">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="event-threshold">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:simpleType name="event-threshold-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="event-trigger">
<xs:restriction base="xs:string" />
</xs:simpleType>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 16]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:simpleType name="timestamp-type">
<xs:restriction base="xs:string">
<xs:enumeration value="discovered" />
<xs:enumeration value="classified" />
<xs:enumeration value="collected" />
<xs:enumeration value="published" />
</xs:restriction>
</xs:simpleType>
<xs:complexType name="typed-timestamp">
<xs:sequence>
<xs:element name="decimal-fraction-denominator" type="decimal-fraction-denominator"/>
<xs:element name="decimal-fraction-numerator" type="decimal-fraction-numerator"/>
<xs:element name="timestamp-type" type="timestamp-type" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="event">
<xs:sequence>
<xs:element name="event-type" type="event-type" minOccurs="0" />
<xs:element name="event-threshold" type="event-threshold" minOccurs="0" />
<xs:element name="event-threshold-name" type="event-threshold-name" minOccurs="0" />
<xs:element name="event-trigger" type="event-trigger" minOccurs="0" />
<xs:element name="typed-timestamp" type="typed-timestamp" />
<xs:element name="content" type="xs:anySimpleType" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="os-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="os-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="os-type">
<xs:restriction base="xs:string">
<xs:enumeration value="real-time" />
<xs:enumeration value="consumer" />
<xs:enumeration value="server" />
<xs:enumeration value="security-enhanced" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="os-component">
<xs:restriction base="xs:string" />
</xs:simpleType>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 17]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:simpleType name="os-manufacturer">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="os-version">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="operating-system">
<xs:sequence>
<xs:element name="os-label" type="os-label" minOccurs="0" />
<xs:element name="os-name" type="os-name" />
<xs:element name="os-type" type="os-type" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="os-component" type="os-component" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="os-manufacturer" type="os-manufacturer" minOccurs="0" />
<xs:element name="os-version" type="os-version" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="sub-interface-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="super-interface-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="address-association-type">
<xs:restriction base="xs:string">
<xs:enumeration value="broadcast-domain-member-list" />
<xs:enumeration value="ip-subnet-member-list" />
<xs:enumeration value="ip-mac" />
<xs:enumeration value="shared-backhaul-interface" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="address-mask-value">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="address-value">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="interface-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="network-name">
Birkholz & Cam-Winget Expires January 20, 2018 [Page 18]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="network-id">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="network-interface-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="layer2-interface-type">
<xs:restriction base="xs:string">
<xs:enumeration value="fastEther" />
<xs:enumeration value="fastEtherFX" />
<xs:enumeration value="gigabitEthernet" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="ipv6-address-subnet-mask-cidrnot">
<xs:restriction base="xs:string">
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="ipv6-address-value">
<xs:restriction base="xs:string">
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="ipv4-address-subnet-mask-cidrnot">
<xs:restriction base="xs:string">
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="ipv4-address-subnet-mask">
<xs:restriction base="xs:string">
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="ipv4-address-value">
<xs:restriction base="xs:string">
</xs:restriction>
</xs:simpleType>
<xs:complexType name="network-address">
<xs:choice>
<xs:element name="ipv4-address" type="ipv4-address" />
<xs:element name="ipv6-address" type="ipv6-address" />
<xs:element name="mac-address" type="mac-address" />
</xs:choice>
</xs:complexType>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 19]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:complexType name="endpoint-identifier">
<xs:choice>
<xs:element name="certificate" type="certificate" />
<xs:element name="firmware-id" type="firmware-id" />
<xs:element name="hardware-serial-number" type="hardware-serial-number" />
<xs:element name="host-name" type="host-name" />
<xs:element name="ipv4-address-value" type="ipv4-address-value" />
<xs:element name="ipv6-address-value" type="ipv6-address-value" />
<xs:element name="mac-address" type="mac-address" />
<xs:element name="public-key" type="public-key" />
<xs:element name="username" type="username" />
</xs:choice>
</xs:complexType>
<xs:complexType name="ipv4-address">
<xs:sequence>
<xs:element name="ipv4-address-value" type="ipv4-address-value" />
<xs:element name="ipv4-address-subnet-mask-cidrnot" type="ipv4-address-subnet-mask-cidrnot"/>
<xs:element name="ipv4-address-subnet-mask" type="ipv4-address-subnet-mask"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ipv6-address">
<xs:sequence>
<xs:element name="ipv6-address-value" type="ipv6-address-value" />
<xs:element name="ipv6-address-subnet-mask-cidrnot" type="ipv6-address-subnet-mask-cidrnot"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="mac-address">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="layer4-port-address">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="protocol">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="layer4-protocol">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="bytes-received">
<xs:restriction base="xs:integer" />
</xs:simpleType>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 20]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:simpleType name="bytes-sent">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:simpleType name="units-received">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:simpleType name="units-sent">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:complexType name="flow-statistics">
<xs:sequence>
<xs:element name="bytes-received" type="bytes-received" />
<xs:element name="bytes-sent" type="bytes-sent" />
<xs:element name="units-received" type="units-received" />
<xs:element name="units-sent" type="units-sent" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="person">
<xs:sequence>
<xs:element name="person-first-name" type="person-first-name" />
<xs:element name="person-last-name" type="person-last-name" />
<xs:element name="person-middle-name" type="person-middle-name" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="phone-contact" type="phone-contact" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="email-address" type="email-address" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="person-first-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="person-last-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="person-middle-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="email-address">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="phone-contact">
Birkholz & Cam-Winget Expires January 20, 2018 [Page 21]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:sequence>
<xs:element name="phone-number" type="phone-number" />
<xs:element name="phone-number-type" type="phone-number-type" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="phone-number">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="phone-number-type">
<xs:restriction base="xs:string">
<xs:enumeration value="DSN" />
<xs:enumeration value="Fax" />
<xs:enumeration value="Home" />
<xs:enumeration value="Mobile" />
<xs:enumeration value="Pager" />
<xs:enumeration value="Secure" />
<xs:enumeration value="Unsecure" />
<xs:enumeration value="Work" />
<xs:enumeration value="Other" />
</xs:restriction>
</xs:simpleType>
<xs:complexType name="privilege">
<xs:sequence>
<xs:element name="privilege-name" type="privilege-name" />
<xs:element name="privilege-value" type="privilege-value" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="privilege-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="privilege-value">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="location">
<xs:sequence>
<xs:element name="WGS84-longitude" type="WGS84-longitude" />
<xs:element name="WGS84-latitude" type="WGS84-latitude" />
<xs:element name="WGS84-altitude" type="WGS84-altitude" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="WGS84-longitude">
Birkholz & Cam-Winget Expires January 20, 2018 [Page 22]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="WGS84-latitude">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="WGS84-altitude">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="organization-id">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="organization-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:complexType name="organization">
<xs:sequence>
<xs:element name="organization-id" type="organization-id" />
<xs:element name="organization-name" type="organization-name" />
<xs:element name="location" type="location" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="data-source">
<xs:sequence>
<xs:element name="data-source-label" type="data-source-label" minOccurs="0" />
<xs:element name="endpoint-identifier" type="endpoint-identifier" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="administrative-domain">
<xs:sequence>
<xs:element name="administrative-domain-label" type="administrative-domain-label" />
<xs:element name="sub-administrative-domain" type="sub-administrative-domain" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="super-administrative-domain" type="super-administrative-domain" minOccurs="0" />
<xs:element name="location" type="location" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:simpleType name="access-privilege-type">
<xs:restriction base="xs:string">
<xs:enumeration value="read" />
<xs:enumeration value="write" />
<xs:enumeration value="none" />
Birkholz & Cam-Winget Expires January 20, 2018 [Page 23]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="account-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="authenticator">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="authentication-type">
<xs:restriction base="xs:string">
<!-- To be done -->
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="birthdate">
<xs:restriction base="xs:date" />
</xs:simpleType>
<xs:simpleType name="certificate">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="collection-task-type">
<xs:restriction base="xs:string">
<xs:enumeration value="network-observation" />
<xs:enumeration value="remote-acquisition" />
<xs:enumeration value="self-reported" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="confidence">
<xs:restriction base="xs:float">
<xs:minInclusive value="0" />
<xs:maxInclusive value="1" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="content-action">
<xs:restriction base="xs:string">
<xs:enumeration value="add" />
<xs:enumeration value="delete" />
<xs:enumeration value="update" />
</xs:restriction>
</xs:simpleType>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 24]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:simpleType name="country-code">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="default-depth">
<xs:restriction base="xs:integer" />
</xs:simpleType>
<xs:simpleType name="discoverer">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="firmware-id">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="hardware-serial-number">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="location-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="method-label">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="method-repository">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="network-access-level-type">
<xs:restriction base="xs:string">
<xs:enumeration value="block" />
<xs:enumeration value="quarantine" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="patch-id">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="patch-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<!-- FIXME: is this type appropriate? -->
Birkholz & Cam-Winget Expires January 20, 2018 [Page 25]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:simpleType name="public-key">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="role-name">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="status">
<xs:restriction base="xs:string">
<xs:enumeration value="true" />
<xs:enumeration value="false" />
<xs:enumeration value="error" />
<xs:enumeration value="unknown" />
<xs:enumeration value="not applicable" />
<xs:enumeration value="not evaluated" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="te-assessment-state">
<xs:restriction base="xs:string">
<xs:enumeration value="in-discovery" />
<xs:enumeration value="discovered" />
<xs:enumeration value="in-classification" />
<xs:enumeration value="classified" />
<xs:enumeration value="in-assessment" />
<xs:enumeration value="assessed" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="timestamp">
<xs:restriction base="xs:dateTime" />
</xs:simpleType>
<xs:simpleType name="web-site">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="port-id">
<xs:restriction base="xs:string" />
</xs:simpleType>
<xs:simpleType name="atm-type">
<xs:restriction base="xs:string">
<xs:enumeration value="lowSpeed" />
<xs:enumeration value="highSpeed" />
</xs:restriction>
</xs:simpleType>
Birkholz & Cam-Winget Expires January 20, 2018 [Page 26]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
<xs:simpleType name="enet-type">
<xs:restriction base="xs:string">
<xs:enumeration value="enet" />
<xs:enumeration value="1genet" />
<xs:enumeration value="10genet" />
<xs:enumeration value="100genet" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="wifi-type">
<xs:restriction base="xs:string">
<xs:enumeration value="11n" />
<xs:enumeration value="11a" />
<xs:enumeration value="11gb" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="virtual-type">
<xs:restriction base="xs:string">
<xs:enumeration value="virtual-1g" />
</xs:restriction>
</xs:simpleType>
<xs:complexType name="port">
<xs:sequence>
<xs:element name="port-id" type="port-id"/>
<xs:element name="atm-type" type="atm-type" maxOccurs="1" minOccurs="0" />
<xs:element name="enet-type" type="enet-type" maxOccurs="1" minOccurs="0" />
<xs:element name="wifi-type" type="wifi-type" maxOccurs="1" minOccurs="0" />
<xs:element name="virtual-type" type="virtual-type" maxOccurs="1" minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="user-account">
<xs:sequence>
<xs:element name="user" type="user"/>
</xs:sequence>
</xs:complexType>
</xs:schema>
<CODE ENDS>
Authors' Addresses
Birkholz & Cam-Winget Expires January 20, 2018 [Page 27]
Internet-DraYANG subscribed notifications via SACM Statements July 2017
Henk Birkholz
Fraunhofer SIT
Rheinstrasse 75
Darmstadt 64295
Germany
Email: henk.birkholz@sit.fraunhofer.de
Nancy Cam-Winget
Cisco Systems
3550 Cisco Way
San Jose, CA 95134
USA
Email: ncamwing@cisco.com
Birkholz & Cam-Winget Expires January 20, 2018 [Page 28]