| draft-ietf-i2nsf-nsf-facing-interface-dm-11.txt | draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt | |||
|---|---|---|---|---|
| I2NSF Working Group J. Kim, Ed. | I2NSF Working Group J. Kim, Ed. | |||
| Internet-Draft J. Jeong, Ed. | Internet-Draft J. Jeong, Ed. | |||
| Intended status: Standards Track Sungkyunkwan University | Intended status: Standards Track Sungkyunkwan University | |||
| Expires: August 6, 2021 J. Park | Expires: September 9, 2021 J. Park | |||
| ETRI | ETRI | |||
| S. Hares | S. Hares | |||
| Q. Lin | Q. Lin | |||
| Huawei | Huawei | |||
| February 2, 2021 | March 8, 2021 | |||
| I2NSF Network Security Function-Facing Interface YANG Data Model | I2NSF Network Security Function-Facing Interface YANG Data Model | |||
| draft-ietf-i2nsf-nsf-facing-interface-dm-11 | draft-ietf-i2nsf-nsf-facing-interface-dm-12 | |||
| Abstract | Abstract | |||
| This document defines a YANG data model for configuring security | This document defines a YANG data model for configuring security | |||
| policy rules on Network Security Functions (NSF) in the Interface to | policy rules on Network Security Functions (NSF) in the Interface to | |||
| Network Security Functions (I2NSF) framework. The YANG data model in | Network Security Functions (I2NSF) framework. The YANG data model in | |||
| this document corresponds to the information model for NSF-Facing | this document corresponds to the information model for NSF-Facing | |||
| Interface in the I2NSF framework. | Interface in the I2NSF framework. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 6, 2021. | This Internet-Draft will expire on September 9, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 14, line 22 ¶ | skipping to change at page 14, line 22 ¶ | |||
| firewall, web filter, VoIP/VoLTE security service, and DDoS-attack | firewall, web filter, VoIP/VoLTE security service, and DDoS-attack | |||
| mitigation in Section 5. | mitigation in Section 5. | |||
| 4.1. YANG Module of NSF-Facing Interface | 4.1. YANG Module of NSF-Facing Interface | |||
| This section describes a YANG module of NSF-Facing Interface. This | This section describes a YANG module of NSF-Facing Interface. This | |||
| YANG module imports from [RFC6991]. It makes references to [RFC0768] | YANG module imports from [RFC6991]. It makes references to [RFC0768] | |||
| [RFC0791][RFC0792][RFC0793][RFC3261][RFC4443][RFC8200][RFC8329][RFC83 | [RFC0791][RFC0792][RFC0793][RFC3261][RFC4443][RFC8200][RFC8329][RFC83 | |||
| 35][RFC8344][ISO-Country-Codes][IANA-Protocol-Numbers]. | 35][RFC8344][ISO-Country-Codes][IANA-Protocol-Numbers]. | |||
| <CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2021-02-02.yang" | <CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2021-03-08.yang" | |||
| module ietf-i2nsf-policy-rule-for-nsf { | module ietf-i2nsf-policy-rule-for-nsf { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace | namespace | |||
| "urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf"; | "urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf"; | |||
| prefix | prefix | |||
| nsfintf; | nsfintf; | |||
| import ietf-inet-types{ | import ietf-inet-types{ | |||
| prefix inet; | prefix inet; | |||
| reference "RFC 6991"; | reference "RFC 6991"; | |||
| skipping to change at page 15, line 12 ¶ | skipping to change at page 15, line 12 ¶ | |||
| Editor: Jaehoon Paul Jeong | Editor: Jaehoon Paul Jeong | |||
| <mailto:pauljeong@skku.edu>"; | <mailto:pauljeong@skku.edu>"; | |||
| description | description | |||
| "This module is a YANG module for Network Security Functions | "This module is a YANG module for Network Security Functions | |||
| (NSF)-Facing Interface. | (NSF)-Facing Interface. | |||
| Copyright (c) 2021 IETF Trust and the persons identified as | Copyright (c) 2021 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject to | |||
| to the license terms contained in, the Simplified BSD License | the license terms contained in, the Simplified BSD License set | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| http://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX | |||
| the RFC itself for full legal notices."; | (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself | |||
| for full legal notices."; | ||||
| revision "2021-02-02"{ | revision "2021-03-08"{ | |||
| description "The latest revision."; | description "The latest revision."; | |||
| reference | reference | |||
| "RFC XXXX: I2NSF Network Security Function-Facing Interface | "RFC XXXX: I2NSF Network Security Function-Facing Interface | |||
| YANG Data Model"; | YANG Data Model"; | |||
| } | } | |||
| /* | /* | |||
| * Identities | * Identities | |||
| */ | */ | |||
| skipping to change at page 78, line 47 ¶ | skipping to change at page 79, line 4 ¶ | |||
| leaf-list target-device { | leaf-list target-device { | |||
| type identityref { | type identityref { | |||
| base target-device; | base target-device; | |||
| } | } | |||
| description | description | |||
| "Leaf list for target devices"; | "Leaf list for target devices"; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| container users-condition { | container users-condition { | |||
| description | description | |||
| "Condition for users"; | "Condition for users"; | |||
| leaf users-description { | leaf users-description { | |||
| type string; | type string; | |||
| description | description | |||
| "This is the description for users' condition."; | "This is the description for users' condition."; | |||
| } | } | |||
| list user{ | list user{ | |||
| key "user-id"; | ||||
| description | description | |||
| "The user (or user group) information with which | "The user (or user group) information with which | |||
| network flow is associated: The user has many | network flow is associated: The user has many | |||
| attributes such as name, id, password, type, | attributes such as name, id, password, type, | |||
| authentication mode and so on. | authentication mode and so on. | |||
| id is often used in the security policy to | id is often used in the security policy to | |||
| identify the user. | identify the user. | |||
| Besides, an NSF is aware of the IP address of the | Besides, an NSF is aware of the IP address of the | |||
| user provided by a unified user management system | user provided by a unified user management system | |||
| via network. Based on name-address association, | via network. Based on name-address association, | |||
| an NSF is able to enforce the security functions | an NSF is able to enforce the security functions | |||
| over the given user (or user group)"; | over the given user (or user group)"; | |||
| key "user-id"; | ||||
| leaf user-id { | leaf user-id { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "The ID of the user."; | "The ID of the user."; | |||
| } | } | |||
| leaf user-name { | leaf user-name { | |||
| type string; | type string; | |||
| description | description | |||
| "The name of the user."; | "The name of the user."; | |||
| } | } | |||
| } | } | |||
| list group { | list group { | |||
| key "group-id"; | ||||
| description | description | |||
| "The user (or user group) information with which | "The user (or user group) information with which | |||
| network flow is associated: The user has many | network flow is associated: The user has many | |||
| attributes such as name, id, password, type, | attributes such as name, id, password, type, | |||
| authentication mode and so on. | authentication mode and so on. | |||
| id is often used in the security policy to | id is often used in the security policy to | |||
| identify the user. | identify the user. | |||
| Besides, an NSF is aware of the IP address of the | Besides, an NSF is aware of the IP address of the | |||
| user provided by a unified user management system | user provided by a unified user management system | |||
| via network. Based on name-address association, | via network. Based on name-address association, | |||
| an NSF is able to enforce the security functions | an NSF is able to enforce the security functions | |||
| over the given user (or user group)"; | over the given user (or user group)"; | |||
| key "group-id"; | ||||
| leaf group-id { | leaf group-id { | |||
| type uint32; | type uint32; | |||
| description | description | |||
| "The ID of the group."; | "The ID of the group."; | |||
| } | } | |||
| leaf group-name { | leaf group-name { | |||
| type string; | type string; | |||
| description | description | |||
| "The name of the group."; | "The name of the group."; | |||
| } | } | |||
| skipping to change at page 101, line 29 ¶ | skipping to change at page 101, line 29 ¶ | |||
| "Codes for the representation of names of countries and | "Codes for the representation of names of countries and | |||
| their subdivisions", ISO 3166, September 2018. | their subdivisions", ISO 3166, September 2018. | |||
| [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. | [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. | |||
| Kumar, "Framework for Interface to Network Security | Kumar, "Framework for Interface to Network Security | |||
| Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, | Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, | |||
| <https://www.rfc-editor.org/info/rfc8329>. | <https://www.rfc-editor.org/info/rfc8329>. | |||
| Authors' Addresses | Authors' Addresses | |||
| Jinyong Tim Kim (editor) | Jinyong (Tim) Kim (editor) | |||
| Department of Electronic, Electrical and Computer Engineering | Department of Electronic, Electrical and Computer Engineering | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| 2066 Seobu-Ro, Jangan-Gu | 2066 Seobu-Ro, Jangan-Gu | |||
| Suwon, Gyeonggi-Do 16419 | Suwon, Gyeonggi-Do 16419 | |||
| Republic of Korea | Republic of Korea | |||
| Phone: +82 10 8273 0930 | Phone: +82 10 8273 0930 | |||
| EMail: timkim@skku.edu | EMail: timkim@skku.edu | |||
| Jaehoon Paul Jeong (editor) | Jaehoon (Paul) Jeong (editor) | |||
| Department of Computer Science and Engineering | Department of Computer Science and Engineering | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| 2066 Seobu-Ro, Jangan-Gu | 2066 Seobu-Ro, Jangan-Gu | |||
| Suwon, Gyeonggi-Do 16419 | Suwon, Gyeonggi-Do 16419 | |||
| Republic of Korea | Republic of Korea | |||
| Phone: +82 31 299 4957 | Phone: +82 31 299 4957 | |||
| Fax: +82 31 290 7996 | Fax: +82 31 290 7996 | |||
| EMail: pauljeong@skku.edu | EMail: pauljeong@skku.edu | |||
| URI: http://iotlab.skku.edu/people-jaehoon-jeong.php | URI: http://iotlab.skku.edu/people-jaehoon-jeong.php | |||
| End of changes. 16 change blocks. | ||||
| 19 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||