Hi OPSAWG, I have submitted two I2NSF Drafts for Intent-Based Security Management to OPSAWG since they are related to the Operations and Management for Cloud or Edge-Based Security Services. Event though the I2NSF WG concluded one year ago, the following drafts are now submitted to OPSAWG because they can complete Security Service Automation based on Intent-Based Networking (IBN) in RFC 9315. This submission was discussed with our I2NSF WG under the guidance of Linda Dunbar (I2NSF WG Chair).
- Security Management Automation of Cloud-Based Security Services in I2NSF Framework . URL: https://datatracker.ietf.org/doc/html/draft-jeong-opsawg-security-management-automation-00 . Summary: The scope of this document is to propose an extension of the standard I2NSF framework such that it can perform security management automation based on Intent-Based Networking (IBN) in RFC 9315. This document augments the existing I2NSF framework by adding the features of security policy translation, closed-loop security control, and security audit system to it. For this system augmentation, a system component called I2NSF Analyzer and a new external interface called Analytics Interface are introduced for Closed-Loop Security Control on the basis of the analysis of NSF monitoring data. . Purpose: Informational RFC - I2NSF Analytics Interface YANG Data Model for Closed-Loop Security Control in the I2NSF Framework . URL: https://datatracker.ietf.org/doc/html/draft-lingga-opsawg-analytics-interface-dm-00 . Summary: The scope of this document is to propose a YANG data model for a new external interface (called Analytics Interface) between Security Controller in the I2NSF framework and an Analyzer (performing the analysis of NSF monitoring data and the generation of policy reconfiguration and feedback). With this Analytics Interface, the I2NSF framework can perform Security Management Automation in terms of Closed-Loop Security Control. . Purpose: Proposed Standard RFC The two documents of draft-jeong-i2nsf-security-management-automation and draft-lingga-i2nsf-analytics-interface-dm can be published in either conferences or journals. However, the publication of RFCs will let the technologies in these two documents be widely used by the industry along with the existing I2NSF drafts approved as RFCs: https://datatracker.ietf.org/group/i2nsf/documents/ For draft-jeong-i2nsf-security-management-automation, this document is needed to complete the I2NSF Framework in RFC 8329 (Framework for Interface to Network Security Functions) in terms of Security Management Automation based on IBN in RFC 9315 (Intent-Based Networking - Concepts and Definitions). For draft-lingga-i2nsf-analytics-interface-dm, the YANG Data Model of Analytics Interface in draft-jeong-i2nsf-security-management-automation is well-synchronized with other I2NSF YANG Data Models (approved as RFCs) such as Consumer-Facing Interface, NSF-Facing Interface, Registration Interface, and Monitoring Interface: https://datatracker.ietf.org/group/i2nsf/documents/ Also, the concept of this YANG data model was proved by the IETF-113 Hackathon Project: https://github.com/jaehoonpaul/i2nsf-framework/tree/master/Hackathon-113 Adrian Farrel reviewed these two drafts and gave me lots of valuable comments. I have tried to address all of his comments on the current versions of the two drafts. Linda (as I2NSF WG Chair) will be able to ask for the YANG doctor review for draft-lingga-i2nsf-analytics-interface-dm. If you have questions and comments, please let me know. Thanks for your help and support. Best Regards, Paul -- =========================== Mr. Jaehoon (Paul) Jeong Department of Computer Science and Engineering Sungkyunkwan University Phone: +82-31-299-4957 Email: paulje...@skku.edu, jaehoon.p...@gmail.com URI: http://iotlab.skku.edu/people-jaehoon-jeong.php
_______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
