[IDS] Some IETF references for policy-based management

[IDS] Some IETF references for policy-based management

[IDS] Some IETF references for policy-based management

Ira McDonald blueroofmusic at gmail.com
Tue Oct 29 00:38:44 UTC 2013


Hi,

Quoting from Dave Harrington's note on IETF SACM WG list today:

"You seem to be making security optional, with "MAY support mutual
authentication" etc.  Please look at RFC3365, which specifies an IETF
requirement for IETF standards.

The IESG will consider the RFC3365 requirements when deciding whether
to approve our documents.

If we are going to talk about "policy", we should make sure our terminology
is consistent with previous IETF publications related to policy.  I'd start
with
RFC4949, since we are a SEC area WG.

We should probably at least look at:

RFC2753 - A Framework for Policy-based Admission Control
RFC2768 - Network Policy and Services: A Report of a Workshop on Middleware
RFC3060 - Policy Core Information Model -- Version 1 Specification
RFC3198 - Terminology for Policy-Based Management
RFC3571 - Framework Policy Information Base for Usage Feedback

Policy-based management, of which at least part of SACM appears to be a
subset, has been discussed in the IETF.  There are a number of IETF
standards
and documents that resulted from prior efforts.

A great deal of thought went into the work, and we should not ignore what
has already been done.

RFC3060 has a data model (and an inherent information model) for describing
policies, including policies, groups, rules, properties of rules (enabled,
priority,
etc.), conditions, periods, actions, constraints, repository, associations,
aggregations, components, and so on.

They may not apply directly to the work we are doing, but the discussions we
have been having certainly seem to be related to this prior work.

RFC3571 has an information model for monitoring the usage of policies.
This includes allowing one architectural entity (I'll be glad when we reach
consensus on some terms we can use to talk about these things)

To query another architectural entity (such as an evaluator) to determine
which
policies (evaluations) are supported, intervals for periodic reporting,
actions,
thresholds, etc.

Much of the work on policy was a joint effort with people from DMTF."


Cheers,
- Ira


Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG IPP WG
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - TCG Embedded Systems Hardcopy SG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music/High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto:blueroofmusic at gmail.com
Winter  579 Park Place  Saline, MI  48176  734-944-0094
Summer  PO Box 221  Grand Marais, MI 49839  906-494-2434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20131028/daea66a0/attachment.html>


More information about the ids mailing list