< draft-ietf-supa-generic-policy-data-model-03.txt   draft-ietf-supa-generic-policy-data-model-04.txt >
Network Working Group J. Halpern Network Working Group J. Halpern
Internet-Draft Ericsson Internet-Draft Ericsson
Intended status: Informational J. Strassner Intended status: Informational J. Strassner
Expires: October 15, 2017 Huawei Technologies Expires: December 20, 2017 Huawei Technologies
S. Van der Meer S. Van der Meer
Ericsson Ericsson
April 15, 2017 June 18, 2017
Generic Policy Data Model for Generic Policy Data Model for
Simplified Use of Policy Abstractions (SUPA) Simplified Use of Policy Abstractions (SUPA)
draft-ietf-supa-generic-policy-data-model-03 draft-ietf-supa-generic-policy-data-model-04
Abstract Abstract
This document defines two YANG policy data modules. The first is a This document defines two YANG policy data modules. The first is a
generic policy model that is meant to be extended on an application- generic policy model that is meant to be extended on an application-
specific basis. The second is an exemplary extension of the first specific basis. The second is an exemplary extension of the first
generic policy model, and defines rules as event-condition-action generic policy model, and defines rules as event-condition-action
policies. Both models are independent of the level of abstraction of policies. Both models are independent of the level of abstraction of
the content and meaning of a policy. the content and meaning of a policy.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current working documents as Internet-Drafts. The list of current
Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in as reference material or to cite them other than as "work in
progress." progress."
This Internet-Draft will expire on April 15, 2017. This Internet-Draft will expire on June 18, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Overview ....................................................... 2 1. Overview ....................................................... 2
2. Conventions Used in This Document .............................. 2 2. Conventions Used in This Document .............................. 2
3. Terminology .................................................... 3 3. Terminology .................................................... 3
3.1. Acronyms ................................................. 3 3.1. Acronyms ................................................. 3
3.2. Definitions .............................................. 3 3.2. Definitions .............................................. 3
3.3. Symbology ................................................ 5 3.3. Symbology ................................................ 5
4. Design of the SUPA Policy Data Models ......................... 5 4. Design of the SUPA Policy Data Models ......................... 5
4.1. Objectives ............................................... 5 4.1. Objectives ............................................... 5
4.2 Yang Data Model Maintenance ................................ 5 4.2 Yang Data Model Maintenance ................................ 6
4.3 YANG Data Model Overview ................................... 6 4.3 YANG Data Model Overview ................................... 6
4.4. YANG Tree Diagram ........................................ 7 4.4. YANG Tree Diagram ........................................ 7
5. SUPA Policy Data Model YANG Module ............................ 11 5. SUPA Policy Data Model YANG Module ............................ 12
6. IANA Considerations ........................................... 63 6. IANA Considerations ........................................... 69
7. Security Considerations ....................................... 63 7. Security Considerations ....................................... 69
8. Acknowledgments ............................................... 63 8. Acknowledgments ............................................... 69
9. References .................................................... 63 9. References .................................................... 69
9.1. Normative References ..................................... 63 9.1. Normative References ..................................... 69
9.2. Informative References ................................... 63 9.2. Informative References ................................... 69
Authors' Addresses ................................................ 64 Authors' Addresses ................................................ 70
1. Overview 1. Overview
This document defines two YANG [RFC6020] [RFC6991] policy data This document defines two YANG [RFC6020] [RFC6991] policy data
models. The first is a generic policy model that is meant to be models. The first is a generic policy model that is meant to be
extended on an application-specific basis. It is derived from the extended on an application-specific basis. It is derived from the
Generic Policy Information Model (GPIM) defined in [1]. The second Generic Policy Information Model (GPIM) defined in [1]. The second
is an exemplary extension of the first (generic policy) model, and is an exemplary extension of the first (generic policy) model, and
defines policy rules as event-condition-action tuples. Both models defines policy rules as event-condition-action tuples. Both models
are independent of the level of abstraction of the content and are independent of the level of abstraction of the content and
skipping to change at page 7, line 53 skipping to change at page 7, line 53
The YANG Tree Diagram starts on the next page. It uses the following The YANG Tree Diagram starts on the next page. It uses the following
abbreviations for datatypes: abbreviations for datatypes:
- B: Boolean - B: Boolean
- E: enumeration - E: enumeration
- II: instance-identifier - II: instance-identifier
- IR: identityref - IR: identityref
- PC: policy-constraint-language-list - PC: policy-constraint-language-list
- PD: policy-data-type-encoding-list - PD: policy-data-type-encoding-list
- PS: policy-deploy-status-list
- S: string - S: string
- YD: yang:date-and-time - YD: yang:date-and-time
- UI: uint32 - UI: uint32
module: ietf-supa-policy module: ietf-supa-policy
+--rw supa-encoding-clause-container +--rw supa-encoding-clause-container
| +--rw supa-encoding-clause-list* [supa-policy-ID] | +--rw supa-encoding-clause-list* [supa-policy-ID]
| +--rw entity-class? IR | +--rw entity-class? identityref
| +--rw supa-policy-ID S | +--rw supa-policy-ID string
| +--rw supa-policy-name? S | +--rw supa-policy-name? string
| +--rw supa-policy-object-description? S | +--rw supa-policy-object-description? string
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-has-policy-component-decorator-part-ptr II | +--rw supa-policy-clause-deploy-status identityref
| +--rw supa-policy-clause-deploy-status E | +--rw supa-has-policy-clause-part-ptr* instance-identifier
| +--rw supa-has-policy-clause-part-ptr* II | +--rw supa-policy-clause-has-decorator-agg-ptr* instance-identifier
I +--rw supa-encoded-clause-content S | +--rw supa-encoded-clause-content string
I +--rw supa-encoded-clause-language E | +--rw supa-encoded-clause-language enumeration
+--rw supa-policy-variable-container +--rw supa-policy-variable-container
| +--rw supa-policy-variable-list* [supa-policy-ID] | +--rw supa-policy-variable-list* [supa-policy-ID]
| +--rw entity-class? IR | +--rw entity-class? identityref
| +--rw supa-policy-ID S | +--rw supa-policy-ID string
| +--rw supa-policy-name? S | +--rw supa-policy-name? string
| +--rw supa-policy-object-description? S | +--rw supa-policy-object-description? string
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-has-policy-component-decorator-part-ptr II | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier
| +--rw supa-has-policy-component-decorator-agg-ptr* II | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier
| +--rw supa-decorator-constraints* S | +--rw supa-pol-clause-constraint* string
| +--rw supa-has-decorator-constraint-encoding? PC | +--rw supa-pol-clause-constraint-encoding? identityref
| +--rw supa-policy-term-is-negated? B | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier
| +-rw supa-policy-variable-name? S | +--rw supa-pol-comp-constraint* string
| +--rw supa-pol-comp-constraint-encoding? identityref
| +--rw supa-policy-term-is-negated? boolean
| +--rw supa-policy-variable-name? string
+--rw supa-policy-operator-container +--rw supa-policy-operator-container
| +--rw supa-policy-operator-list* [supa-policy-ID] +--rw supa-policy-operator-container
| +--rw entity-class? IR | +--rw supa-policy-operator-list* [supa-policy-ID]
| +--rw supa-policy-ID S | +--rw entity-class? identityref
| +--rw supa-policy-name? S | +--rw supa-policy-ID string
| +--rw supa-policy-object-description? S | +--rw supa-policy-name? string
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-policy-object-description? string
| +--rw supa-has-policy-component-decorator-part-ptr II | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-has-policy-component-decorator-agg-ptr* II | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier
| +--rw supa-decorator-constraints* S | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier
| +--rw supa-has-decorator-constraint-encoding? PC | +--rw supa-pol-clause-constraint* string
| +--rw supa-policy-term-is-negated? B | +--rw supa-pol-clause-constraint-encoding? identityref
| +--rw supa-policy-value-op-type E | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier
+--rw supa-policy-value-container | +--rw supa-pol-comp-constraint* string
| +--rw supa-policy-value-list* [supa-policy-ID] | +--rw supa-pol-comp-constraint-encoding? identityref
| +--rw entity-class? IR | +--rw supa-policy-term-is-negated? boolean
| +--rw supa-policy-ID S | +--rw supa-policy-value-op-type enumeration
| +--rw supa-policy-name? S +--rw supa-policy-value-container
| +--rw supa-policy-object-description? S | +--rw supa-policy-value-list* [supa-policy-ID]
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw entity-class? identityref
| +--rw supa-has-policy-component-decorator-part-ptr II | +--rw supa-policy-ID string
| +--rw supa-has-policy-component-decorator-agg-ptr* II | +--rw supa-policy-name? string
| +--rw supa-decorator-constraints* S | +--rw supa-policy-object-description? string
| +--rw supa-has-decorator-constraint-encoding? PC | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-policy-term-is-negated? B | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier
| +--rw supa-policy-value-content* S | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier
| +--rw supa-policy-value-encoding? PD | +--rw supa-pol-clause-constraint* string
+--rw supa-policy-generic-decorated-container | +--rw supa-pol-clause-constraint-encoding? identityref
| +--rw supa-encoding-clause-list* [supa-policy-ID] | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier
| +--rw entity-class? IR | +--rw supa-pol-comp-constraint* string
| +--rw supa-policy-ID S | +--rw supa-pol-comp-constraint-encoding? identityref
| +--rw supa-policy-name? S | +--rw supa-policy-term-is-negated? boolean
| +--rw supa-policy-object-description? S | +--rw supa-policy-value-content* string
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-policy-value-encoding? identityref
| +--rw supa-has-policy-component-decorator-part-ptr II +--rw supa-policy-generic-decorated-container
| +--rw supa-has-policy-component-decorator-agg-ptr* II | +--rw supa-encoding-clause-list* [supa-policy-ID]
| +--rw supa-decorator-constraints* S | +--rw entity-class? identityref
| +--rw supa-has-decorator-constraint-encoding? PC | +--rw supa-policy-ID string
| +--rw supa-policy-generic-decorated-content* S | +--rw supa-policy-name? string
| +--rw supa-policy-generic-decorated-encoding? PD | +--rw supa-policy-object-description? string
+--rw supa-policy-source-container | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-source-list* [supa-policy-ID] | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier
| +--rw entity-class? IR | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier
| +--rw supa-policy-ID S | +--rw supa-pol-clause-constraint* string
| +--rw supa-policy-name? S | +--rw supa-pol-clause-constraint-encoding? identityref
| +--rw supa-policy-object-description? S | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-pol-comp-constraint* string
| +--rw supa-has-policy-source-part-ptr II | +--rw supa-pol-comp-constraint-encoding? identityref
+--rw supa-policy-target-container | +--rw supa-policy-generic-decorated-content* string
| +--rw supa-target-list* [supa-policy-ID] | +--rw supa-policy-generic-decorated-encoding? identityref
| +--rw entity-class? IR +--rw supa-policy-source-container
| +--rw supa-policy-ID S | +--rw supa-policy-source-list* [supa-policy-ID]
| +--rw supa-policy-name? S | +--rw entity-class? identityref
| +--rw supa-policy-object-description? S | +--rw supa-policy-ID string
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-policy-name? string
| +--rw supa-has-policy-target-part-ptr II | +--rw supa-policy-object-description? string
+--rw supa-policy-concrete-metadata-container | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-policy-concrete-metadata-list* | +--rw supa-has-policy-source-part-ptr* instance-identifier
[supa-policy-metadata-id] +--rw supa-policy-target-container
| +--rw entity-class? IR | +--rw supa-policy-target-list* [supa-policy-ID]
| +--rw supa-policy-metadata-id S | +--rw entity-class? identityref
| +--rw supa-policy-metadata-description? S | +--rw supa-policy-ID string
| +--rw supa-policy-metadata-name? S | +--rw supa-policy-name? string
| +--rw supa-has-policy-metadata-part-ptr* II | +--rw supa-policy-object-description? string
| +--rw supa-has-policy-metadata-dec-part-ptr* II | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-policy-metadata-valid-period-end? YD | +--rw supa-has-policy-target-part-ptr* instance-identifier
| +--rw supa-policy-metadata-valid-period-start? YD +--rw supa-policy-concrete-metadata-container
+--rw supa-policy-metadata-decorator-access-container | +--rw supa-policy-concrete-metadata-list* [supa-policy-metadata-id]
| +--rw supa-policy-metadata-decorator-access-list* | +--rw entity-class? identityref
[supa-policy-metadata-id] | +--rw supa-policy-metadata-id string
| +--rw entity-class? IR | +--rw supa-policy-metadata-description? string
| +--rw supa-policy-metadata-id S | +--rw supa-policy-metadata-name? string
| +--rw supa-policy-metadata-description? S | +--rw supa-has-policy-metadata-part-ptr* instance-identifier
| +--rw supa-policy-metadata-name? S | +--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier
| +--rw supa-has-policy-metadata-part-ptr* II | +--rw supa-policy-metadata-valid-period-end? yang:date-and-time
| +--rw supa-has-policy-metadata-dec-part-ptr* II | +--rw supa-policy-metadata-valid-period-start? yang:date-and-time
| +--rw supa-has-policy-metadata-dec-agg-ptr? II +--rw supa-policy-metadata-decorator-access-container
+--rw supa-policy-metadata-decorator-version-container | +--rw supa-policy-metadata-decorator-access-list* [supa-policy-metadata-id]
| +--rw supa-policy-metadata-decorator-version-list* | +--rw entity-class? identityref
[supa-policy-metadata-id] | +--rw supa-policy-metadata-id string
| +--rw entity-class? IR | +--rw supa-policy-metadata-description? string
| +--rw supa-policy-metadata-id S | +--rw supa-policy-metadata-name? string
| +--rw supa-policy-metadata-description? S | +--rw supa-has-policy-metadata-part-ptr* instance-identifier
| +--rw supa-policy-metadata-name? S | +--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier
| +--rw supa-has-policy-metadata-part-ptr* II | +--rw supa-has-policy-metadata-dec-agg-ptr? instance-identifier
| +--rw supa-has-policy-metadata-dec-part-ptr* II +--rw supa-policy-metadata-decorator-version-container
| +--rw supa-has-policy-metadata-dec-agg-ptr? II | +--rw supa-policy-metadata-decorator-version-list* [supa-policy-metadata-id]
+--rw supa-policy-metadata-detail-container | +--rw entity-class? identityref
| +--rw supa-policy-metadata-detail-list [supa-policy-ID] | +--rw supa-policy-metadata-id string
| +--rw entity-class? IR | +--rw supa-policy-metadata-description? string
| +--rw supa-policy-ID S | +--rw supa-policy-metadata-name? string
| +--rw supa-policy-name? S | +--rw supa-has-policy-metadata-part-ptr* instance-identifier
| +--rw supa-policy-object-description? S | +--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-has-policy-metadata-dec-agg-ptr? instance-identifier
| +--rw supa-has-policy-metadata-detail-agg-ptr? II +--rw supa-policy-metadata-detail-container
| +--rw supa-has-policy-metadata-detail-part-ptr? II | +--rw supa-policy-metadata-detail-list* [supa-policy-ID]
| +--rw supa-policy-metadata-detail-is-applicable? B | +--rw entity-class? identityref
| +--rw supa-policy-metadata-detail-constraint* S | +--rw supa-policy-ID string
| +--rw supa-policy-metadata-detail-constraint-encoding? PC | +--rw supa-policy-name? string
+--rw supa-policy-component-decorator-detail-container | +--rw supa-policy-object-description? string
| +--rw supa-policy-component-decorator-detail-list* | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
[supa-policy-ID] | +--rw supa-has-policy-metadata-detail-agg-ptr? instance-identifier
| +--rw entity-class? IR | +--rw supa-has-policy-metadata-detail-part-ptr? instance-identifier
| +--rw supa-policy-ID S | +--rw supa-policy-metadata-detail-is-applicable? boolean
| +--rw supa-policy-name? S | +--rw supa-policy-metadata-detail-constraint* string
| +--rw supa-policy-object-description? S | +--rw supa-policy-metadata-detail-constraint-encoding? identityref
| +--rw supa-has-policy-metadata-agg-ptr* II +--rw supa-policy-clause-has-decorator-detail-container
| +--rw supa-has-policy-component-decorator-agg-ptr? II | +--rw supa-policy-component-decorator-detail-list* [supa-policy-ID]
| +--rw supa-has-policy-component-decorator-part-ptr? II | +--rw entity-class? identityref
| +--rw supa-has-decorator-constraint* S | +--rw supa-policy-ID string
| +--rw supa-has-decorator-constraint-encoding PC | +--rw supa-policy-name? string
+--rw supa-policy-source-detail-container | +--rw supa-policy-object-description? string
| +--rw supa-policy-source-detail-list* [supa-policy-ID] | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw entity-class? IR | +--rw supa-has-policy-component-decorator-agg-ptr? instance-identifier
| +--rw supa-policy-ID S | +--rw supa-has-policy-component-decorator-part-ptr? instance-identifier
| +--rw supa-policy-name? S | +--rw supa-has-decorator-constraint* string
| +--rw supa-policy-object-description? S | +--rw supa-has-decorator-constraint-encoding? identityref
| +--rw supa-has-policy-metadata-agg-ptr* II +--rw supa-policy-component-decorator-detail-container
I +--rw supa-has-policy-source-detail-agg-ptr? II | +--rw supa-policy-component-decorator-detail-list* [supa-policy-ID]
I +--rw supa-has-policy-source-detail-part-ptr? II | +--rw entity-class? identityref
I +--rw supa-policy-source-is-authenticated? B | +--rw supa-policy-ID string
I +--rw supa-policy-source-is-trusted? B | +--rw supa-policy-name? string
+--rw supa-policy-target-detail-container | +--rw supa-policy-object-description? string
| +--rw supa-policy-target-detail-list* [supa-policy-ID] | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw entity-class? IR | +--rw supa-has-policy-component-decorator-agg-ptr? instance-identifier
| +--rw supa-policy-ID S | +--rw supa-has-policy-component-decorator-part-ptr? instance-identifier
| +--rw supa-policy-name? S | +--rw supa-has-decorator-constraint* string
| +--rw supa-policy-object-description? S | +--rw supa-has-decorator-constraint-encoding? identityref
| +--rw supa-has-policy-metadata-agg-ptr* II +--rw supa-policy-source-detail-container
I +--rw supa-has-policy-target-detail-agg-ptr? II | +--rw supa-policy-source-detail-list* [supa-policy-ID]
I +--rw supa-has-policy-target-detail-part-ptr? II | +--rw entity-class? identityref
I +--rw supa-policy-target-is-authenticated? B | +--rw supa-policy-ID string
I +--rw supa-policy-target-is-enabled? B | +--rw supa-policy-name? string
+--rw supa-policy-clause-detail-container | +--rw supa-policy-object-description? string
| +--rw supa-policy-clause-detail-list* [supa-policy-ID] | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw entity-class? IR | +--rw supa-has-policy-source-detail-agg-ptr? instance-identifier
| +--rw supa-policy-ID S | +--rw supa-has-policy-source-detail-part-ptr? instance-identifier
| +--rw supa-policy-name? S | +--rw supa-policy-source-is-authenticated? boolean
| +--rw supa-policy-object-description? S | +--rw supa-policy-source-is-trusted? boolean
| +--rw supa-has-policy-metadata-agg-ptr* II +--rw supa-policy-target-detail-container
| +--rw supa-has-policy-clause-detail-agg-ptr? II | +--rw supa-policy-target-detail-list* [supa-policy-ID]
| +--rw supa-has-policy-clause-detail-part-ptr? II | +--rw entity-class? identityref
+--rw supa-policy-exec-fail-take-action-detail-container | +--rw supa-policy-ID string
| +--rw supa-policy-exec-fail-take-action-detail-list* | +--rw supa-policy-name? string
[supa-policy-ID] | +--rw supa-policy-object-description? string
| +--rw entity-class? IR | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-policy-ID S | +--rw supa-has-policy-target-detail-agg-ptr? instance-identifier
| +--rw supa-policy-name? S | +--rw supa-has-policy-target-detail-part-ptr? instance-identifier
| +--rw supa-policy-object-description? S | +--rw supa-policy-target-is-authenticated? boolean
| +--rw supa-has-policy-metadata-agg-ptr* II | +--rw supa-policy-target-is-enabled? boolean
| +--rw supa-has-exec-fail-action-detail-agg-ptr? II +--rw supa-policy-clause-detail-container
| +--rw supa-has-exec-fail-action-detail-part-ptr? II | +--rw supa-policy-clause-detail-list* [supa-policy-ID]
| +--rw supa-policy-exec-fail-take-action-name* S | +--rw entity-class? identityref
+--rw supa-policy-metadata-decorator-detail-container | +--rw supa-policy-ID string
+--rw supa-policy-metadata-decorator-detail-list* | +--rw supa-policy-name? string
[supa-policy-metadata-id] | +--rw supa-policy-object-description? string
+--rw entity-class? IR | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
+--rw supa-policy-metadata-id S | +--rw supa-has-policy-clause-detail-agg-ptr* instance-identifier
+--rw supa-policy-metadata-description? S | +--rw supa-has-policy-clause-detail-part-ptr? instance-identifier
+--rw supa-policy-metadata-name? S +--rw supa-policy-exec-fail-take-action-detail-container
+--rw supa-has-policy-metadata-part-ptr* II | +--rw supa-policy-exec-fail-take-action-detail-list* [supa-policy-ID]
+--rw supa-has-policy-metadata-dec-part-ptr* II | +--rw entity-class? identityref
+--rw supa-has-policy-metadata-detail-dec-agg-ptr? II | +--rw supa-policy-ID string
+--rw supa-has-policy-metadata-detail-dec-part-ptr? II | +--rw supa-policy-name? string
| +--rw supa-policy-object-description? string
| +--rw supa-has-policy-metadata-agg-ptr* instance-identifier
| +--rw supa-has-exec-fail-action-detail-agg-ptr? instance-identifier
| +--rw supa-has-exec-fail-action-detail-part-ptr? instance-identifier
| +--rw supa-policy-exec-fail-take-action-name* string
+--rw supa-policy-metadata-decorator-detail-container
+--rw supa-policy-metadata-decorator-detail-list* [supa-policy-metadata-id]
+--rw entity-class? identityref
+--rw supa-policy-metadata-id string
+--rw supa-policy-metadata-description? string
+--rw supa-policy-metadata-name? string
+--rw supa-has-policy-metadata-part-ptr* instance-identifier
+--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier
+--rw supa-has-policy-metadata-detail-dec-agg-ptr? instance-identifier
+--rw supa-has-policy-metadata-detail-dec-part-ptr? instance-identifier
5. SUPA Policy Data Model YANG Module 5. SUPA Policy Data Model YANG Module
The SUPA YANG data model module is divided into two main parts: The SUPA YANG data model module is divided into two main parts:
1) a set of containers that represent the objects that make 1) a set of containers that represent the objects that make
updated a Policy Rule and its Policy Rule Components updated a Policy Rule and its Policy Rule Components
2) a set of containers that represent the objects that define and 2) a set of containers that represent the objects that define and
apply metadata to Policy Rules and/or Policy Rule Components apply metadata to Policy Rules and/or Policy Rule Components
Editor's note: This will be described in more detail in version 03 <CODE BEGINS> file "ietf-supa-policy@2017-06-16.yang"
<CODE BEGINS> file "ietf-supa-policy@2016-10-10.yang"
module ietf-supa-policy { module ietf-supa-policy {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policy"; namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policy";
prefix supa-pdm; prefix supa-pdm;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
skipping to change at page 13, line 26 skipping to change at page 12, line 36
organization "IETF"; organization "IETF";
contact contact
"Editor: Joel Halpern "Editor: Joel Halpern
email: jmh@joelhalpern.com; email: jmh@joelhalpern.com;
Editor: John Strassner Editor: John Strassner
email: strazpdj@gmail.com;"; email: strazpdj@gmail.com;";
description description
"This module defines a data model for generic high level "This module defines a data model for generic high level
definition of policies to be applied to a network. definition of policies to be applied to a network.
This module is derived from and aligns with This module is derived from, and aligns with,
draft-ietf-supa-generic-policy-info-model-01. draft-ietf-supa-generic-policy-info-model-03. Details on all
Details on all classes, associations, and attributes classes, associations, and attributes can be found there.
can be found there.
Copyright (c) 2015 IETF Trust and the persons identified Copyright (c) 2015 IETF Trust and the persons identified
as the document authors. All rights reserved. as the document authors. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info)."; (http://trustee.ietf.org/license-info).";
revision "2017-04-15" { revision "2017-06-16" {
description description
"20170415: Updated SUPABooleanClause based on "20170616: Implemented changes from supa IM v3. This
implementation experience from SNMPO example; includes adding new objects (classes and
relationships) corresponding to the new
formulation of the decorator pattern. Changed
enums to identities per IETF98 discussion.
20170415: Updated SUPABooleanClause based on
implementation experience from SNMP example;
reworded definitions of supaPolMetadataID and reworded definitions of supaPolMetadataID and
supaEncodedClauseEncoding attribute. supaEncodedClauseEncoding attribute.
20170117: updated class and attribute names in the YANG 20170117: updated class and attribute names in the YANG
to match those in the IM, except where noted. to match those in the IM, except where noted.
20161210: Incorporated input from IISOMI 20161210: Incorporated input from IISOMI.
20161010: Changed back to transitive identities (to 20161010: Changed back to transitive identities (to
enforce inheritance) after determining that enforce inheritance) after determining that
errors were from a confdc bug. errors were from a confdc bug.
20161008: Fixed errors found in latest pyang compiler 20161008: Fixed errors found in latest pyang compiler
and from YANG Doctors. and from YANG Doctors.
20161001: Minor edits in association definitions. 20161001: Minor edits in association definitions.
20160928: Generated yang tree. 20160928: Generated yang tree.
20160924: Rewrote association documentation; rebuilt 20160924: Rewrote association documentation; rebuilt
how all classes are named for consistency. how all classes are named for consistency.
20160904: Optimization of module by eliminating leaves 20160904: Optimization of module by eliminating leaves
that are not needed; rewrote section 4. that are not needed; rewrote section 4.
20160824: Edits to sync data model to info model. 20160824: Edits to sync data model to info model.
20160720: Conversion to WG draft. Fixed pyang 1.1 20160720: Conversion to WG draft. Fixed pyang 1.1
compilation errors. Fixed must clause compilation errors. Fixed must clause
derefencing used in grouping statements. derefencing used in grouping statements.
Reformatted and expanded descriptions. Reformatted and expanded descriptions.
Fixed various typos. Fixed various typos.
skipping to change at page 14, line 17 skipping to change at page 13, line 31
20160904: Optimization of module by eliminating leaves 20160904: Optimization of module by eliminating leaves
that are not needed; rewrote section 4. that are not needed; rewrote section 4.
20160824: Edits to sync data model to info model. 20160824: Edits to sync data model to info model.
20160720: Conversion to WG draft. Fixed pyang 1.1 20160720: Conversion to WG draft. Fixed pyang 1.1
compilation errors. Fixed must clause compilation errors. Fixed must clause
derefencing used in grouping statements. derefencing used in grouping statements.
Reformatted and expanded descriptions. Reformatted and expanded descriptions.
Fixed various typos. Fixed various typos.
20160321: Initial version."; 20160321: Initial version.";
reference reference
"draft-ietf-supa-policy-data-model-02"; "draft-ietf-supa-policy-data-model-03";
} }
typedef policy-constraint-language-list { // The following replaces enumerations with identities. This is because
type enumeration { // YANG enumerations are not extensible in sub-models. Therefore, we
enum "error" { // define a base identity for each enumerated list, and then derive an
description // identity for each currently defined value in the enumeration. This
"This signifies an error state."; // enables new values to be added by models that extend this model.
}
enum "init" { identity POLICY-CONSTRAINT-LANGUAGE-LIST {
description
"This signifies a generic initialization state.";
}
enum "OCL2.4" {
description
"Object Constraint Language v2.4 [2]. This is a
declarative language for describing rules for
defining constraints and query expressions.";
}
enum "OCL2.x" {
description
"Object Constraint Language, v2.0 through 2.3.1
[2].";
}
enum "OCL1.x" {
description
"Object Constraint Language, any version prior
to v2.0 [3].";
}
enum "QVT1.2 Relational Language" {
description
"QVT Relational Language [5].";
}
enum "QVT1.2 Operational Language" {
description
"QVT Operational Language [5].";
}
enum "Alloy" {
description
"A language for defining structures and
and relations using constraints [4].";
}
enum "Text" {
description
"The constraints are written in plain text.";
}
}
description description
"The language used to encode the constraints that "The language used to encode the constraints that are
relevant to the relationship between the metadata relevant to the relationship between the metadata
and the underlying policy object."; and the underlying policy object.";
} }
typedef policy-data-type-id-encoding-list { identity PCLL-ERROR {
type enumeration { base POLICY-CONSTRAINT-LANGUAGE-LIST;
enum "error" { description
description "This signifies an error state for a policy constraint
"This signifies an error state."; language assignment.";
} }
enum "init" { identity PCLL-INIT {
description base POLICY-CONSTRAINT-LANGUAGE-LIST;
"This signifies a generic initialization state."; description
} "This signifies a generic initialization state, meaning
enum "primary_key" { that the policy constraint language assignment can now
description be made.";
"This represents the primary key of a table, which }
uniquely identifies each record in that table.
It MUST NOT be NULL. It MAY consist of a single identity PCLL-OCL2.4 {
or multiple fields. Note that a YANG data model base POLICY-CONSTRAINT-LANGUAGE-LIST;
implementation does NOT have to implement this description
enumeration."; "This defines OCL2.4 [2] as the policy constraint language
} list to be used.";
enum "foreign_key" { }
description
"This represents the foreign key, which is a set identity PCLL-OCL2.x {
or more fields in one table that uniquely base POLICY-CONSTRAINT-LANGUAGE-LIST;
identify a row in another table. It MAY be description
NULL. Note that a YANG data model implementation "This defines the use of OCL2.0 - OCL2.3.1 [2] as the
does NOT have to implement this enumeration."; policy constraint language list to be used.";
} }
enum "GUID" {
description identity PCLL-OCL1.x {
"The object is referenced by this GUID."; base POLICY-CONSTRAINT-LANGUAGE-LIST;
} description
enum "UUID" { "This defines OCL1.x [3] as the policy constraint language
description list to be used.";
"The object is referenced by this UUID."; }
}
enum "URI" { identity PCLL-QVT1.2R {
description base POLICY-CONSTRAINT-LANGUAGE-LIST;
"The object is referenced by this URI."; description
} "This defines the use of QVT Relational Language [5] as the
enum "FQDN" { policy constraint language list to be used.";
description }
"The object is referenced by this FQDN.";
} identity PCLL-QVT1.2O {
enum "FQPN" { base POLICY-CONSTRAINT-LANGUAGE-LIST;
description description
"The object is referenced by this FQPN. Note that "This defines the use of QVT Operational Language [5] as
FQPNs assume that all components can access a the policy constraint language list to be used.";
single logical file repostory."; }
}
enum "string_instance_id" { identity PCLL-ALLOY {
description base POLICY-CONSTRAINT-LANGUAGE-LIST;
"A string that is the canonical representation, description
in ASCII, of an instance ID of this object."; "This defines the use of Alloy [4] as the policy constraint
} language list to be used. Alloy is a language for
} defining constraints, and uses a SAT solver to
guarantee correctness.";
}
identity PCLL-TEXT {
base POLICY-CONSTRAINT-LANGUAGE-LIST;
description
"This defines the use of plain text as the policy constraint
language list to be used. This option is NOT recommended,
since it is informal and hence, not verifiable.";
}
identity POLICY-DATA-TYPE-ID-ENCODING-LIST {
description description
"The list of possible data types used to represent object "The list of possible data types used to represent object
IDs for all SUPA object instances."; IDs for all SUPA object instances.";
} }
typedef policy-data-type-encoding-list { identity PDTIEL-ERROR {
type enumeration { base POLICY-DATA-TYPE-ID-ENCODING-LIST;
enum "error" {
description
"This signifies an error state.";
}
enum "init" {
description
"This signifies an initialization state.";
}
enum "string" {
description
"This represents a string data type.";
}
enum "integer" {
description
"This represents an integer data type.";
}
enum "boolean" {
description
"This represents a Boolean data type.";
}
enum "floating point" {
description
"This represents a floating point data type.";
}
enum "date-and-time" {
description
"This represents a data type that can specify
date and/or time.";
}
enum "GUID" {
description
"This represents a GUID data type.";
}
enum "UUID" {
description
"This represents a UUID data type.";
}
enum "URI" {
description
"This represents a URI data type.";
}
enum "DN" {
description
"This represents a DN data type.";
}
enum "FQDN" {
description
"The object is referenced by this FQDN.";
}
enum "FQPN" {
description
"The object is referenced by this FQPN. Note that
FQPNs assume that all components can access a
single logical file repostory.";
}
enum "NULL" {
description
"This represents a NULL data type. NULL means the
absence of an actual value. NULL is frequently
used to represent a missing or invalid value.";
}
enum "string_instance_id" {
description
"A string that is the canonical representation,
in ASCII, of an instance ID of this object.";
}
}
description description
"The set of allowable data types used to encode "This signifies an error state for a policy data type ID
multi-valued SUPA Policy attributes."; encoding assignment.";
}
identity PDTIEL-INIT {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This signifies a generic initialization state, meaning
that the policy data type ID encoding assignment can now
be made.";
}
identity PDTIEL-PK {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents the primary key of a table, which
uniquely identifies each record in that table.
It MUST NOT be NULL. It MAY consist of a single
or multiple fields. Note that a YANG data model
implementation does NOT have to implement this feature.";
}
identity PDTIEL-FK {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents the foreign key of a table, which
uniquely identifies each record in that table.
It MUST NOT be NULL. It MAY consist of a single
or multiple fields. Note that a YANG data model
implementation does NOT have to implement this feature.";
}
identity PDTIEL-GUID {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents an object instance that is referenced by
this GUID.";
}
identity PDTIEL-UUID {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents an object instance that is referenced by
this UUID.";
}
identity PDTIEL-URI {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents an object instance that is referenced by
this URI.";
}
identity PDTIEL-FQDN {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents an object instance that is referenced by
this FQDN.";
}
identity PDTIEL-FQPN {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents an object instance that is referenced by
this FQPN. Note that FQPNs assume that all components can
access a single logical file repostory.";
}
identity PDTIEL-STRING-ID {
base POLICY-DATA-TYPE-ID-ENCODING-LIST;
description
"This represents an object instance that is referenced by
this string instance id. Here, a string instance id is the
canonical representation, in ASCII, of an instance ID of
this object instance.";
}
identity POLICY-DATA-TYPE-ENCODING-LIST {
description
"The set of allowable data types used to encode single-
and multi-valued SUPA Policy attributes.";
}
identity PDTEL-ERROR {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This signifies an error state for a policy data type
encoding assignment.";
}
identity PDTEL-INIT {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This signifies a generic initialization state, meaning
that the policy data type encoding assignment can now
be made.";
}
identity PDTEL-STRING {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a string data type.";
}
identity PDTEL-INTEGER {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents an integer data type.";
}
identity PDTEL-BOOLEAN {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a Boolean data type.";
}
identity PDTEL-FLOAT {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a floating point data type.";
}
identity PDTEL-DATETIME {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a data type that can specify
date and/or time.";
}
identity PDTEL-GUID {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a GUID data type.";
}
identity PDTEL-UUID {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a UUID data type.";
}
identity PDTEL-URI {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a URI data type.";
}
identity PDTEL-DN {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a DN data type.";
}
identity PDTEL-FQDN {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents an FQDN data type.";
}
identity PDTEL-FQPN {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents an FQPN data type. Note that FQPNs assume
that all components can access a single logical
file repostory.";
}
identity PDTEL-NULL {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents a NULL data type. NULL means that this
data type MAY not contain an actual value. This data type
may be used to represent a missing or invalid value.";
}
identity PDTEL-STRING-ID {
base POLICY-DATA-TYPE-ENCODING-LIST;
description
"This represents an object instance that is defined by
this string instance id. Here, a string instance id is the
canonical representation, in ASCII, of an instance ID of
this object instance.";
}
identity POLICY-DEPLOY-STATUS-LIST {
description
"This represents the current deployment status of this
object (e.g., either a SUPAPolicyStructure or a
SUPAPolicyClause object instance).";
}
identity PDSL-ERROR {
base POLICY-DEPLOY-STATUS-LIST;
description
"This signifies an error state for assigning the deployment
status of this object.";
}
identity PDSL-INIT {
base POLICY-DEPLOY-STATUS-LIST;
description
"This signifies a generic initialization state, meaning
that the deploy status assignment of this object can now
be made.";
}
identity PDSL-READY {
base POLICY-DEPLOY-STATUS-LIST;
description
"This defines the deployment status of this object as
deployed in the system and currently enabled.";
}
identity PDSL-TEST {
base POLICY-DEPLOY-STATUS-LIST;
description
"This defines the deployment status of this object as
deployed in the system but is currently in a test state,
and SHOULD NOT be used in OAM&P policies.";
}
identity PDSL-DISABLED {
base POLICY-DEPLOY-STATUS-LIST;
description
"This defines the deployment status of this object as
deployed in the system, but has been administratively
DISABLED. It MUST NOT be used in OAM&P policies.";
}
identity PDSL-OK-TO-DEPLOY {
base POLICY-DEPLOY-STATUS-LIST;
description
"This defines the deployment status of this object as
initialized and ready to be deployed.";
}
identity PDSL-NOT-OK {
base POLICY-DEPLOY-STATUS-LIST;
description
"This defines the deployment status of this object as
NOT ready for deployment into the system.";
} }
// Identities are used in this model as a means to provide simple // Identities are used in this model as a means to provide simple
// introspection to allow an instance-identifier to be tested as to // introspection to allow an instance-identifier to be tested as to
// what class it represents. This allows must clauses to specify // what class it represents. This allows must clauses to specify
// that the target of a particular instance-identifier leaf must be a // that the target of a particular instance-identifier leaf must be a
// specific class, or within a certain branch of the inheritance tree. // specific class, or within a certain branch of the inheritance tree.
// This depends upon the ability to refine the entity class default // This depends upon the ability to refine the entity class default
// value. The entity class should be read-only. However, as this is // value. The entity class should be read-only. However, as this is
// the target of a MUST condition, it cannot be config-false. Also, // the target of a MUST condition, it cannot be config-false. Also,
// it appears that we cannot put a MUST condition on its definition, // it appears that we cannot put a MUST condition on its definition,
// as the default (actual) value changes for each inherited object. // as the default (actual) value changes for each inherited object.
// Finally, note that since identities are irreflexive, we define a // Finally, note that since identities are irreflexive, we define a
// parent identitym called SUPA-ROOT-TYPE, to serve as the single root // parent identity, called SUPA-ROOT-TYPE, to serve as the single root
// from which all identity statements are derived. // from which all identity statements are derived.
identity SUPA-ROOT-TYPE { identity SUPA-ROOT-TYPE {
description description
"The identity corresponding to a single root for all "The identity corresponding to a single root for all
identities in the SUPA Data Model. Note that section identities in the SUPA Data Model. Note that section
7.18.2 in [RFC7950] says that identity derivation is 7.18.2 in [RFC7950] says that identity derivation is
irreflexive (i.e., an identity cannot be derived irreflexive (i.e., an identity cannot be derived
from itself."; from itself.";
} }
skipping to change at page 19, line 7 skipping to change at page 21, line 7
description description
"The identifier of the class of this grouping."; "The identifier of the class of this grouping.";
} }
leaf supa-policy-ID { leaf supa-policy-ID {
type string; type string;
mandatory true; mandatory true;
description description
"The string identifier of this policy object, which "The string identifier of this policy object, which
functions as the unique object identifier of this functions as the unique object identifier of this
object instance. This attribute MUST be unique within object instance. This attribute MUST be unique within
the policy system. This attribute is named the policy system.
supaPolObjIDContent in [1], and is used with another This attribute is named supaPolObjIDContent in [1],
attribute (supaPolObIDEncoding); since the YANG data and is used with the supaPolObIDEncoding class
attribute to define a namespace. Since the YANG data
model does not need this genericity, the model does not need this genericity, the
supaPolObjIDContent attribute was renamed, and the supaPolObjIDContent attribute was renamed, and the
supaObjectIDEncoding attribute was removed."; supaObjectIDEncoding attribute was removed.";
} }
leaf supa-policy-name { leaf supa-policy-name {
type string; type string;
description description
"A human-readable name for this policy object. Note "A human-readable name for this policy object. Note
that this is NOT the object ID."; that this is NOT the object ID.";
} }
skipping to change at page 19, line 51 skipping to change at page 21, line 52
} }
description description
"This represents the SUPAPolicyObject [1] class. It is the "This represents the SUPAPolicyObject [1] class. It is the
superclass for all SUPA Policy objects (i.e., all objects superclass for all SUPA Policy objects (i.e., all objects
that are either Policies or components of Policies). Note that are either Policies or components of Policies). Note
that SUPA Policy Metadata objects are NOT subclassed from that SUPA Policy Metadata objects are NOT subclassed from
this class; they are instead subclassed from the this class; they are instead subclassed from the
SUPAPolicyMetadata (i.e., supa-policy-metadata-type) SUPAPolicyMetadata (i.e., supa-policy-metadata-type)
object. This class (supa-policy-object-type) is used to object. This class (supa-policy-object-type) is used to
define common attributes and relationships that all SUPA define common attributes and relationships that all SUPA
Policy subclasses inherit. It MAY be augmented with a set Policy subclasses inherit.
of zero or more SUPAPolicyMetadata objects using the
SUPAHasPolicyMetadata association, which is represented It MAY be augmented with a set of zero or more
by the supa-has-policy-metadata-agg leaf-list."; SUPAPolicyMetadata objects using the SUPAHasPolicyMetadata
association, which is represented by the
supa-has-policy-metadata-agg leaf-list.";
} }
identity POLICY-COMPONENT-TYPE { identity POLICY-COMPONENT-TYPE {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAPolicyComponentStructure object instance."; SUPAPolicyComponentStructure object instance.";
} }
grouping supa-policy-component-structure-type { grouping supa-policy-component-structure-type {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
skipping to change at page 20, line 17 skipping to change at page 22, line 24
"The identity corresponding to a "The identity corresponding to a
SUPAPolicyComponentStructure object instance."; SUPAPolicyComponentStructure object instance.";
} }
grouping supa-policy-component-structure-type { grouping supa-policy-component-structure-type {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-TYPE; default POLICY-COMPONENT-TYPE;
} }
} }
leaf supa-has-policy-component-decorator-part-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC')";
mandatory true;
description
"This leaf holds instance-identifiers that
reference a SUPAHasDecoratedPolicyComponent
association [1], and is represented by the grouping
supa-has-decorator-policy-component-detail. This
association describes how each
SUPAPolicyComponentStructure instance is related to a
given SUPAPolicyComponentDecorator instance. Multiple
SUPAPolicyComponentDecorator instances may be attached
to a SUPAPolicyComponentStructure instance that is
referenced in this association by using the Decorator
pattern [1]. Since this association class contains
attributes, the instance-identifier MUST point to an
instance using the grouping
supa-has-decorator-policy-component-detail (which
includes subclasses of this association class).";
}
description description
"This represents the SUPAPolicyComponent class [1], which is "This represents the SUPAPolicyComponent class [1], which
the superclass for all objects that represent different is the superclass for all objects that represent
components of a Policy. Important subclasses include the different components of a Policy. Important subclasses
SUPAPolicyClause and the SUPAPolicyComponentDecorator. include the SUPAPolicyClause and the
This object is the root of the Decorator pattern [1]; as SUPAPolicyClauseComponentDecorator. SUPAPolicyClause is
such, it enables all of its concrete subclasses to be used to build reusable clauses for SUPAPolicies, and
wrapped with other concrete subclasses of the SUPAPolicyClauseComponentDecorator is used to dynamically
SUPAPolicyComponentDecorator class."; add and remove components of a SUPAPolicyClause. This
enables the model to be changed at runtime without
requiring recompiling and redeploying.";
} }
identity POLICY-COMPONENT-DECORATOR-TYPE {
base POLICY-COMPONENT-TYPE;
description
"The identity corresponding to a
SUPAPolicyComponentDecorator object instance.";
}
grouping supa-policy-component-decorator-type {
uses supa-policy-component-structure-type {
refine entity-class {
default POLICY-COMPONENT-DECORATOR-TYPE;
}
}
leaf-list supa-has-policy-component-decorator-agg-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC')";
min-elements 1;
description
"This leaf-list holds instance-identifiers that
reference a SUPAHasDecoratedPolicyComponent
association [1]. This association is represented by the
grouping supa-has-decorator-policy-component-detail.
This leaf-list helps implement the Decorator pattern
[1], which enables all or part of one or more object
instances to wrap another object instance. For
example, any concrete subclass of SUPAPolicyClause,
such as SUPAEncodedClause, may be wrapped by any
concrete subclass of SUPAPolicyComponentDecorator
(e.g., SUPAPolicyEvent). Since this association class
contains attributes, the instance-identifier MUST
point to an instance using the grouping
supa-has-decorator-policy-component-detail (which
includes subclasses of this association class).";
}
leaf-list supa-decorator-constraints {
type string;
description
"This is a set of constraint expressions that are
applied to this decorator, allowing the specification
of details not captured in its subclasses, using an
appropriate constraint language that is specified in
the supa-has-decorator-constraint-encoding leaf.";
}
leaf supa-has-decorator-constraint-encoding {
type policy-constraint-language-list;
description
"The language in which the constraints on the
policy component decorator is expressed. Examples
include OCL 2.4 [2], Alloy [3], and English text.";
}
description
"This object implements the Decorator pattern [1], which
enables all or part of one or more concrete objects to
wrap another concrete object.";
}
identity POLICY-COMPONENT-CLAUSE-TYPE { identity POLICY-COMPONENT-CLAUSE-TYPE {
base POLICY-COMPONENT-TYPE; base POLICY-COMPONENT-TYPE;
description description
"The identity corresponding to a SUPAPolicyClause "The identity corresponding to a SUPAPolicyClause
object instance."; object instance.";
} }
grouping supa-policy-clause-type { grouping supa-policy-clause-type {
uses supa-policy-component-structure-type { uses supa-policy-component-structure-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-CLAUSE-TYPE; default POLICY-COMPONENT-CLAUSE-TYPE;
} }
} }
leaf supa-policy-clause-deploy-status { leaf supa-policy-clause-deploy-status {
type enumeration { type identityref {
enum "error" { base POLICY-DEPLOY-STATUS-LIST;
description
"This signifies an error state. OAM&P Policies
SHOULD NOT use this SUPAPolicyClause if the
value of this attribute is error.";
}
enum "init" {
description
"This signifies an initialization state.";
}
enum "deployed and enabled" {
description
"This SUPAPolicyClause has been deployed in
the system and is currently enabled.";
}
enum "deployed and in test" {
description
"This SUPAPolicyClause has been deployed in the
system, but is currently in a test state and
SHOULD NOT be used in OAM&P policies.";
}
enum "deployed but not enabled" {
description
"This SUPAPolicyClause has been deployed in the
system, but has been administratively
disabled. Therefore, it MUST NOT be used in
OAM&P Policies.";
}
enum "ready to be deployed" {
description
"This SUPAPolicyClause has been properly
initialized, and is now ready to be deployed.";
}
enum "cannot be deployed" {
description
"This SUPAPolicyClause has been administratively
disabled, and MUST NOT be used as part of
an OAM&P policy.";
}
} }
mandatory true; mandatory true;
description description
"This defines whether this SUPAPolicy has been "This defines whether this SUPAPolicy has been
deployed and, if so, whether it is enabled and deployed and, if so, whether it is enabled and
ready to be used or not."; ready to be used or not.";
} }
leaf-list supa-has-policy-clause-part-ptr { leaf-list supa-has-policy-clause-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
'SUPA-HAS-POLICY-CLAUSE-ASSOC')"; 'SUPA-HAS-POLICY-CLAUSE-ASSOC')";
min-elements 1;
description description
"This leaf-list holds instance-identifiers that "This leaf-list holds instance-identifiers that
reference a SUPAHasPolicyClause association [1], reference a SUPAHasPolicyClause aggregation [1],
and is represented by the grouping and is represented by the grouping
supa-has-policy-clause-detail. This association supa-has-policy-clause-detail. This aggregation
describes how each SUPAPolicyClause instance is describes how each SUPAPolicyClause instance is
related to this particular SUPAPolicyStructure related to this particular SUPAPolicyStructure
instance. For example, this association may restrict instance. For example, this aggregation may restrict
which concrete subclasses of the SUPAPolicyStructure which concrete subclasses of the SUPAPolicyStructure
class can be associated with which contrete subclasses class can be associated with which contrete subclasses
of the SUPAPolicyClause class. The set of of the SUPAPolicyClause class. The set of
SUPAPolicyClauses, identified by this leaf-list, SUPAPolicyClauses, identified by this leaf-list,
define the content of this SUPAPolicyStructure. define the content of this SUPAPolicyStructure.
Since this association class contains attributes, the Since this association class contains attributes, the
instance-identifier MUST point to an instance using instance-identifier MUST point to an instance using
the grouping supa-has-policy-clause-detail (which the grouping supa-has-policy-clause-detail (which
includes subclasses of this association class)."; includes subclasses of this association class).";
} }
leaf-list supa-policy-clause-has-decorator-agg-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
description
"This leaf-list holds instance-identifiers that
reference a SUPAPolicyClauseHasDecorator aggregation
[1], and is represented by the grouping
supa-policy-clause-has-decorator-detail. This
aggregation describes how each SUPAPolicyClause
object instance is decorated (i.e., wrapped) by zero
or more SUPAPolicyClauseComponentDecorator object
instances. For example, this aggregation may restrict
which concrete subclasses of the
SUPAPolicyClauseComponentDecorator class can wrap
this particular contrete subclass of the
SUPAPolicyClause class. The set of SUPAPolicyClauses,
identified by this leaf-list, define the content of
this SUPAPolicyStructure that they are associated
with (via the SUPAHasPolicyClause aggregation).
Since this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-policy-clause-has-decorator-detail
(which includes subclasses of this association
class). Note that (concrete) subclasses of this
association class may also be used to further refine
the semantics of this aggregation.";
}
description description
"The parent class for all SUPA Policy Clauses. A "The parent class for all SUPA Policy Clauses. A
SUPAPolicyClause is a fundamental building block for SUPAPolicyClause is a fundamental building block for
creating SUPA Policies. A SUPAPolicy is a set of creating SUPA Policies. A SUPAPolicy is a set of
statements, and a SUPAPolicyClause can be thought of as all statements, and a SUPAPolicyClause can be thought of as all
or part of a statement. The Decorator pattern [1] is used, or part of a statement. The Decorator pattern [1] is used,
which enables the contents of a SUPAPolicyClause to be which enables the contents of a SUPAPolicyClause to be
adjusted dynamically at runtime without affecting other adjusted dynamically at runtime without affecting other
objects of either type."; objects of either type. For example, new content can be
dynamically added or removed by wrapping a SUPAPolicyClause
with additional object instances. Every SUPAPolicy MUST
have at least one SUPAPolicyClause.";
} }
identity POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE {
base POLICY-COMPONENT-TYPE;
description
"The identity corresponding to a
SUPAPolicyClauseComponentDecorator object instance.";
}
grouping supa-policy-clause-component-decorator-type {
uses supa-policy-component-structure-type {
refine entity-class {
default POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE;
}
}
leaf-list supa-policy-clause-has-decorator-part-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
description
"This leaf holds instance-identifiers that
reference a SUPAPolicyClauseHasDecorator aggregation,
[1], and is represented by the grouping
supa-policy-clause-has-decorator-detail. This
aggregation describes how each
SUPAPolicyClauseComponentDecorator object instance
wraps a given SUPAPolicyClause object instance. This
enables the behavior of a SUPAPolicyClause object
instance to be changed dynamically by attaching and/or
removing SUPAPolicyClauseComponentDecorator object
instances.
Multiple SUPAPolicyClauseComponentDecorator object
instances instances may be attached to a
SUPAPolicyClause object instance that is referenced in
this aggregation by using the Decorator pattern [1].
Since this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-policy-clause-has-decorator-detail.
Note that (concrete) subclasses of this association
class may also be used to further refine the semantics
of this aggregation.";
}
leaf supa-has-decorated-policy-component-part-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')";
description
"This leaf holds instance-identifiers that
reference a SUPAHasDecoratedPolicyComponent
aggregation [1], and is represented by the grouping
supa-has-decorated-policy-component-detail. This
aggregation describes how each
SUPAPolicyClauseComponentDecorator instance is wrapped
by a given SUPAPolicyComponentDecorator instance.
Multiple SUPAPolicyComponentDecorator instances may be
attached to a SUPAPolicyClauseComponentDecorator
instance that is referenced in this aggregation by
using the Decorator pattern [1]. Since this
association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping
supa-has-decorated-policy-component-detail.";
}
leaf-list supa-pol-clause-constraint {
type string;
description
"This is a set of constraint expressions that are
applied to this decorator object instance. These
constraints restrict the semantics of this object
instance, and hence, restrict how these objects
interact with the SUPAPolicyClause object instance
that is aggregating them. For example, this attribute
could restrict how a concrete subclass, such as
SUPAPolicyEvent, is used. The constraints are defined
using an appropriate constraint language that is
specified in the supa-pol-clause-constraint-encoding
leaf.";
}
leaf supa-pol-clause-constraint-encoding {
type identityref {
base POLICY-CONSTRAINT-LANGUAGE-LIST;
}
description
"The language in which the constraints on the
SUPAPolicyClauseComponentDecorator is expressed.
Examples include OCL 2.4 [2], Alloy [3], and
English text.";
}
description
"This object implements the Decorator pattern [1], which
enables all or part of one or more concrete objects to
wrap another concrete object. The set of decorated
objects is then wrapped by a concrete subclass of the
SUPAPolicyClause object, which enables the
SUPAPolicyClause object to be changed dynamically at
runtime without recompilation or redeployment.";
}
identity POLICY-COMPONENT-DECORATOR-TYPE {
base POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE;
description
"The identity corresponding to a
SUPAPolicyComponentDecorator object instance.";
}
grouping supa-policy-component-decorator-type {
uses supa-policy-clause-component-decorator-type {
refine entity-class {
default POLICY-COMPONENT-DECORATOR-TYPE;
}
}
leaf-list supa-has-decorated-policy-component-agg-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')";
description
"This leaf holds instance-identifiers that
reference a SUPAHasDecoratedPolicyComponent
aggregation [1], and is represented by the grouping
supa-has-decorated-policy-component-detail. This
aggregation describes how each
SUPAPolicyComponentDecorator instance wraps a given
SUPAPolicyClauseComponentDecorator instance.
Multiple SUPAPolicyComponentDecorator instances may be
attached to a SUPAPolicyClauseComponentDecorator
instance that is referenced in this aggregation by
using the Decorator pattern [1]. Since this
association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping
supa-has-decorated-policy-component-detail.";
}
leaf-list supa-pol-comp-constraint {
type string;
description
"This is a set of constraint expressions that are
applied to this decorator object instance. These
constraints restrict the semantics of this object
instance, and hence, restrict how these objects
interact with the SUPAPolicyClauseComponentDecorator
object instance that they are wrapping. For example,
this attribute could restrict how a concrete subclass
of SUPAPolicyComponentDecorator is used. The
constraints are defined using an appropriate constraint
language that is specified in the
supa-pol-comp-constraint-encoding leaf.";
}
leaf supa-pol-comp-constraint-encoding {
type identityref {
base POLICY-CONSTRAINT-LANGUAGE-LIST;
}
description
"The language in which constraints on the
SUPAPolicyComponentDecorator is expressed.
Examples include OCL 2.4 [2], Alloy [3], and
English text.";
}
description
"This object implements the Decorator pattern [1], which
enables all or part of one or more concrete objects of
the SUPAPolicyClauseComponentDecorator class to create a
set of wrapped objects that are in turn aggregated by a
SUPAPolicyClause object. This enables the SUPAPolicyClause
object to be changed dynamically at runtime without
recompilation or redeployment.";
}
identity POLICY-ENCODED-CLAUSE-TYPE { identity POLICY-ENCODED-CLAUSE-TYPE {
base POLICY-COMPONENT-CLAUSE-TYPE; base POLICY-COMPONENT-CLAUSE-TYPE;
description description
"The identity corresponding to a SUPAEncodedClause "The identity corresponding to a SUPAEncodedClause
object instance."; object instance.";
} }
grouping supa-encoded-clause-type { grouping supa-encoded-clause-type {
uses supa-policy-clause-type { uses supa-policy-clause-type {
refine entity-class { refine entity-class {
skipping to change at page 25, line 12 skipping to change at page 28, line 47
this SUPAEncodedClause object instance."; this SUPAEncodedClause object instance.";
} }
enum "TL1" { enum "TL1" {
description description
"This defines the language as a type of "This defines the language as a type of
Transaction Language 1. Additional details may Transaction Language 1. Additional details may
be provided by attaching a SUPAPolicyMetadata be provided by attaching a SUPAPolicyMetadata
object to this SUPAEncodedClause object object to this SUPAEncodedClause object
instance."; instance.";
} }
enum "Text" { enum "Text" {
description description
"This is a textual string that can be used to "This is a textual string that can be used to
define a language choice that is not listed define a language choice that is not listed
by a specific enumerated value. This string by a specific enumerated value. This string
MUST be parsed by the policy system to MUST be parsed by the policy system to
identify the language being used. A identify the language being used.
SUPAPolicyMetadata object (represented as a
A SUPAPolicyMetadata object (represented as a
supa-policy-metadata-type leaf) can be used to supa-policy-metadata-type leaf) can be used to
provide further details about the language"; provide further details about the language";
} }
} }
mandatory true; mandatory true;
description description
"Indicates the language used for this SUPAEncodedClause "Indicates the language used for this SUPAEncodedClause
object instance. Prescriptive and/or descriptive object instance. Prescriptive and/or descriptive
information about the usage of this SUPAEncodedClause information about the usage of this SUPAEncodedClause
may be provided by one or more SUPAPolicyMetadata may be provided by one or more SUPAPolicyMetadata
skipping to change at page 29, line 24 skipping to change at page 33, line 4
"An operator that determines whether a given "An operator that determines whether a given
value is within a specified range of values. value is within a specified range of values.
Note that this is an inclusive operator."; Note that this is an inclusive operator.";
} }
} }
mandatory true; mandatory true;
description description
"The type of operator used to compare the variable "The type of operator used to compare the variable
and value portions of this SUPAPolicyTerm."; and value portions of this SUPAPolicyTerm.";
} }
description description
"This is one formulation of a SUPA Policy Clause. It uses "This is one formulation of a SUPA Policy Clause. It uses
the canonical form of an expression, which is a three-tuple the canonical form of an expression, which is a three-tuple
in the form {variable, operator, value}. In this approach, in the form {variable, operator, value}. In this approach,
each of the three terms can either be a subclass of the each of the three terms can either be a subclass of the
appropriate SUPAPolicyTerm class, or another object that appropriate SUPAPolicyTerm class, or another object that
plays the role (i.e., an operator) of that term. plays the role (i.e., an operator) of that term.
The value of the supa-policy-value-op-type attribute The value of the supa-policy-value-op-type attribute
specifies an operator that SHOULD be used to compare the specifies an operator that SHOULD be used to compare the
variable and value portions of a SUPAPolicyTerm. This is variable and value portions of a SUPAPolicyTerm. This is
typically specified by a SUPAPolicyOperator object."; typically specified by a SUPAPolicyOperator object.";
skipping to change at page 30, line 25 skipping to change at page 34, line 5
} }
} }
leaf-list supa-policy-value-content { leaf-list supa-policy-value-content {
type string; type string;
description description
"The content of the value portion of this SUPA Policy "The content of the value portion of this SUPA Policy
Clause. The data type of the content is specified in Clause. The data type of the content is specified in
the supa-policy-value-encoding attribute."; the supa-policy-value-encoding attribute.";
} }
leaf supa-policy-value-encoding { leaf supa-policy-value-encoding {
type policy-data-type-encoding-list; type identityref {
base POLICY-DATA-TYPE-ENCODING-LIST;
}
description description
"The data type of the supa-policy-value-content "The data type of the supa-policy-value-content
attribute."; attribute.";
} }
description description
"This is one formulation of a SUPA Policy Clause. It uses "This is one formulation of a SUPA Policy Clause. It uses
the canonical form of an expression, which is a three-tuple the canonical form of an expression, which is a three-tuple
in the form {variable, operator, value}. In this approach, in the form {variable, operator, value}. In this approach,
each of the three terms can either be a subclass of the each of the three terms can either be a subclass of the
appropriate SUPAPolicyTerm class, or another object that appropriate SUPAPolicyTerm class, or another object that
skipping to change at page 31, line 25 skipping to change at page 35, line 10
} }
leaf-list supa-policy-generic-decorated-content { leaf-list supa-policy-generic-decorated-content {
type string; type string;
description description
"The content of this SUPAGenericDecoratedComponent "The content of this SUPAGenericDecoratedComponent
object instance. The data type of this attribute is object instance. The data type of this attribute is
specified in the leaf specified in the leaf
supa-policy-generic-decorated-encoding."; supa-policy-generic-decorated-encoding.";
} }
leaf supa-policy-generic-decorated-encoding { leaf supa-policy-generic-decorated-encoding {
type policy-data-type-encoding-list; type identityref {
base POLICY-DATA-TYPE-ENCODING-LIST;
}
description description
"The datatype of the "The datatype of the
supa-policy-generic-decorated-content attribute."; supa-policy-generic-decorated-content attribute.";
} }
description description
"This class enables a generic object to be defined and "This class enables a generic object to be defined and
used as a decorator in a SUPA Policy Clause. This class used as a decorator in a SUPA Policy Clause. This class
should not be confused with the SUPAEncodedClause class. should not be confused with the SUPAEncodedClause class.
A SUPAGenericDecoratedComponent object represents a single, A SUPAGenericDecoratedComponent object represents a single,
atomic object that defines a portion of the contents of a atomic object that defines a portion of the contents of a
skipping to change at page 41, line 18 skipping to change at page 44, line 54
min-elements 1; min-elements 1;
description description
"This leaf-list holds instance-identifiers that "This leaf-list holds instance-identifiers that
reference a SUPAHasMetadaDecorator association [1]. reference a SUPAHasMetadaDecorator association [1].
This association is represented by the grouping This association is represented by the grouping
supa-has-policy-metadata-dec-detail. This association supa-has-policy-metadata-dec-detail. This association
describes how a SUPAPolicyMetadataDecorator instance describes how a SUPAPolicyMetadataDecorator instance
wraps a given SUPAPolicyMetadata instance using the wraps a given SUPAPolicyMetadata instance using the
Decorator pattern [1]. Multiple concrete subclasses Decorator pattern [1]. Multiple concrete subclasses
of SUPAPolicyMetadataDecorator may be used to wrap of SUPAPolicyMetadataDecorator may be used to wrap
the same SUPAPolicyMetadata instance. Since this the same SUPAPolicyMetadata instance.
association class contains attributes, the
Since this association class contains attributes, the
instance-identifier MUST point to an instance using instance-identifier MUST point to an instance using
the grouping supa-has-policy-metadata-dec-detail (which the grouping supa-has-policy-metadata-dec-detail (which
includes subclasses of this association class)."; includes subclasses of this association class).";
} }
description description
"This is the superclass of all metadata classes. Metadata "This is the superclass of all metadata classes. Metadata
is information that describes and/or prescribes the is information that describes and/or prescribes the
characteristics and behavior of another object that is characteristics and behavior of another object that is
not an inherent, distinguishing characteristics or not an inherent, distinguishing characteristics or
behavior of that object."; behavior of that object.";
skipping to change at page 43, line 4 skipping to change at page 46, line 41
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')"; 'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')";
description description
"This leaf-list holds instance-identifiers that "This leaf-list holds instance-identifiers that
reference a SUPAHasMetadaDecorator association [1]. reference a SUPAHasMetadaDecorator association [1].
This association is represented by the grouping This association is represented by the grouping
supa-has-policy-metadata-dec-detail. This association supa-has-policy-metadata-dec-detail. This association
describes how a SUPAPolicyMetadataDecorator instance describes how a SUPAPolicyMetadataDecorator instance
wraps a given SUPAPolicyMetadata instance wraps a given SUPAPolicyMetadata instance
using the Decorator pattern [1]. Multiple concrete
using the Decorator pattern [1]. Multiple concrete
subclasses of SUPAPolicyMetadataDecorator may be used subclasses of SUPAPolicyMetadataDecorator may be used
to wrap the same SUPAPolicyMetadata instance. Since to wrap the same SUPAPolicyMetadata instance. Since
this association class contains attributes, the this association class contains attributes, the
instance-identifier MUST point to an instance using instance-identifier MUST point to an instance using
the grouping supa-has-policy-metadata-dec-detail (which the grouping supa-has-policy-metadata-dec-detail (which
includes subclasses of this association class)."; includes subclasses of this association class).";
} }
description description
"This object implements the Decorator pattern [1] for all "This object implements the Decorator pattern [1] for all
SUPA metadata objects. This enables all or part of one or SUPA metadata objects. This enables all or part of one or
skipping to change at page 50, line 30 skipping to change at page 54, line 4
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE; default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE;
} }
} }
leaf supa-has-policy-metadata-detail-agg-ptr { leaf supa-has-policy-metadata-detail-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
'POLICY-OBJECT-TYPE')"; 'POLICY-OBJECT-TYPE')";
description description
"This leaf is an instance-identifier that references "This leaf is an instance-identifier that references a
the SUPAPolicyObject instance end point of the concrete subclass of the SUPAPolicyObject instance end
association represented by this instance of the point of the aggregation represented by this instance
SUPAHasPolicyMetadata association [1]. The groupings of the SUPAHasPolicyMetadata aggregation [1]. The
supa-policy-object-type and supa-policy-metadata-type groupings supa-policy-object-type and
represent the SUPAPolicyObject and SUPAPolicyMetadata supa-policy-metadata-type represent the
classes, respectively. Thus, the instance identified SUPAPolicyObject and SUPAPolicyMetadata classes,
by this leaf is the SUPAPolicyObject instance that is respectively. Thus, the instance identified by this
associated by this association to the set of leaf is the SUPAPolicyObject instance that is
associated by this aggregation to the set of
SUPAPolicyMetadata instances referenced by the SUPAPolicyMetadata instances referenced by the
supa-has-policy-metadata-detail-part-ptr leaf of supa-has-policy-metadata-detail-part-ptr leaf of
this grouping."; this grouping.";
} }
leaf supa-has-policy-metadata-detail-part-ptr { leaf supa-has-policy-metadata-detail-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
'POLICY-METADATA-TYPE')"; 'POLICY-METADATA-TYPE')";
description description
"This leaf is an instance-identifier that references "This leaf is an instance-identifier that references
the SUPAPolicyMetadata instance end point of the the SUPAPolicyMetadata instance end point of the
association represented by this instance of the aggregation represented by this instance of the
SUPAHasPolicyMetadata association [1]. The groupings SUPAHasPolicyMetadata aggregation [1]. The groupings
supa-policy-object-type and supa-policy-metadata-type supa-policy-object-type and supa-policy-metadata-type
represents the SUPAPolicyObject and SUPAPolicyMetadata represent the SUPAPolicyObject and SUPAPolicyMetadata
classes, respectively. Thus, the instance classes, respectively. Thus, the instance
identified by this leaf is the SUPAPolicyMetadata identified by this leaf is the SUPAPolicyMetadata
instance that is associated by this association to instance that is associated by this aggregation to
the set of SUPAPolicyObject instances referenced by the set of SUPAPolicyObject instances referenced by
the supa-has-policy-metadata-detail-agg-ptr leaf of the supa-has-policy-metadata-detail-agg-ptr leaf of
this grouping."; this grouping.";
} }
leaf supa-policy-metadata-detail-is-applicable { leaf supa-policy-metadata-detail-is-applicable {
type boolean; type boolean;
description description
"This attribute controls whether the associated "This attribute controls whether the associated
metadata is currently considered applicable to this metadata is currently considered applicable to this
SUPAPolicyObject; this enables metadata to be turned SUPAPolicyObject; this enables metadata to be turned
on and off when needed without disturbing the on and off when needed without disturbing the
structure of the object that the metadata applies to, structure of the object that the metadata applies to,
or affecting other objects in the system."; or affecting other objects in the system.";
} }
skipping to change at page 51, line 27 skipping to change at page 55, line 4
on and off when needed without disturbing the on and off when needed without disturbing the
structure of the object that the metadata applies to, structure of the object that the metadata applies to,
or affecting other objects in the system."; or affecting other objects in the system.";
} }
leaf-list supa-policy-metadata-detail-constraint { leaf-list supa-policy-metadata-detail-constraint {
type string; type string;
description description
"A list of constraints, expressed as strings, in "A list of constraints, expressed as strings, in
the language defined by the the language defined by the
supa-policy-metadata-detail-encoding attribute. supa-policy-metadata-detail-encoding attribute.
If there are no constraints on using this If there are no constraints on using this
SUPAPolicyMetadata object with this particular SUPAPolicyMetadata object with this particular
SUPAPolicyObject object, then this leaf-list will SUPAPolicyObject object, then this leaf-list will
consist of a list of a single null string."; consist of a list of a single null string.";
} }
leaf supa-policy-metadata-detail-constraint-encoding { leaf supa-policy-metadata-detail-constraint-encoding {
type policy-constraint-language-list; type identityref {
base POLICY-CONSTRAINT-LANGUAGE-LIST;
}
description description
"The language used to encode the constraints relevant "The language in which the constraints on the
to the relationship between the SUPAPolicyMetadata SUPAHasPolicyMetadata aggregation is expressed.
object and the underlying SUPAPolicyObject."; Examples include OCL 2.4 [2], Alloy [3], and
English text.";
} }
description description
"This is a concrete association class that defines the "This is a concrete association class that defines the
semantics of the SUPAHasPolicyMetadata association. This semantics of the SUPAHasPolicyMetadata association. This
enables the attributes and relationships of the enables the attributes and relationships of the
SUPAHasPolicyMetadataDetail class to be used to constrain SUPAHasPolicyMetadataDetail class to be used to constrain
which SUPAPolicyMetadata objects can be associated by which SUPAPolicyMetadata objects can be associated by
this particular SUPAPolicyObject instance."; this particular SUPAPolicyObject instance.";
} }
skipping to change at page 52, line 13 skipping to change at page 55, line 45
uses supa-has-policy-metadata-detail; uses supa-has-policy-metadata-detail;
description description
"This is a list of all supa-policy-metadata-detail "This is a list of all supa-policy-metadata-detail
instances in the system. Instances of subclasses instances in the system. Instances of subclasses
will be in a separate list. Note that this association will be in a separate list. Note that this association
class is made concrete for exemplary purposes. To be class is made concrete for exemplary purposes. To be
useful, it almost certainly needs refinement."; useful, it almost certainly needs refinement.";
} }
} }
identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { // Editor's note: For simplicity, this version of this document assumes
base POLICY-COMPONENT-TYPE; // that the SUPAPolicyObject and SUPAMetadata object
// hierarchies are separate and do NOT have a common
// superclass. Hence, there are two separate IDs used by
// associations and association classes,
// POLICY-OBJECT-TYPE and POLICY-METADATA-TYPE (for the
// SUPAPolicyObject and SUPAPolicyMetadata associations,
// respectively). Future implementations should examine
// the merit of defining a common superclass for these
// two class hierarchies in order to give all
// associations and association classes a common ID.
identity SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC {
base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAHasDecoratedPolicyComponentDetail association class SUPAPolicyClauseHasDecorator association class
object instance."; object instance.";
} }
grouping supa-policy-clause-has-decorator-detail {
leaf supa-policy-clause-has-decorator-agg-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
description
"This leaf-list holds instance-identifiers that
reference a SUPAPolicyClauseHasDecorator aggregation
[1], and is represented by the grouping
supa-policy-clause-has-decorator-detail. This
aggregation describes how each SUPAPolicyClause
object instance is decorated (i.e., wrapped) by zero
or more SUPAPolicyClauseComponentDecorator object
instances. For example, this aggregation may restrict
which concrete subclasses of the
SUPAPolicyClauseComponentDecorator class can wrap
this particular contrete subclass of the
SUPAPolicyClause class. The set of SUPAPolicyClauses,
identified by this leaf-list, define the content of
this SUPAPolicyStructure that they are associated
with (via the SUPAHasPolicyClause aggregation).
Since this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-policy-clause-has-decorator-detail
(which includes subclasses of this association
class). Note that (concrete) subclasses of this
association class may also be used to further refine
the semantics of this aggregation.";
}
leaf supa-policy-clause-has-decorator-part-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
description
"This leaf holds instance-identifiers that
reference a SUPAPolicyClauseHasDecorator aggregation,
[1], and is represented by the grouping
supa-policy-clause-has-decorator-detail. This
aggregation describes how each
SUPAPolicyClauseComponentDecorator object instance
wraps a given SUPAPolicyClause object instance. This
enables the behavior of a SUPAPolicyClause object
instance to be changed dynamically by attaching and/or
removing SUPAPolicyClauseComponentDecorator object
instances. Multiple SUPAPolicyClauseComponentDecorator
object instances instances may be attached to a
SUPAPolicyClause object instance that is referenced in
this aggregation by using the Decorator pattern [1].
Since this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-policy-clause-has-decorator-detail.";
}
leaf-list supa-pol-clause-dec-constraint {
type string;
description
"A constraint expression applying to this association
between a concrete subclase of SUPAPolicyClause and a
concrete subclass of
SUPAPolicyClauseComponentDecorator. This restricts
which types of SUPAPolicyClauseComponentDecorator
object instances can be aggregated by which types of
SUPAPolicyClause object instances. Constraints are
written in a constraint language specified by the
supa-pol-clause-dec-constraint-encoding attribute.";
}
leaf supa-pol-clause-dec-constraint-encoding {
type identityref {
base POLICY-CONSTRAINT-LANGUAGE-LIST;
}
description
"The language in which the constraints on the
SUPAPolicyClauseHasDecorator aggregation is expressed.
Examples include OCL 2.4 [2], Alloy [3], and
English text.";
}
description
"This is a concrete association class that defines the
semantics of the SUPAPolicyClauseHasDecorator
aggregation.";
}
container supa-policy-clause-has-decorator-detail-container {
description
"This is a container to collect all object instances of
type SUPAPolicyClauseHasDecoratorDetail.";
list supa-policy-component-decorator-detail-list {
key supa-policy-ID;
uses supa-has-decorator-policy-component-detail;
description
"This is a list of all
supa-policy-component-decorator-details.";
}
}
grouping supa-has-decorator-policy-component-detail { grouping supa-has-decorator-policy-component-detail {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; default SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC;
} }
} }
leaf supa-has-policy-component-decorator-agg-ptr { leaf supa-has-policy-component-decorator-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
'POLICY-COMPONENT-DECORATOR-TYPE')"; 'POLICY-COMPONENT-DECORATOR-TYPE')";
description description
"This leaf is an instance-identifier that references "This leaf is an instance-identifier that references
the SUPAPolicyComponentDecorator instance end point of the SUPAPolicyComponentDecorator instance end point of
the association represented by this instance of the the association represented by this instance of the
SUPAHasDecoratedPolicyComponent association [1]. The SUPAHasDecoratedPolicyComponent association [1]. The
groupings supa-policy-component-decorator-type and groupings supa-policy-component-decorator-type and
supa-policy-component-structure-type represent the supa-policy-component-structure-type represent the
skipping to change at page 53, line 20 skipping to change at page 59, line 5
SUPAPolicyComponentStructure instance that is SUPAPolicyComponentStructure instance that is
associated by this association to the set of associated by this association to the set of
SUPAPolicyComponentStructure instances referenced by SUPAPolicyComponentStructure instances referenced by
the supa-has-policy-component-decorator-agg-ptr leaf the supa-has-policy-component-decorator-agg-ptr leaf
of this grouping."; of this grouping.";
} }
leaf-list supa-has-decorator-constraint { leaf-list supa-has-decorator-constraint {
type string; type string;
description description
"A constraint expression applying to this association "A constraint expression applying to this association
between a SUPAPolicyComponentDecorator and the between a SUPAPolicyClauseComponentDecorator and any
decorated component (which is a concrete subclass of components that decorate it. The
the SUPAPolicyComponentStructure class, such as
SUPAEncodedClause or SUPABooleanClauseAtomic). The
supa-has-decorator-constraint-encoding attribute supa-has-decorator-constraint-encoding attribute
specifies the language used to write the set of specifies the language used to write the set of
constraint expressions."; constraint expressions.";
} }
leaf supa-has-decorator-constraint-encoding { leaf supa-has-decorator-constraint-encoding {
type policy-constraint-language-list; type identityref {
base POLICY-CONSTRAINT-LANGUAGE-LIST;
}
description description
"The language used to encode the constraints relevant "The language in which the constraints on the
to the relationship between the SUPAHasDecoratedPolicyComponent aggregation is
SUPAPolicyComponentDecorator and the expressed. Examples include OCL 2.4 [2], Alloy [3],
SUPAPolicyComponentStructure object instances."; and English text.";
} }
description description
"This is a concrete association class that defines the "This is a concrete association class that defines the
semantics of the SUPAHasDecoratedPolicyComponent semantics of the SUPAHasDecoratedPolicyComponent
association. The purpose of this class is to use the association. The purpose of this class is to use the
Decorator pattern [1] to detemine which Decorator pattern [1] to detemine which
SUPAPolicyComponentDecorator object instances, if any, SUPAPolicyComponentDecorator object instances, if any,
are required to augment the functionality of a concrete are required to augment the functionality of a concrete
subclass of SUPAPolicyClause that is being used."; subclass of SUPAPolicyClause that is being used.";
} }
skipping to change at page 54, line 10 skipping to change at page 59, line 44
type SUPAPolicyComponentDecoratorDetail."; type SUPAPolicyComponentDecoratorDetail.";
list supa-policy-component-decorator-detail-list { list supa-policy-component-decorator-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-decorator-policy-component-detail; uses supa-has-decorator-policy-component-detail;
description description
"This is a list of all "This is a list of all
supa-policy-component-decorator-details."; supa-policy-component-decorator-details.";
} }
} }
identity SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC {
base POLICY-OBJECT-TYPE;
description
"The identity corresponding to a
SUPAHasDecoratedPolicyComponent association
object instance.";
}
identity SUPA-HAS-POLICY-SOURCE-ASSOC { identity SUPA-HAS-POLICY-SOURCE-ASSOC {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAHasPolicySource "The identity corresponding to a SUPAHasPolicySource
association class object instance."; association class object instance.";
} }
grouping supa-has-policy-source-detail { grouping supa-has-policy-source-detail {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
skipping to change at page 56, line 48 skipping to change at page 62, line 41
description description
"This leaf is an instance-identifier that references "This leaf is an instance-identifier that references
a SUPAPolicyTarget instance end point of the a SUPAPolicyTarget instance end point of the
association represented by this instance of the association represented by this instance of the
SUPAHasPolicyTarget association [1]. The grouping SUPAHasPolicyTarget association [1]. The grouping
supa-has-policy-target-detail represents the supa-has-policy-target-detail represents the
SUPAHasPolicyTargetDetail class. Thus, the instance SUPAHasPolicyTargetDetail class. Thus, the instance
identified by this leaf is the SUPAPolicyTarget identified by this leaf is the SUPAPolicyTarget
instance that is associated by this association to the instance that is associated by this association to the
SUPAPolicyStructure instance referenced by the SUPAPolicyStructure instance referenced by the
supa-has-policy-source-detail-agg-ptr leaf of supa-has-policy-target-detail-agg-ptr leaf of
this grouping."; this grouping.";
} }
leaf supa-policy-target-is-authenticated { leaf supa-policy-target-is-authenticated {
type boolean; type boolean;
description description
"If the value of this attribute is true, then this "If the value of this attribute is true, then this
SUPAPolicyTarget object has been authenticated by SUPAPolicyTarget object has been authenticated by
a policy engine or application that is executing this a policy engine or application that is executing this
particular SUPAPolicyStructure object."; particular SUPAPolicyStructure object.";
} }
skipping to change at page 58, line 4 skipping to change at page 63, line 43
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyTargetDetail."; type SUPAPolicyTargetDetail.";
list supa-policy-target-detail-list { list supa-policy-target-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-target-detail; uses supa-has-policy-target-detail;
description description
"This is a list of all supa-policy-target-detail "This is a list of all supa-policy-target-detail
objects."; objects.";
} }
} }
identity SUPA-HAS-POLICY-METADATA-ASSOC {
base POLICY-METADATA-TYPE;
description
"The identity corresponding to a SUPAHasPolicyMetadata
association class object instance.";
}
identity SUPA-HAS-POLICY-CLAUSE-ASSOC { identity SUPA-HAS-POLICY-CLAUSE-ASSOC {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAHasPolicyClause "The identity corresponding to a SUPAHasPolicyClause
association class object instance."; association class object instance.";
} }
grouping supa-has-policy-clause-detail { grouping supa-has-policy-clause-detail {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default SUPA-HAS-POLICY-CLAUSE-ASSOC; default SUPA-HAS-POLICY-CLAUSE-ASSOC;
} }
} }
leaf supa-has-policy-clause-detail-agg-ptr { leaf-list supa-has-policy-clause-detail-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
'POLICY-STRUCTURE-TYPE')"; 'POLICY-STRUCTURE-TYPE')";
description description
"This leaf is an instance-identifier that references "This leaf is an instance-identifier that references
a concrete subclass of the SUPAPolicyStructure class a concrete subclass of the SUPAPolicyStructure class
end point of the association represented by this end point of the association represented by this
instance of the SUPAHasPolicyClause association [1]. instance of the SUPAHasPolicyClause association [1].
The grouping supa-has-policy-clause-detail represents The grouping supa-has-policy-clause-detail represents
the SUPAHasPolicyClauseDetail association class. Thus, the SUPAHasPolicyClauseDetail association class. Thus,
skipping to change at page 63, line 45 skipping to change at page 69, line 45
RFC 6020, October 2010. RFC 6020, October 2010.
[RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991,
July 2013. July 2013.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling
Language", August 2016. Language", August 2016.
9.2. Informative References 9.2. Informative References
[1] Strassner, J., Halpern, J., Coleman, J., "Generic [1] Strassner, J., Halpern, J., Coleman, J., "Generic
Policy Information Model for Simplified Use of Policy Policy Information Model for Simplified Use of Policy
Abstractions (SUPA)", Jan 18, 2017, Abstractions (SUPA)", May 30, 2017,
draft-ietf-supa-generic-policy-info-model-02 draft-ietf-supa-generic-policy-info-model-03
[2] http://www.omg.org/spec/OCL/ [2] http://www.omg.org/spec/OCL/
[3] http://doc.omg.org/formal/2002-04-03.pdf [3] http://doc.omg.org/formal/2002-04-03.pdf
[4] http://alloy.mit.edu/alloy/ [4] http://alloy.mit.edu/alloy/
[5] http://www.omg.org/spec/QVT/ [5] http://www.omg.org/spec/QVT/
[6] http://semver.org/ [6] http://semver.org/
[7] Definitions of DAC, MAC, and RBAC may be found here: [7] Definitions of DAC, MAC, and RBAC may be found here:
http://csrc.nist.gov/groups/SNS/rbac/faq.html#03 http://csrc.nist.gov/groups/SNS/rbac/faq.html#03
[8] ABAC is described here: [8] ABAC is described here:
http://csrc.nist.gov/groups/SNS/rbac/index.html http://csrc.nist.gov/groups/SNS/rbac/index.html
Authors' Addresses Authors' Addresses
Joel Halpern Joel Halpern
Ericsson Ericsson
 End of changes. 66 change blocks. 
570 lines changed or deleted 949 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/