draft-ietf-i2nsf-nsf-facing-interface-dm-11.txt   draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt 
I2NSF Working Group J. Kim, Ed. I2NSF Working Group J. Kim, Ed.
Internet-Draft J. Jeong, Ed. Internet-Draft J. Jeong, Ed.
Intended status: Standards Track Sungkyunkwan University Intended status: Standards Track Sungkyunkwan University
Expires: August 6, 2021 J. Park Expires: September 9, 2021 J. Park
ETRI ETRI
S. Hares S. Hares
Q. Lin Q. Lin
Huawei Huawei
February 2, 2021 March 8, 2021
I2NSF Network Security Function-Facing Interface YANG Data Model I2NSF Network Security Function-Facing Interface YANG Data Model
draft-ietf-i2nsf-nsf-facing-interface-dm-11 draft-ietf-i2nsf-nsf-facing-interface-dm-12
Abstract Abstract
This document defines a YANG data model for configuring security This document defines a YANG data model for configuring security
policy rules on Network Security Functions (NSF) in the Interface to policy rules on Network Security Functions (NSF) in the Interface to
Network Security Functions (I2NSF) framework. The YANG data model in Network Security Functions (I2NSF) framework. The YANG data model in
this document corresponds to the information model for NSF-Facing this document corresponds to the information model for NSF-Facing
Interface in the I2NSF framework. Interface in the I2NSF framework.
Status of This Memo Status of This Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 6, 2021. This Internet-Draft will expire on September 9, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 14, line 22 skipping to change at page 14, line 22
firewall, web filter, VoIP/VoLTE security service, and DDoS-attack firewall, web filter, VoIP/VoLTE security service, and DDoS-attack
mitigation in Section 5. mitigation in Section 5.
4.1. YANG Module of NSF-Facing Interface 4.1. YANG Module of NSF-Facing Interface
This section describes a YANG module of NSF-Facing Interface. This This section describes a YANG module of NSF-Facing Interface. This
YANG module imports from [RFC6991]. It makes references to [RFC0768] YANG module imports from [RFC6991]. It makes references to [RFC0768]
[RFC0791][RFC0792][RFC0793][RFC3261][RFC4443][RFC8200][RFC8329][RFC83 [RFC0791][RFC0792][RFC0793][RFC3261][RFC4443][RFC8200][RFC8329][RFC83
35][RFC8344][ISO-Country-Codes][IANA-Protocol-Numbers]. 35][RFC8344][ISO-Country-Codes][IANA-Protocol-Numbers].
<CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2021-02-02.yang" <CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2021-03-08.yang"
module ietf-i2nsf-policy-rule-for-nsf { module ietf-i2nsf-policy-rule-for-nsf {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf";
prefix prefix
nsfintf; nsfintf;
import ietf-inet-types{ import ietf-inet-types{
prefix inet; prefix inet;
reference "RFC 6991"; reference "RFC 6991";
skipping to change at page 15, line 12 skipping to change at page 15, line 12
Editor: Jaehoon Paul Jeong Editor: Jaehoon Paul Jeong
<mailto:pauljeong@skku.edu>"; <mailto:pauljeong@skku.edu>";
description description
"This module is a YANG module for Network Security Functions "This module is a YANG module for Network Security Functions
(NSF)-Facing Interface. (NSF)-Facing Interface.
Copyright (c) 2021 IETF Trust and the persons identified as Copyright (c) 2021 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject to
to the license terms contained in, the Simplified BSD License the license terms contained in, the Simplified BSD License set
set forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
http://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX
the RFC itself for full legal notices."; (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.";
revision "2021-02-02"{ revision "2021-03-08"{
description "The latest revision."; description "The latest revision.";
reference reference
"RFC XXXX: I2NSF Network Security Function-Facing Interface "RFC XXXX: I2NSF Network Security Function-Facing Interface
YANG Data Model"; YANG Data Model";
} }
/* /*
* Identities * Identities
*/ */
skipping to change at page 78, line 47 skipping to change at page 79, line 4
leaf-list target-device { leaf-list target-device {
type identityref { type identityref {
base target-device; base target-device;
} }
description description
"Leaf list for target devices"; "Leaf list for target devices";
} }
} }
} }
container users-condition { container users-condition {
description description
"Condition for users"; "Condition for users";
leaf users-description { leaf users-description {
type string; type string;
description description
"This is the description for users' condition."; "This is the description for users' condition.";
} }
list user{ list user{
key "user-id";
description description
"The user (or user group) information with which "The user (or user group) information with which
network flow is associated: The user has many network flow is associated: The user has many
attributes such as name, id, password, type, attributes such as name, id, password, type,
authentication mode and so on. authentication mode and so on.
id is often used in the security policy to id is often used in the security policy to
identify the user. identify the user.
Besides, an NSF is aware of the IP address of the Besides, an NSF is aware of the IP address of the
user provided by a unified user management system user provided by a unified user management system
via network. Based on name-address association, via network. Based on name-address association,
an NSF is able to enforce the security functions an NSF is able to enforce the security functions
over the given user (or user group)"; over the given user (or user group)";
key "user-id";
leaf user-id { leaf user-id {
type uint32; type uint32;
description description
"The ID of the user."; "The ID of the user.";
} }
leaf user-name { leaf user-name {
type string; type string;
description description
"The name of the user."; "The name of the user.";
} }
} }
list group { list group {
key "group-id";
description description
"The user (or user group) information with which "The user (or user group) information with which
network flow is associated: The user has many network flow is associated: The user has many
attributes such as name, id, password, type, attributes such as name, id, password, type,
authentication mode and so on. authentication mode and so on.
id is often used in the security policy to id is often used in the security policy to
identify the user. identify the user.
Besides, an NSF is aware of the IP address of the Besides, an NSF is aware of the IP address of the
user provided by a unified user management system user provided by a unified user management system
via network. Based on name-address association, via network. Based on name-address association,
an NSF is able to enforce the security functions an NSF is able to enforce the security functions
over the given user (or user group)"; over the given user (or user group)";
key "group-id";
leaf group-id { leaf group-id {
type uint32; type uint32;
description description
"The ID of the group."; "The ID of the group.";
} }
leaf group-name { leaf group-name {
type string; type string;
description description
"The name of the group."; "The name of the group.";
} }
skipping to change at page 101, line 29 skipping to change at page 101, line 29
"Codes for the representation of names of countries and "Codes for the representation of names of countries and
their subdivisions", ISO 3166, September 2018. their subdivisions", ISO 3166, September 2018.
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>. <https://www.rfc-editor.org/info/rfc8329>.
Authors' Addresses Authors' Addresses
Jinyong Tim Kim (editor) Jinyong (Tim) Kim (editor)
Department of Electronic, Electrical and Computer Engineering Department of Electronic, Electrical and Computer Engineering
Sungkyunkwan University Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu 2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419 Suwon, Gyeonggi-Do 16419
Republic of Korea Republic of Korea
Phone: +82 10 8273 0930 Phone: +82 10 8273 0930
EMail: timkim@skku.edu EMail: timkim@skku.edu
Jaehoon Paul Jeong (editor) Jaehoon (Paul) Jeong (editor)
Department of Computer Science and Engineering Department of Computer Science and Engineering
Sungkyunkwan University Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu 2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419 Suwon, Gyeonggi-Do 16419
Republic of Korea Republic of Korea
Phone: +82 31 299 4957 Phone: +82 31 299 4957
Fax: +82 31 290 7996 Fax: +82 31 290 7996
EMail: pauljeong@skku.edu EMail: pauljeong@skku.edu
URI: http://iotlab.skku.edu/people-jaehoon-jeong.php URI: http://iotlab.skku.edu/people-jaehoon-jeong.php
 End of changes. 16 change blocks. 
19 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/