Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/11/200049th IETF - San Diego1 IPSP Configuration Model Framework Feedback Lee Rafalow IPSP WG & Policy WG IPSP Configuration.

Published byJuliet McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "12/11/200049th IETF - San Diego1 IPSP Configuration Model Framework Feedback Lee Rafalow IPSP WG & Policy WG IPSP Configuration."— Presentation transcript:

1 12/11/200049th IETF - San Diego1 IPSP Configuration Model Framework Feedback Lee Rafalow rafalow@raleigh.ibm.com IPSP WG & Policy WG IPSP Configuration Information Model (ICIM) http://rafalow.home.mindspring.com/dmtf.htm http://www.dmtf.org/spec/cims.html Feedback discussions

2 12/11/200049th IETF - San Diego2 DMTF Device-Model Overview

3 12/11/200049th IETF - San Diego3 Derived from Policy Framework

4 12/11/200049th IETF - San Diego4 Filter-based Conditions

5 12/11/200049th IETF - San Diego5 Actions, Proposals & Transforms

6 12/11/200049th IETF - San Diego6 IPSP Configuration Info Model Feedback Discussion Many of the differences in the models can be traced back to: –PCIM is a general framework –QPIM is a domain-level policy model –QDDIM is a device-level model of operational behavior –ICIM is a device-level policy model A few are just different approaches

7 12/11/200049th IETF - San Diego7 Condition Differences Filters & “Atoms” (QPIM) –IPSP provides for discipline-specific condition evaluation information using associations to a FilterList and CredentialManagementService –QPIM defines subclasses of Condition that provide a general grammar Implicit Condition Semantics –IPsec protocol provides identity information at different times in the protocol sequence –Condition evaluation is predicated on presence of the information, i.e., semantic of identity and credential filter is compound “if present and ” if and may evaluate to TRUE in early stage of Phase 1 and evaluate to FALSE once identity information is available

8 12/11/200049th IETF - San Diego8 IPsecPolicyGroupInPolicyGroup.GroupPriority (QPIM) –IPSP models GroupPriority in the aggregation –QPIM models gpPriority as a property of gpsPolicyGroup (in the same way as RulePriority) Rules in exactly one group (PCIM) Unique Rule & Group Priority values (PCIM) –Deterministic rule evaluation order Decision Strategy (QPIM) –IPSP decision strategy is Match First, implicit –QPIM has explicit decision strategies defined in qpPolicyDomain.gpPolicyRuleMatchMethod and gpsPolicyGroup.gpNamedPolicyRuleMatchMethod Group-related Differences

9 12/11/200049th IETF - San Diego9 PolicyGroup, Roles & Interface Bindings (PCIM) –IPsec model defines explicit association between IPsecPolicyGroup and interfaces (IPProtocolEndpoint) to which it applies –PCIM defines PolicyRole on a rule basis, association by named relationship IKERule.IdentityContexts & Roles (PCIM) –IdentityContexts uses roles and role combinations syntax –Provides named relationship between IKERule and appropriate local identity to use, used with other properties IKEAction.UseIkeIdentityType IPProtocolEndpoint Policy Roles

10 12/11/200049th IETF - San Diego10 Inheritance Discussion Device-level model structures –QDDIM is a model of operational behavior, derives from operational classes –IPSP ICIM is a policy model, derives from Policy classes PolicyActions vs. Settings –Some disagreement about class derivations Multiple inheritance in a single inheritance environment –Bypass and Discard

11 12/11/200049th IETF - San Diego11 PolicyRule.SequencedActions (PCIM) –“Mandatory” but with a “use first appropriate” semantic, extend enumeration values? PolicyElementInRepository (QPIM) –IPSP defines …InRepository associations for SAProposal & SATransform, weak associations –QPIM defines one general association Other Discussion Topics

Download ppt "12/11/200049th IETF - San Diego1 IPSP Configuration Model Framework Feedback Lee Rafalow IPSP WG & Policy WG IPSP Configuration."

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
Dr. Bhavani Thuraisingham February 18, 2011 Building Trustworthy Semantic Webs RDF and RDF Security.

Dr. Bhavani Thuraisingham February 18, 2011 Building Trustworthy Semantic Webs RDF and RDF Security.
Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)

Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)
The software process A software process is a set of activities and associated results which lead to the production of a software product. This may involve.

The software process A software process is a set of activities and associated results which lead to the production of a software product. This may involve.
1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004

1 CPCP Hisham Khartabil XCON WG IETF 60, San Diego 2 nd August, 2004
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 © 2003, Cisco Systems, Inc. All rights reserved. IEEE Policy Conference 2004 CIM and Ponder Andrea Westerinen, Cisco June, 2004.

1 © 2003, Cisco Systems, Inc. All rights reserved. IEEE Policy Conference 2004 CIM and Ponder Andrea Westerinen, Cisco June, 2004.
Using XACML Policies to Express OAuth Scope Hal Lockhart Oracle June 27, 2013.

Using XACML Policies to Express OAuth Scope Hal Lockhart Oracle June 27, 2013.
Chapter 1 Object-Oriented System Development

Chapter 1 Object-Oriented System Development
Chapter 14 (Web): Object-Oriented Data Modeling

Chapter 14 (Web): Object-Oriented Data Modeling
What is UML? A modeling language standardized by the OMG (Object Management Group), and widely used in OO analysis and design A modeling language is a.

What is UML? A modeling language standardized by the OMG (Object Management Group), and widely used in OO analysis and design A modeling language is a.
Policy Framework Status aaaarch mtg, irtf, Aug. 2, 2000 Ed Ellesson co-chairs of policy framework wg: Ed Ellesson: John Strassner:

Policy Framework Status aaaarch mtg, irtf, Aug. 2, 2000 Ed Ellesson co-chairs of policy framework wg: Ed Ellesson: John Strassner:
Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.

Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.
Chapter 10 Classes Continued

Chapter 10 Classes Continued
8.1 Classes & Inheritance. 8.1.1 Inheritance Objects are created to model ‘things’ Sometimes, ‘things’ may be different, but still have many attributes.

8.1 Classes & Inheritance Inheritance Objects are created to model ‘things’ Sometimes, ‘things’ may be different, but still have many attributes.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 11 Object and Object- Relational Databases.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 11 Object and Object- Relational Databases.
Chapter 14: Object-Oriented Data Modeling

Chapter 14: Object-Oriented Data Modeling
Intelligent Tutoring Systems Traditional CAI Fully specified presentation text Canned questions and associated answers Lack the ability to adapt to students.

Intelligent Tutoring Systems Traditional CAI Fully specified presentation text Canned questions and associated answers Lack the ability to adapt to students.
Slide #1 Minneapolis, March 10, 2005XCON WG, IETF62 draft-levin-xcon-cccp-02.txt Orit Levin Roni Even

Slide #1 Minneapolis, March 10, 2005XCON WG, IETF62 draft-levin-xcon-cccp-02.txt Orit Levin Roni Even
CSE 331 Software Design & Implementation Hal Perkins Autumn 2012 Java Classes, Interfaces, and Types 1.

CSE 331 Software Design & Implementation Hal Perkins Autumn 2012 Java Classes, Interfaces, and Types 1.

Similar presentations

Ads by Google