draft-ietf-supa-generic-policy-data-model-00.txt   draft-ietf-supa-generic-policy-data-model-01.txt 
Network Working Group J. Halpern Network Working Group J. Halpern
Internet-Draft Ericsson Internet-Draft Ericsson
Intended status: Informational J. Strassner Intended status: Informational J. Strassner
Expires: January 20, 2017 Huawei Technologies Expires: April 3, 2017 Huawei Technologies
July 20, 2016 S. Van der Meer
Ericsson
October 1, 2016
Generic Policy Data Model for Generic Policy Data Model for
Simplified Use of Policy Abstractions (SUPA) Simplified Use of Policy Abstractions (SUPA)
draft-ietf-supa-generic-policy-data-model-00 draft-ietf-supa-generic-policy-data-model-01
Abstract Abstract
This document defines two YANG policy data models. The first is a This document defines two YANG policy data modules. The first is a
generic policy model that is meant to be extended on an application- generic policy model that is meant to be extended on an application-
specific basis. The second is an exemplary extension of the first specific basis. The second is an exemplary extension of the first
generic policy model, and defines rules as event-condition-action generic policy model, and defines rules as event-condition-action
policies. Both models are independent of the level of abstraction of policies. Both models are independent of the level of abstraction of
the content and meaning of a policy. the content and meaning of a policy.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 37 skipping to change at page 1, line 39
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current working documents as Internet-Drafts. The list of current
Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in as reference material or to cite them other than as "work in
progress." progress."
This Internet-Draft will expire on January 20, 2017. This Internet-Draft will expire on April 3, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 10 skipping to change at page 2, line 10
respect to this document. Code Components extracted from this respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided Section 4.e of the Trust Legal Provisions and are provided
without warranty as described in the Simplified BSD License. without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Overview ....................................................... 2 1. Overview ....................................................... 2
2. Conventions Used in This Document .............................. 2 2. Conventions Used in This Document .............................. 2
3. Terminology .................................................... 3 3. Terminology .................................................... 3
3.1. Acronyms .................................................. 3 3.1. Acronyms ................................................. 3
3.2. Definitions ............................................... 3 3.2. Definitions .............................................. 3
3.3. Symbology ................................................. 4 3.3. Symbology ................................................ 5
4. Design of the SUPA Policy Data Models .......................... 4 4. Design of the SUPA Policy Data Models ......................... 5
5. SUPA Policy Data Model YANG Module ............................. 5 4.1. Objectives ............................................... 5
6. IANA Considerations ............................................ 47 4.2 Yang Data Model Maintenance ................................ 5
7. Security Considerations ........................................ 47 4.3 YANG Data Model Overview ................................... 6
8. Acknowledgments ................................................ 47 4.4. YANG Tree Diagram ........................................ 7
9. References ..................................................... 47 5. SUPA Policy Data Model YANG Module ............................ 11
9.1. Normative References ...................................... 48 6. IANA Considerations ........................................... 47
9.2. Informative References .................................... 48 7. Security Considerations ....................................... 47
8. Acknowledgments ............................................... 47
9. References .................................................... 47
9.1. Normative References ..................................... 48
9.2. Informative References ................................... 48
Authors' Addresses ................................................ 48 Authors' Addresses ................................................ 48
1. Overview 1. Overview
This document defines two YANG [RFC6020] [RFC6991] policy data This document defines two YANG [RFC6020] [RFC6991] policy data
models. The first is a generic policy model that is meant to be models. The first is a generic policy model that is meant to be
extended on an application-specific basis. It is derived from the extended on an application-specific basis. It is derived from the
Generic Policy Information Model (GPIM) defined in [1]. The second Generic Policy Information Model (GPIM) defined in [1]. The second
is an exemplary extension of the first (generic policy) model, and is an exemplary extension of the first (generic policy) model, and
defines policy rules as event-condition-action tuples. Both models defines policy rules as event-condition-action tuples. Both models
are independent of the level of abstraction of the content and are independent of the level of abstraction of the content and
meaning of a policy. meaning of a policy.
The GPIM defines a common framework as a set of model elements The GPIM defines a common framework as a set of model elements
(e.g., classes, attributes, and relationships) that specify a (e.g., classes, attributes, and relationships) that specify a
common set of policy management concepts that are independent of the common set of policy management concepts that are independent of the
type of policy (e.g., imperative, procedural, declarative, or type of policy (e.g., imperative, procedural, declarative, or
otherwise). The first YANG data model is a translation of the GPIM otherwise). The first YANG data model is a translation of the GPIM
to a YANG module. The Eca Policy Rule Information Model (EPRIM), to a YANG module. The ECA Policy Rule Information Model (EPRIM),
also defined in [1], extends the GPIM to represent policy rules that also defined in [1], extends the GPIM to represent policy rules that
use the Event-Condition-Action (ECA) paradigm. The second YANG data use the Event-Condition-Action (ECA) paradigm. The second YANG data
model maps the EPRIM to YANG. The second YANG data model MAY be model maps the EPRIM to YANG. The second YANG data model MAY be
used to augment the functionality of the first YANG data model. used to augment the functionality of the first YANG data model.
2. Conventions Used in This Document 2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [RFC2119]. In this document are to be interpreted as described in [RFC2119]. In
skipping to change at page 3, line 15 skipping to change at page 3, line 24
3. Terminology 3. Terminology
This section defines acronyms, terms, and symbology used in the This section defines acronyms, terms, and symbology used in the
rest of this document. rest of this document.
3.1. Acronyms 3.1. Acronyms
CNF Conjunctive Normal Form CNF Conjunctive Normal Form
DNF Disjunctive Normal Form DNF Disjunctive Normal Form
ECA Event-Condition-Action ECA Event-Condition-Action
EPRIM (SUPA) ECA Policy Rule Information Model EPRIM (SUPA) ECA Policy Rule Information Model [1]
GPIM (SUPA) Generic Policy Information Model FQDN Fully Qualified Domain Name
FQPN Fully Qualified Path Name
GPIM (SUPA) Generic Policy Information Model [1]
GUID Globally Unique IDentifier
NETCONF Network Configuration protocol NETCONF Network Configuration protocol
OAM&P Operations, Administration, Management, and Provisioning OAM&P Operations, Administration, Management, and Provisioning
OCL Object Constraint Language OCL Object Constraint Language {2] [3]
OID Object IDentifier OID Object IDentifier
SUPA Simplified Use of Policy Abstractions SUPA Simplified Use of Policy Abstractions
UML Unified Modeling Language UML Unified Modeling Language
URI Uniform Resource Identifier URI Uniform Resource Identifier
UUID Universally Unique IDentifier
3.2. Definitions 3.2. Definitions
Action: a set of purposeful activities that have a set of Action: a set of activities that have a set of associated behavior.
associated behavior.
Boolean Clause: a logical statement that evaluates to either TRUE Boolean Clause: a logical statement that evaluates to either TRUE
or FALSE. Also called Boolean Expression. or FALSE. Also called Boolean Expression.
Condition: a set of attributes, features, and/or values that are to Condition: a set of attributes, features, and/or values that are to
be compared with a set of known attributes, features, and/or be compared with a set of known attributes, features, and/or
values in order to make a decision. A Condition, when used in values in order to make a decision. A Condition, when used in
the context of a Policy Rule, is used to determine whether or not the context of a Policy Rule, is used to determine whether or not
the set of Actions in that Policy Rul can be executed or not. the set of Actions in that Policy Rule can be executed or not.
Constraint: A constraint is a limitation or restriction. Constraint: A constraint is a limitation or restriction.
Constraints may be added to any type of object (e.g., events, Constraints may be added to any type of object (e.g., events,
conditions, and actions in Policy Rules). conditions, and actions in Policy Rules).
Constraint Programming: a type of programming that uses constraints
to define relations between variables in order to find
a feasible (and not necessarily optimal) solution.
Data Model: a data model is a representation of concepts of Data Model: a data model is a representation of concepts of
interest to an environment in a form that is dependent on data interest to an environment in a form that is dependent on data
repository, data definition language, query language, repository, data definition language, query language,
implementation language, and protocol (typically one or more of implementation language, and protocol (typically one or more of
these). these). This definition is taken from [1].
ECA: Event - Condition - Action policy. ECA: Event - Condition - Action (a type of policy).
Event: an Event is defined as any important occurrence in time of Event: an Event is defined as any important occurrence in time in
a change in the system being managed, and/or in the environment the system being managed, and/or in the environment of the system
of the system being managed. An Event, when used in the context being managed. An Event may represent the changing or maintaining
of a Policy Rule, is used to determine whether the condition of the state of a managed object. An Event, when used in the
clause of an imperative Policy Rule can be evaluated or not. context of a Policy Rule, is used to determine whether the
Condition clause of an imperative (i.e., ECA) Policy Rule can be
evaluated or not.
FQPN (FUlly Qualified Path Name)
The specification of a path to a file in a system that
unambiguously resolves to only that specific file. In this
sense, "fully qualified" is independent of context. However,
in a distributed system, it may be dependent on the specific
format of an operating system. Hence, implementations should
consider such issues before allowing the use of FQPNs.
Information Model: an information model is a representation of Information Model: an information model is a representation of
concepts of interest to an environment in a form that is concepts of interest to an environment in a form that is
independent of data repository, data definition language, query independent of data repository, data definition language, query
language, implementation language, and protocol. language, implementation language, and protocol. This definition
is taken from [1].
Metadata: is data that provides descriptive and/or prescriptive Metadata: metadata is data that provides descriptive and/or
information about the object(s) to which it is attached. prescriptive information about the object(s) to which it is
associated. This enables structure and content of the object(s)
to which it applies, as well as usage and other information, to
be represented in an extensible manner. It avoids "burying"
common information in specific classes, and increases reuse.
Policy Rule: A Policy Rule is a set of rules that are used to SUPAPolicy: A SUPAPolicy is, in this version of this document, an ECA
manage and control the changing or maintaining of the state of one policy rule that MUST contain an ECA policy rule, SHOULD contain
or more managed objects. one or more SUPAPolicyMetadata objects, and MAY contain other
elements that define the semantics of the policy rule. An ECA
Policy Rule MUST contain an event clause, a condition clause, and
an action clause. Policies are generically defined as a means to
monitor and control the changing and/or maintaining of the state
of one or more managed objects. This definition is based on the
definition of SUPAPolicy in [1].
3.3. Symbology 3.3. Symbology
The following representation is used to describe YANG data modules The following representation is used to describe YANG data modules
defined in this draft. defined in this draft.
o Brackets "[" and "]" enclose list keys. o Brackets "[" and "]" enclose list keys.
o Abbreviations before data node names: "rw" means configuration o Abbreviations before data node names: "rw" means configuration
data (read-write), and "ro" means state data (read-only). data (read-write), and "ro" means state data (read-only).
skipping to change at page 4, line 44 skipping to change at page 5, line 26
means a presence container, and "*" denotes a list and leaf-list. means a presence container, and "*" denotes a list and leaf-list.
o Parentheses enclose choice and case nodes, and case nodes are also o Parentheses enclose choice and case nodes, and case nodes are also
marked with a colon (":"). marked with a colon (":").
o Ellipsis ("...") stands for contents of subtrees that are not o Ellipsis ("...") stands for contents of subtrees that are not
shown. shown.
4. Design of the SUPA Policy Data Models 4. Design of the SUPA Policy Data Models
This will be completed in the next version of this draft. Three This section describes the design philosophy of the YANG data model,
important points are: and how they will be maintained.
- different policy models have common semantics 4.1. Objectives
- capture those semantics within a common framework (GPIM)
- extend these semantics with a specific ECA example (EPRIM) These Data Models are derived from the SUPA Generic Policy
Information Model [1]. The overall objective is to faithfully
transform that information model into a YANG data model that can
be used for communicating policy. The policy scope to be covered is
that defined by [1]; please refer to it for more details and
background information.
This model is an extensible framework that is independent of the
implementation approach for storing polices, as well as being
independent of the content and meaning of specific policies. These
models can be extended (generally by using the groupings here and
defining additional containers for concrete classes) to represent
domain- and/or application-specific policies. The ECA model in this
document is an example of extending the general policy model towards
specific policies.
By using this approach, different policy models will use common
semantics, enabling them to be more easily integrated.
One of the important goals of this work is for the semantics of
these models to align with those of the generic policy information
model. Thus, most of this model was generate by a quasi-algorithmic
transformation of the information model. This was done by hand.
Certain changes were made to reflect the fact that this is a YANG
data model, and therefore, does not need to generically allow for
all data modelling languages. Details of the process are described
below in section 4.3.
4.2 Yang Data Model maintenance
All model changes should be done to both the information model and
the data model in parallel. Care is being taken during development
of this model to ensure that is the case.
In general, structural changes will be applied to both the
information model and the data model, and then any necessary YANG
repairs taken to preserve the validity of the YANG data model.
4.3 YANG Data Model Overview
This YANG data model is generated by applying suitable YANG
constructs to represent the information in the information model.
There are three key information modeling concepts that this data
model needs to represent consistently. These are classes, class
inheritance (also known as subclassing) and associations. The
SUPA generic policy information model [1] makes extensive use of
these concepts.
Each class in the model is represented by a YANG identity and by a
YANG grouping. The use of groupings enables us to define these
classes abstractly. Each grouping begins with two leaves (either
defined in the grouping or inherited via a using clause), which
provide common functionality. One leaf is used for the system-wide
unique identifier for this instance. This is either named
supa-policy-ID (for the SUPAPolicyObject tree, which contains
everything EXCEPT metadata objects) or supa-policy-metadata-id (for
the SUPAPolicyMetadata tree, which ONLY contains metadata). All
associations use supa-policy-IDs. The second leaf is always called
the entity-class. It is an identityref which is set to the identity
of the instance. The default value for this leaf is always
correctly defined by the grouping. It is read-write in the YANG
formalism due to restrictions on the use of MUST clauses.
Class inheritance (or subclassing) is done by defining an identity
and a grouping for the new class. The identity is based on the
parent identity, and is given a new name to represent this class.
The new grouping uses the parent grouping. It refines the
entity-class of the parent, replacing the default value of the
entity-class with the correct value for this class.
Associations are represented by the use of instance-identifiers and
association classes. Association classes are classes, using the
above construction, which contain leaves representing the set of
instance-identifiers for each end of the association, along with
any other properties the information model assigns to the
association. The two associated classes each have a leaf with an
instance-identifier that points to the association class instance.
Each instance-identifier leaf is defined with a must clause. That
must clause references the entity-class of the target of the
instance-identifier, and specifies that the entity class type must
be the same as, or subclassed from, a specific named class. Thus,
associations can point to any instance of a selected class, or any
instance of any subclass of that target.
While not mandated by the YANG, it is expected that the xpath for
the instance-identifier will end with an array selection specifying
the supa-policy-ID or supa-policy-metadata-id of the target. This
enables us to construct the abstract class tree, with inheritance
and associations. It is noted and accepted that this process does
lose the distinction between containment, association, and
aggregation used by the information model.
The concrete class tree is constructed as follows. The YANG model
defines a container for each class that is defined as concrete by
the information model. That container contains a single list,
keyed by either the supa-policy-id or the supa-policy-metadata-id.
The content of the list is defined by a uses clause referencing the
grouping that defines the class. After this was done, certain
additional modifications were made. Specifically, any information
model constructs intended to represent lists of possible values
were recast as YANG enumerations. Where these lists are used more
than once, they are factored out into reusable enumerations.
Certain attributes that are not needed in the YANG (e.g., to
represent the range of choices different data models might use for
policy identification) were removed for simplicity and clarity.
4.4. YANG Tree Diagram
The YANG Tree Diagram starts on the next page. It uses the following
abbreviations for datatypes:
- B: Boolean
- E: enumeration
- II: instance-identifier
- IR: identityref
- PC: policy-constraint-language-list
- PD: policy-data-type-encoding-list
- S: string
- YD: yang:date-and-time
- UI: uint32
module: ietf-supa-policydatamodel
+--rw supa-encoding-clause-container
| +--rw supa-encoding-clause-list* [supa-policy-ID]
| +--rw supa-policy-ID S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-has-policy-component-decorator-part-ptr II
| +--rw supa-policy-clause-deploy-status E
| +--rw supa-has-policy-clause-part-ptr* II
I +--rw supa-encoded-clause-content S
I +--rw supa-encoded-clause-language E
+--rw supa-policy-variable-container
| +--rw supa-policy-variable-list* [supa-policy-ID]
| +--rw supa-policy-ID S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-has-policy-component-decorator-part-ptr II
| +--rw supa-has-policy-component-decorator-agg-ptr* II
| +--rw supa-decorator-constraints* S
| +--rw supa-has-decorator-constraint-encoding? PC
| +--rw supa-policy-term-is-negated? B
| +-rw supa-policy-variable-name? S
+--rw supa-policy-operator-container
| +--rw supa-policy-operator-list* [supa-policy-ID]
| +--rw supa-policy-ID S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-has-policy-component-decorator-part-ptr II
| +--rw supa-has-policy-component-decorator-agg-ptr* II
| +--rw supa-decorator-constraints* S
| +--rw supa-has-decorator-constraint-encoding? PC
| +--rw supa-policy-term-is-negated? B
| +--rw supa-policy-value-op-type E
+--rw supa-policy-value-container
| +--rw supa-policy-value-list* [supa-policy-ID]
| +--rw supa-policy-ID S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-has-policy-component-decorator-part-ptr II
| +--rw supa-has-policy-component-decorator-agg-ptr* II
| +--rw supa-decorator-constraints* S
| +--rw supa-has-decorator-constraint-encoding? PC
| +--rw supa-policy-term-is-negated? B
| +--rw supa-policy-value-content* S
| +--rw supa-policy-value-encoding? PD
+--rw supa-policy-generic-decorated-container
| +--rw supa-encoding-clause-list* [supa-policy-ID]
| +--rw supa-policy-ID S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-has-policy-component-decorator-part-ptr II
| +--rw supa-has-policy-component-decorator-agg-ptr* II
| +--rw supa-decorator-constraints* S
| +--rw supa-has-decorator-constraint-encoding? PC
| +--rw supa-policy-generic-decorated-content* S
| +--rw supa-policy-generic-decorated-encoding? PD
+--rw supa-policy-concrete-metadata-container
| +--rw supa-policy-concrete-metadata-list*
[supa-policy-metadata-ID]
| +--rw supa-policy-metadata-id S
| +--rw entity-class? IR
| +--rw supa-policy-metadata-description? S
| +--rw supa-policy-metadata-name? S
| +--rw supa-has-policy-metadata-part-ptr* II
| +--rw supa-has-policy-metadata-dec-part-ptr* II
| +--rw supa-policy-metadata-valid-period-end? YD
| +--rw supa-policy-metadata-valid-period-start? YD
+--rw supa-policy-metadata-decorator-access-container
| +--rw supa-policy-metadata-decorator-access-list*
[supa-policy-metadata-ID]
| +--rw supa-policy-metadata-id S
| +--rw entity-class? IR
| +--rw supa-policy-metadata-description? S
| +--rw supa-policy-metadata-name? S
| +--rw supa-has-policy-metadata-part-ptr* II
| +--rw supa-has-policy-metadata-dec-part-ptr* II
| +--rw supa-has-policy-metadata-dec-agg-ptr? II
+--rw supa-policy-metadata-decorator-version-container
| +--rw supa-policy-metadata-decorator-version-list*
[supa-policy-metadata-ID]
| +--rw supa-policy-metadata-ID S
| +--rw entity-class? IR
| +--rw supa-policy-metadata-description? S
| +--rw supa-policy-metadata-name? S
| +--rw supa-has-policy-metadata-part-ptr* II
| +--rw supa-has-policy-metadata-dec-part-ptr* II
| +--rw supa-has-policy-metadata-dec-agg-ptr? II
+--rw supa-policy-metadata-detail-container
| +--rw supa-policy-metadata-detail-list [supa-policy-ID]
| +--rw supa-policy-id S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-has-policy-metadata-detail-agg-ptr? II
| +--rw supa-has-policy-metadata-detail-part-ptr? II
| +--rw supa-policy-metadata-detail-is-applicable? B
| +--rw supa-policy-metadata-detail-constraint* S
| +--rw supa-policy-metadata-detail-constraint-encoding? PC
+--rw supa-policy-component-decorator-detail-container
| +--rw supa-policy-component-decorator-detail-list*
[supa-policy-ID]
| +--rw supa-policy-id S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-has-policy-component-decorator-agg-ptr? II
| +--rw supa-has-policy-component-decorator-part-ptr? II
| +--rw supa-has-decorator-constraint* S
| +--rw supa-has-decorator-constraint-encoding PC
+--rw supa-policy-source-detail-container
| +--rw supa-policy-source-detail-list* [supa-policy-ID]
| +--rw supa-policy-id S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
I +--rw supa-has-policy-source-detail-agg-ptr? II
I +--rw supa-has-policy-source-detail-part-ptr? II
I +--rw supa-policy-source-is-authenticated? B
I +--rw supa-policy-source-is-trusted? B
+--rw supa-policy-target-detail-container
| +--rw supa-policy-target-detail-list* [supa-policy-ID]
| +--rw supa-policy-id S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
I +--rw supa-has-policy-target-detail-agg-ptr? II
I +--rw supa-has-policy-target-detail-part-ptr? II
I +--rw supa-policy-target-is-authenticated? B
I +--rw supa-policy-target-is-enabled? B
+--rw supa-policy-clause-detail-container
| +--rw supa-policy-clause-detail-list* [supa-policy-ID]
| +--rw supa-policy-id S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-policy-admin-status E
| +--rw supa-policy-continuum-level? UI
| +--rw supa-policy-deploy-status E
| +--rw supa-policy-exec-fail-strategy E
| +--rw supa-has-policy-source-agg-ptr* II
| +--rw supa-has-policy-target-agg-ptr* II
| +--rw supa-has-policy-clause-agg-ptr* II
| +--rw supa-has-policy-exec-fail-action-agg-ptr* II
| +--rw supa-has-policy-exec-fail-action-part-ptr* II
| +--rw supa-has-policy-clause-detail-agg-ptr? II
| +--rw supa-has-policy-clause-detail-part-ptr? II
+--rw supa-policy-exec-fail-take-action-detail-container
| +--rw supa-policy-exec-fail-take-action-detail-list*
[supa-policy-ID]
| +--rw supa-policy-id S
| +--rw entity-class? IR
| +--rw supa-policy-name? S
| +--rw supa-policy-object-description? S
| +--rw supa-has-policy-metadata-agg-ptr* II
| +--rw supa-policy-admin-status E
| +--rw supa-policy-continuum-level? UI
| +--rw supa-policy-deploy-status E
| +--rw supa-policy-exec-fail-strategy E
| +--rw supa-has-policy-source-agg-ptr* II
| +--rw supa-has-policy-target-agg-ptr* II
| +--rw supa-has-policy-clause-agg-ptr* II
| +--rw supa-has-policy-exec-fail-action-agg-ptr* II
| +--rw supa-has-policy-exec-fail-action-part-ptr* II
| +--rw supa-has-exec-fail-action-detail-agg-ptr? II
| +--rw supa-has-exec-fail-action-detail-part-ptr? II
| +--rw supa-policy-exec-fail-take-action-name* S
+--rw supa-policy-metadata-decorator-detail-container
+--rw supa-policy-metadata-decorator-detail-list*
[supa-policy-metadata-ID]
+--rw supa-policy-metadata-id S
+--rw entity-class? IR
+--rw supa-policy-metadata-description? S
+--rw supa-policy-metadata-name? S
+--rw supa-has-policy-metadata-part-ptr* II
+--rw supa-has-policy-metadata-dec-part-ptr* II
+--rw supa-has-policy-metadata-detail-dec-agg-ptr? II
+--rw supa-has-policy-metadata-detail-dec-part-ptr? II
5. SUPA Policy Data Model YANG Module 5. SUPA Policy Data Model YANG Module
The SUPA YANG data model module is divided into two main parts: The SUPA YANG data model module is divided into two main parts:
1) a set of containers that represent the objects that make 1) a set of containers that represent the objects that make
updated a Policy Rule and its Policy Rule Components updated a Policy Rule and its Policy Rule Components
2) a set of containers that represent the objects that define and 2) a set of containers that represent the objects that define and
apply metadata to Policy Rules and/or Policy Rule Components apply metadata to Policy Rules and/or Policy Rule Components
< This will be finished in version 02 > [Editor's note] < This will be finished in version 02 >
<CODE BEGINS> file "ietf-supa-policydatamodel@2016-10-01.yang"
<CODE BEGINS> file "ietf-supa-policydatamodel@2016-03-21.yang"
module ietf-supa-policydatamodel { module ietf-supa-policydatamodel {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel"; namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel";
prefix supa-pdm; prefix supa-pdm;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
skipping to change at page 5, line 39 skipping to change at page 13, line 27
contact contact
"Editor: Joel Halpern "Editor: Joel Halpern
email: jmh@joelhalpern.com; email: jmh@joelhalpern.com;
Editor: John Strassner Editor: John Strassner
email: strazpdj@gmail.com;"; email: strazpdj@gmail.com;";
description description
"This module defines a data model for generic high level "This module defines a data model for generic high level
definition of policies to be applied to a network. definition of policies to be applied to a network.
This module is derived from and aligns with This module is derived from and aligns with
draft-strassner-supa-generic-policy-info-model-04. draft-ietf-supa-generic-policy-info-model-01.
Details on all classes, associations, and attributes Details on all classes, associations, and attributes
can be found there. can be found there.
Copyright (c) 2015 IETF Trust and the persons identified Copyright (c) 2015 IETF Trust and the persons identified
as the document authors. All rights reserved. as the document authors. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info)."; (http://trustee.ietf.org/license-info).";
revision 2016-07-20 { revision "2016-10-01" {
description description
"Conversion to WG draft, 20160720. "20161001: Minor edits in association definitions.
Fixed pyang 1.1 compilation errors. Fixed must clause 20160928: Generated yang tree.
derefencing used in grouping statements. Reformatted 20160924: Rewrote association documentation; rebuilt
and expanded descriptions. Fixed various typos. how all classes are named for consistency.
Initial version, 20160321"; 20160904: Optimization of module by eliminating leaves
that are not needed; rewrote section 4.
20160824: Edits to sync data model to info model.
20160720: Conversion to WG draft. Fixed pyang 1.1
compilation errors. Fixed must clause derefencing
used in grouping statements. Reformatted and expanded
descriptions. Fixed various typos.
20160321: Initial version.";
reference reference
"draft-ietf-supa-policy-data-model-00"; "draft-ietf-supa-policy-data-model-00";
} }
typedef policy-constraint-language-list { typedef policy-constraint-language-list {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description description
"This may be used as an initialization and/or "This signifies an error state. OAM&P Policies
an error state."; SHOULD NOT use this SUPAPolicy if the value of
this attribute is error.";
}
enum "init" {
description
"This signifies a generic initialization state. A
suitable Policy Constraint Language (e.g., OCL [2]
or Alloy[4]) may now be defined.";
} }
enum "OCL2.4" { enum "OCL2.4" {
description description
"Object Constraint Language v2.4. This is a "Object Constraint Language v2.4 [2]. This is a
declarative language for describing rules for declarative language for describing rules for
defining constraints and query expressions."; defining constraints and query expressions.";
} }
enum "OCL2.x" { enum "OCL2.x" {
description description
"Object Constraint Language, v2.0 through 2.3.1."; "Object Constraint Language, v2.0 through 2.3.1
[2].";
} }
enum "OCL1.x" { enum "OCL1.x" {
description description
"Object Constraint Language, any version prior "Object Constraint Language, any version prior
to v2.0."; to v2.0 [3].";
} }
enum "QVT1.2R" { enum "QVT1.2R" {
description description
"QVT Relational Language."; "QVT Relational Language [5].";
} }
enum "QVT1.2O" { enum "QVT1.2O" {
description description
"QVT Operational language."; "QVT Operational language [5].";
} }
enum "Alloy" { enum "Alloy" {
description description
"A language for defining structures and "A language for defining structures and
and relations using constraints."; and relations using constraints [4].";
} }
} }
description description
"The language used to encode the constraints "The language used to encode the constraints
relevant to the relationship between the metadata relevant to the relationship between the metadata
and the underlying policy object."; and the underlying policy object.";
} }
typedef policy-data-type-id-encoding-list { typedef policy-data-type-id-encoding-list {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description description
"This can be used for either initialization "This signifies an error state. OAM&P Policies
or for signifying an error."; SHOULD NOT use this SUPAPolicy if the value of
this attribute is error.";
} }
enum "String" { enum "init" {
description description
"The clause is directly present in "This signifies an initialization state.";
the content."; }
enum "primary_key" {
description
"This represents the primary key of a table, which
uniquely identifies each record in that table.
It MUST NOT be NULL. It MAY consist of a single
or multiple fields. Note that a YANG data model
implementation does NOT have to implement this
enumeration.";
}
enum "foreign_key" {
description
"This represents the foreign key, which is a set
or more fields in one table that uniquely
identify a row in another table. It MAY be
NULL. Note that a YANG data model implementation
does NOT have to implement this enumeration.";
} }
enum "GUID" { enum "GUID" {
description description
"The clause is referenced by this GUID."; "The object is referenced by this GUID.";
} }
enum "UUID" { enum "UUID" {
description description
"The clause is referenced by this UUID."; "The object is referenced by this UUID.";
} }
enum "URI" { enum "URI" {
description description
"The clause is referenced by this URI."; "The object is referenced by this URI.";
} }
enum "FQDN" { enum "FQDN" {
description description
"The clause is referenced by this FQDN."; "The object is referenced by this FQDN.";
}
enum "FQPN" {
description
"The object is referenced by this FQPN. Note that
FQPNs assume that all components can access a
single logical file repostory.";
}
enum "string_instance_id" {
description
"A string that is the canonical representation,
in ASCII, of an instance ID of this object.";
} }
} }
description description
"The list of possible data types used to represent object "The list of possible data types used to represent object
IDs in the SUPA policy hierarchy."; IDs in the SUPA policy hierarchy.";
} }
typedef policy-data-type-encoding-list { typedef policy-data-type-encoding-list {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description description
"This can be used for either initialization "This signifies an error state. OAM&P Policies
or for signifying an error."; SHOULD NOT use this SUPAPolicy if the value of
this attribute is error.";
}
enum "init" {
description
"This signifies an initialization state.";
} }
enum "string" { enum "string" {
description description
"This represents a string data type."; "This represents a string data type.";
} }
enum "integer" { enum "integer" {
description description
"This represents an integer data type."; "This represents an integer data type.";
} }
enum "boolean" { enum "boolean" {
skipping to change at page 8, line 31 skipping to change at page 17, line 6
enum "GUID" { enum "GUID" {
description description
"This represents a GUID data type."; "This represents a GUID data type.";
} }
enum "UUID" { enum "UUID" {
description description
"This represents a UUID data type."; "This represents a UUID data type.";
} }
enum "URI" { enum "URI" {
description description
"This represents a Uniform Resource Identifier "This represents a URI data type.";
(URI) data type.";
} }
enum "DN" { enum "DN" {
description description
"This represents a Distinguished Name (DN) "This represents a DN data type.";
data type."; }
enum "FQDN" {
description
"The object is referenced by this FQDN.";
}
enum "FQPN" {
description
"The object is referenced by this FQPN. Note that
FQPNs assume that all components can access a
single logical file repostory.";
} }
enum "NULL" { enum "NULL" {
description description
"This represents a NULL data type. NULL means the "This represents a NULL data type. NULL means the
absence of an actual value. NULL is frequently absence of an actual value. NULL is frequently
used to represent a missing or invalid value."; used to represent a missing or invalid value.";
} }
enum "string_instance_id" {
description
"A string that is the canonical representation,
in ASCII, of an instance ID of this object.";
}
} }
description description
"The set of allowable data types used to encode "The set of allowable data types used to encode
multi-valued SUPA Policy attributes."; multi-valued SUPA Policy attributes.";
} }
// identities are used in this model as a means to provide simple // Identities are used in this model as a means to provide simple
// reflection to allow an instance-identifier to be tested as to what // introspection to allow an instance-identifier to be tested as to
// class it represents. In turn, this allows must clauses to specify // what class it represents. This allows must clauses to specify
// that the target of a particular instance-identifier leaf must be a // that the target of a particular instance-identifier leaf must be a
// specific class, or within a certain branch of the inheritance tree. // specific class, or within a certain branch of the inheritance tree.
// This depends upon the ability to refine the entity class default // This depends upon the ability to refine the entity class default
// value. The entity class should be read-only. Howeverm as this is // value. The entity class should be read-only. However, as this is
// the target of a MUST condition, it cannot be config-false. Also, // the target of a MUST condition, it cannot be config-false. Also,
// it appears that we cannot put a MUST condition on its definition, // it appears that we cannot put a MUST condition on its definition,
// as the default (actual) value changes at each inheritance. // as the default (actual) value changes for each inherited object.
identity POLICY-OBJECT-TYPE { identity POLICY-OBJECT-TYPE {
description description
"The identity corresponding to a SUPAPolicyObject "The identity corresponding to a SUPAPolicyObject
object instance."; object instance.";
} }
grouping supa-policy-object-type { grouping supa-policy-object-type {
leaf supa-policy-ID { leaf supa-policy-ID {
type string; type string;
mandatory true; mandatory true;
description description
"The string identifier of this policy object. "The string identifier of this policy object, which
It must be unique within the policy system."; functions as the unique object identifier of this
object instance. This attribute MUST be unique within
the policy system. This attribute is named
supaObjectIDContent in [1], and is used with another
attribute (supaObjectIDEncoding); since the YANG data
model does not need this genericity, the
supaObjectIDContent attribute was renamed, and the
supaObjectIDEncoding attribute was not mapped.";
} }
leaf entity-class { leaf entity-class {
type identityref { type identityref {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
} }
default POLICY-OBJECT-TYPE; default POLICY-OBJECT-TYPE;
description description
"The identifier of the class of this grouping."; "The identifier of the class of this grouping.";
} }
leaf supa-policy-object-ID-encoding { leaf supa-policy-name {
type policy-data-type-id-encoding-list; type string;
mandatory true;
description description
"The encoding used by the supa-object-ID."; "A human-readable name for this policy object. Note
that this is NOT the object ID.";
} }
leaf supa-policy-object-description { leaf supa-policy-object-description {
type string; type string;
description description
"Human readable description of the characteristics "A human-readable description of the characteristics
and behavior of this policy object."; and behavior of this policy object.";
} }
leaf supa-policy-name { leaf-list supa-has-policy-metadata-agg-ptr {
type string;
description
"A human-readable name for this policy.";
}
leaf-list supa-has-policy-metadata-agg {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-METADATA-ASSOC)"; SUPA-HAS-POLICY-METADATA-ASSOC)";
description description
"The SUPAPolicyObject object instance that aggregates "This leaf-list holds instance-identifiers that
this set of SUPAPolicyMetadata object instances. As reference a SUPAHasPolicyMetadata association [1].
there are attributes on this association, the This association is represented by the grouping
supa-has-policy-metadata-detail. This association
describes how each SUPAPolicyMetadata instance is
related to a given SUPAPolicyObject instance. Since
this association class contains attributes, the
instance-identifier MUST point to an instance using instance-identifier MUST point to an instance using
the grouping supa-has-policy-metadata-detail (which the grouping supa-has-policy-metadata-detail (which
includes subclasses of this association class)."; includes subclasses of this association class).";
} }
description description
"This is the superclass for all SUPA objects. It is "This represents the SUPAPolicyObject [1] class. It is the
used to define common attributes and relationships superclass for all SUPA Policy objects (i.e., all objects
that all SUPA subclasses inherit."; that are either Policies or components of Policies). Note
that SUPA Policy Metadata objects are NOT subclassed from
this class; they are instead subclassed from the
SUPAPolicyMetadata (i.e., supa-policy-metadata-type)
object. This class (supa-policy-object-type) is used to
define common attributes and relationships that all SUPA
Policy subclasses inherit. It MAY be augmented with a set
of zero or more SUPAPolicyMetadata objects using the
SUPAHasPolicyMetadata association, which is represented
by the supa-has-policy-metadata-agg leaf-list.";
} }
identity POLICY-COMPONENT-TYPE { identity POLICY-COMPONENT-TYPE {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAPolicyComponentStructure object instance."; SUPAPolicyComponentStructure object instance.";
} }
grouping supa-policy-component-structure-type { grouping supa-policy-component-structure-type {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-TYPE; default POLICY-OBJECT-TYPE;
} }
} }
leaf supa-has-policy-component-decorator-part { leaf supa-has-policy-component-decorator-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)";
mandatory true; mandatory true;
description description
"A reference to the association class for relating "This leaf holds instance-identifiers that
policy component decorators to the policy components reference a SUPAHasDecoratedPolicyComponent
they decorate. This is the set of association [1], and is represented by the grouping
SUPAPolicyComponentStructure object instances that are supa-has-decorator-policy-component-detail. This
aggregated by a SUPAPolicyComponentDecorator object association describes how each
instance. As there are attributes on this association, SUPAPolicyComponentStructure instance is related to a
the instance-identifier MUST point to an instance given SUPAPolicyComponentDecorator instance. Multiple
using the specified grouping. This defines the object SUPAPolicyComponentDecorator instances may be attached
class that this instance-identifier points to."; to a SUPAPolicyComponentStructure instance that is
} referenced in this association by using the Decorator
description pattern [1]. Since this association class contains
"A superclass for all objects that represent different types attributes, the instance-identifier MUST point to an
of components of a Policy Rule. Important subclasses include instance using the grouping
the SUPAPolicyClause and the SUPAPolicyComponentDecorator. supa-has-decorator-policy-component-detail (which
This object is the root of the decorator pattern; as such, includes subclasses of this association class).";
it enables all subclasses to be decorated."; }
description
"This represents the SUPAPolicyComponent class [1], which is
the superclass for all objects that represent different
components of a Policy. Important subclasses include the
SUPAPolicyClause and the SUPAPolicyComponentDecorator.
This object is the root of the Decorator pattern [1]; as
such, it enables all of its concrete subclasses to be
wrapped with other concrete subclasses of the
SUPAPolicyComponentDecorator class.";
} }
identity POLICY-COMPONENT-DECORATOR-TYPE { identity POLICY-COMPONENT-DECORATOR-TYPE {
base POLICY-COMPONENT-TYPE; base POLICY-COMPONENT-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAPolicyComponentDecorator object instance."; SUPAPolicyComponentDecorator object instance.";
} }
grouping supa-policy-component-decorator-type { grouping supa-policy-component-decorator-type {
uses supa-policy-component-structure-type { uses supa-policy-component-structure-type {
refine entity-class { refine entity-class {
skipping to change at page 11, line 14 skipping to change at page 20, line 25
identity POLICY-COMPONENT-DECORATOR-TYPE { identity POLICY-COMPONENT-DECORATOR-TYPE {
base POLICY-COMPONENT-TYPE; base POLICY-COMPONENT-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAPolicyComponentDecorator object instance."; SUPAPolicyComponentDecorator object instance.";
} }
grouping supa-policy-component-decorator-type { grouping supa-policy-component-decorator-type {
uses supa-policy-component-structure-type { uses supa-policy-component-structure-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-DECORATOR-TYPE; default POLICY-COMPONENT-TYPE;
} }
} }
leaf-list supa-has-policy-component-decorator-agg { leaf-list supa-has-policy-component-decorator-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)";
max-elements 1; min-elements 1;
description description
"The SUPAPolicyComponentDecorator object instance "This leaf-list holds instance-identifiers that
that aggregates this set of reference a SUPAHasDecoratedPolicyComponent
SUPAPolicyComponentStructure object instances. This association [1]. This association is represented by the
is a list of associations to the SUPA policy components grouping supa-has-decorator-policy-component-detail.
that this decorator decorates. As there are attributes This leaf-list helps implement the Decorator pattern
on this association, the instance-identifier MUST [1], which enables all or part of one or more object
point to an instance using the specified grouping. instances to wrap another object instance. For
This defines the object class that this example, any concrete subclass of SUPAPolicyClause,
instance-identifier points to."; such as SUPAEncodedClause, may be wrapped by any
concrete subclass of SUPAPolicyComponentDecorator
(e.g., SUPAPolicyEvent). Since this association class
contains attributes, the instance-identifier MUST
point to an instance using the grouping
supa-has-decorator-policy-component-detail (which
includes subclasses of this association class).";
} }
leaf-list supa-decorator-constraints { leaf-list supa-decorator-constraints {
type string; type string;
description description
"A constraint expression applying to this "This is a set of constraint expressions that are
decorator, allowing specification of details not applied to this decorator, allowing the specification
captured in its subclasses, using an appropriate of details not captured in its subclasses, using an
constraint language."; appropriate constraint language that is specified in
the supa-has-decorator-constraint-encoding leaf.";
} }
leaf supa-has-decorator-constraint-encoding { leaf supa-has-decorator-constraint-encoding {
type policy-constraint-language-list; type policy-constraint-language-list;
description description
"The language in which the constraints on the "The language in which the constraints on the
policy component decorator is expressed."; policy component decorator is expressed. Examples
include OCL 2.4 [2], Alloy [3], and English text.";
} }
description description
"This object implements the decorator pattern, which "This object implements the Decorator pattern [1], which
enables all or part of one or more objects to wrap enables all or part of one or more concrete objects to
another concrete object."; wrap another concrete object.";
} }
identity POLICY-COMPONENT-CLAUSE-TYPE { identity POLICY-COMPONENT-CLAUSE-TYPE {
base POLICY-COMPONENT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAPolicyClause "The identity corresponding to a SUPAPolicyClause
object instance."; object instance.";
} }
grouping supa-policy-clause-type { grouping supa-policy-clause-type {
uses supa-policy-component-structure-type { uses supa-policy-component-structure-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-CLAUSE-TYPE; default POLICY-COMPONENT-CLAUSE-TYPE;
} }
} }
leaf supa-policy-clause-exec-status { leaf supa-policy-clause-deploy-status {
type enumeration { type enumeration {
enum "Unknown" { enum "error" {
description description
"This may be used as an initialization and/or "This signifies an error state. OAM&P Policies
an error state."; SHOULD NOT use this SUPAPolicyClause if the
value of this attribute is error.";
} }
enum "Completed" { enum "init" {
description description
"This signifies that this particular policy "This signifies an initialization state.";
clause has run successfully, and is now idle.";
} }
enum "Working" { enum "deployed and enabled" {
description description
"This signifies that this particular policy "This SUPAPolicyClause has been deployed in
clause is currently in use, and no errors have the system and is currently enabled.";
been reported.";
} }
enum "Not Working" { enum "deployed and in test" {
description description
"This signifies that this particular policy "This SUPAPolicyClause has been deployed in the
clause is currently in use, but one or more system, but is currently in test and SHOULD
errors have been reported."; NOT be used in OAM&P policies.";
} }
enum "Available" { enum "deployed but not enabled" {
description description
"This signifies that this particular policy "This SUPAPolicyClause has been deployed in the
clause could be used, but currently is not system, but has been administratively
in use."; disabled.";
} }
enum "In Test" { enum "ready to be deployed" {
description description
"This signifies that this particular policy "This SUPAPolicyClause has been properly
clause is not for use in operational policies."; initialized, and is now ready to be deployed.";
} }
enum "Disabled" { enum "cannot be deployed" {
description description
"This signifies that this particular policy "This SUPAPolicyClause has been administratively
clause is not available for use."; disabled, and SHOULD NOT be used as part of
an OAM&P policy.";
} }
} }
description "This describes whether this policy clause is in mandatory true;
use and if so whether it is working properly."; description
"This defines whether this SUPAPolicy has been
deployed and, if so, whether it is enabled and
ready to be used or not.";
} }
leaf-list supa-has-policy-clause-part { leaf-list supa-has-policy-clause-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-CLAUSE-ASSOC)"; SUPA-HAS-POLICY-CLAUSE-ASSOC)";
min-elements 1; min-elements 1;
description description
"The set of SUPAPolicyClause object instances that are "This leaf-list holds instance-identifiers that
aggregated by this SUPAPolicyStructure (i.e., this reference a SUPAHasPolicyClause association [1],
SUPA Policy Rule) object instance. This defines the and is represented by the grouping
object class that this instance-identifier points to."; supa-has-policy-clause-detail. This association
describes how each SUPAPolicyClause instance is
related to this particular SUPAPolicyStructure
instance. For example, this association may restrict
which concrete subclasses of the SUPAPolicyStructure
class can be associated with which contrete subclasses
of the SUPAPolicyClause class. The set of
SUPAPolicyClauses, identified by this leaf-list,
define the content of this SUPAPolicyStructure.
Since this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-has-policy-clause-detail (which
includes subclasses of this association class).";
} }
description "The parent class for all SUPA Policy Clauses."; description
"The parent class for all SUPA Policy Clauses. A
SUPAPolicyClause is a fundamental building block for
creating SUPA Policies. A SUPAPolicy is a set of
statements, and a SUPAPolicyClause can be thought of as all
or part of a statement. The Decorator pattern [1] is used,
which enables the contents of a SUPAPolicyClause to be
adjusted dynamically at runtime without affecting other
objects of either type.";
} }
identity POLICY-ENCODED-CLAUSE-TYPE { identity POLICY-ENCODED-CLAUSE-TYPE {
base POLICY-COMPONENT-CLAUSE-TYPE; base POLICY-COMPONENT-CLAUSE-TYPE;
description description
"The identity corresponding to a SUPAPolicyEncodedClause "The identity corresponding to a SUPAEncodedClause
object instance."; object instance.";
} }
grouping supa-encoded-clause-type { grouping supa-encoded-clause-type {
uses supa-policy-clause-type { uses supa-policy-clause-type {
refine entity-class { refine entity-class {
default POLICY-ENCODED-CLAUSE-TYPE; default POLICY-ENCODED-CLAUSE-TYPE;
} }
} }
leaf supa-encoded-clause-content { leaf supa-encoded-clause-content {
type string; type string;
mandatory true; mandatory true;
description description
"Either a reference to a source for this clause or the "This defines the content of this SUPAEncodedClause; the
string representation of the clause."; language used to express this content is defined by the
} supa-encoded-clause-language attribute.";
leaf supa-encoded-clause-encoding {
type policy-data-type-id-encoding-list;
mandatory true;
description
"The encoding for the encoding clause content.";
} }
leaf supa-encoded-clause-language { leaf supa-encoded-clause-language {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description description
"This may be used as an initialization and/or "This signifies an error state. OAM&P Policies
an error state."; SHOULD NOT use this SUPAEncodedClause if the
value of this attribute is error.";
} }
enum "CLI" { enum "init" {
description description
"This defines the language as a type of Command "This signifies an initialization state.";
Line Interface."; }
enum "YANG" {
description
"This defines the language used in this
SUPAEncodedClause as a type of YANG.
Additional details may be provided by
attaching a SUPAPolicyMetadata object to
this SUPAEncodedClause object instance.";
}
enum "XML" {
description
"This defines the language as a type of XML.
Additional details may be provided by
attaching a SUPAPolicyMetadata object to
this SUPAEncodedClause object instance.";
} }
enum "TL1" { enum "TL1" {
description description
"This defines the language as a type of "This defines the language as a type of
Transaction Language 1."; Transaction Language 1. Additional details may
be provided by attaching a SUPAPolicyMetadata
object to this SUPAEncodedClause object
instance.";
} }
enum "YANG" { enum "Text" {
description description
"This defines the language as a type of YANG."; "This is a textual string that can be used to
define a language choice that is not listed
by a specific enumerated value. This string
MUST be parsed by the policy system to
identify the language being used. A
SUPAPolicyMetadata object (represented as a
supa-policy-metadata-type leaf) can be used to
provide further details about the language";
} }
} }
mandatory true; mandatory true;
description description
"Indicates the lanaguage used for this object instance."; "Indicates the language used for this SUPAEncodedClause
} object instance. Prescriptive and/or descriptive
leaf supa-encoded-clause-response { information about the usage of this SUPAEncodedClause
type boolean; may be provided by one or more SUPAPolicyMetadata
description objects, which are each attached to the object
"If present, this represents the success or failure instance of this SUPAEncodedClause.";
of the last invocation of this clause.";
} }
description description
"This class refines the behavior of the supa-policy-clause "This class refines the behavior of the supa-policy-clause
by encoding the contents of the clause into the attributes by encoding the contents of the clause into the attributes
of this object. This enables clauses that are not based on of this object. This enables clauses that are not based on
other SUPA objects to be modeled."; other SUPA objects to be modeled. For example, a POLICY
Application could define a CLI or YANG configuration
snippet and encode that snipped into a SUPAEncodedClause.
Note that a SUPAEncodedClause simply defines the content
of the clause. In particular, it does NOT provide a
response. The policy engine that is parsing and evaluating
the SUPAPolicy needs to assign a response to any
SUPAEncodedClause that it encounters.";
} }
container supa-encoding-clause-container { container supa-encoding-clause-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAEncodedClause."; type SUPAEncodedClause.";
list supa-encoding-clause-list { list supa-encoding-clause-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-encoded-clause-type; uses supa-encoded-clause-type;
description description
"List of all instances of supa-encoding-clause-type. "A list of all instances of supa-encoding-clause-type.
If a module defines subclasses of the encoding clause, If a module defines subclasses of the encoding clause,
those will be stored in a separate container."; those will be stored in a separate container.";
} }
} }
identity POLICY-COMPONENT-TERM-TYPE { identity POLICY-COMPONENT-TERM-TYPE {
base POLICY-COMPONENT-DECORATOR-TYPE; base POLICY-COMPONENT-DECORATOR-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a SUPAPolicyTerm object
SUPAPolicyComponentDecorator object instance."; instance.";
} }
grouping supa-policy-term-type { grouping supa-policy-term-type {
uses supa-policy-component-decorator-type { uses supa-policy-component-decorator-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-TERM-TYPE; default POLICY-COMPONENT-TYPE;
} }
} }
leaf supa-policy-term-is-negated { leaf supa-policy-term-is-negated {
type boolean; type boolean;
description description
"If the value of this attribute is true, then "If the value of this attribute is true, then
this particular term is negated."; this particular term is negated.";
} }
description description
"This is the superclass of all SUPA policy objects that are "This is the superclass of all SUPA policy objects that are
used to test or set the value of a variable."; used to test or set the value of a variable. It does this
by defining a {variable-operator-value} three-tuple, where
each element of the three-tuple is defined by a concrete
subclass of the appropriate type (e.g., SUPAPolicyVariable,
SUPAPolicyOperator, or SUPAPolicyVariable).";
} }
identity POLICY-COMPONENT-VARIABLE-TYPE { identity POLICY-COMPONENT-VARIABLE-TYPE {
base POLICY-COMPONENT-TERM-TYPE; base POLICY-COMPONENT-TERM-TYPE;
description description
"The identity corresponding to a SUPAPolicyVariable "The identity corresponding to a SUPAPolicyVariable
object instance."; object instance.";
} }
grouping supa-policy-variable-type { grouping supa-policy-variable-type {
uses supa-policy-term-type { uses supa-policy-term-type {
refine entity-class { refine entity-class {
skipping to change at page 15, line 38 skipping to change at page 26, line 14
identity POLICY-COMPONENT-VARIABLE-TYPE { identity POLICY-COMPONENT-VARIABLE-TYPE {
base POLICY-COMPONENT-TERM-TYPE; base POLICY-COMPONENT-TERM-TYPE;
description description
"The identity corresponding to a SUPAPolicyVariable "The identity corresponding to a SUPAPolicyVariable
object instance."; object instance.";
} }
grouping supa-policy-variable-type { grouping supa-policy-variable-type {
uses supa-policy-term-type { uses supa-policy-term-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-VARIABLE-TYPE; default POLICY-COMPONENT-TYPE;
} }
} }
leaf supa-policy-variable-name { leaf supa-policy-variable-name {
type string; type string;
description description
"A human-readable name for this policy variable."; "A human-readable name for this policy variable.";
} }
description description
"This is one formulation of a SUPA Policy Clause. It uses "This is one formulation of a SUPA Policy Clause. It uses
an object, defined in the SUPA hierarchy, to represent the the canonical form of an expression, which is a three-tuple
variable portion of a SUPA Policy Clause. The attribute in the form {variable, operator, value}. In this approach,
defined by the supa-policy-variable-name specifies an each of the three terms can either be a subclass of the
attribute whose content should be compared to a value, appropriate SUPAPolicyTerm class, or another object that
which is typically specified by supa-policy-value-type."; plays the role (i.e., a variable) of that term. The
attribute defined by the supa-policy-variable-name
specifies the name of an attribute whose content should be
compared to the value portion of a SUPAPolicyTerm, which is
typically specified by a SUPAPolicyValue object.";
} }
container supa-policy-variable-container { container supa-policy-variable-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyVariable."; type SUPAPolicyVariable.";
list supa-policy-variable-list { list supa-policy-variable-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-policy-variable-type; uses supa-policy-variable-type;
description description
"List of all instances of supa-policy-variable-type. "List of all instances of supa-policy-variable-type.
If a module defines subclasses of this class, If a module defines subclasses of this class,
skipping to change at page 16, line 24 skipping to change at page 27, line 4
those will be stored in a separate container."; those will be stored in a separate container.";
} }
} }
identity POLICY-COMPONENT-OPERATOR-TYPE { identity POLICY-COMPONENT-OPERATOR-TYPE {
base POLICY-COMPONENT-TERM-TYPE; base POLICY-COMPONENT-TERM-TYPE;
description description
"The identity corresponding to a SUPAPolicyOperator "The identity corresponding to a SUPAPolicyOperator
object instance."; object instance.";
} }
grouping supa-policy-operator-type { grouping supa-policy-operator-type {
uses supa-policy-term-type { uses supa-policy-term-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-OPERATOR-TYPE; default POLICY-COMPONENT-TYPE;
} }
} }
leaf supa-policy-value-op-type { leaf supa-policy-value-op-type {
type enumeration { type enumeration {
enum "unknown" { enum "error" {
description description
"This may be used as an initialization and/or "This signifies an error state. OAM&P Policies
an error state."; SHOULD NOT use this SUPAPolicyOperator if the
value of this attribute is error.";
}
enum "init" {
description
"This signifies an initialization state.";
} }
enum "greater than" { enum "greater than" {
description description
"A greater-than operator."; "A greater-than operator.";
} }
enum "greater than or equal to" { enum "greater than or equal to" {
description description
"A greater-than-or-equal-to operator."; "A greater-than-or-equal-to operator.";
} }
enum "less than" { enum "less than" {
skipping to change at page 17, line 15 skipping to change at page 27, line 49
description description
"An equal-to operator."; "An equal-to operator.";
} }
enum "not equal to"{ enum "not equal to"{
description description
"A not-equal-to operator."; "A not-equal-to operator.";
} }
enum "IN" { enum "IN" {
description description
"An operator that determines whether a given "An operator that determines whether a given
value matches any of the specified values."; value of a variable in a SUPAPolicyTerm
matches a value in a SUPAPolicyTerm.";
} }
enum "NOT IN" { enum "NOT IN" {
description description
"An operator that determines whether a given "An operator that determines whether a given
value does not match any of the specified variable in a SUPAPolicyTerm does not match
values."; any of the specified values in a
SUPAPolicyTerm.";
} }
enum "SET" { enum "SET" {
description description
"An operator that makes the value of the "An operator that makes the value of the
result equal to the input value."; result equal to the input value.";
} }
enum "CLEAR"{ enum "CLEAR"{
description description
"An operator that deletes the value of the "An operator that sets the value of the
specified object."; specified object to a value that is 0 for
integer datatypes, an empty string for
textual datatypes, and FALSE for Boolean
datatypes. This value MUST NOT be NULL.";
} }
enum "BETWEEN" { enum "BETWEEN" {
description description
"An operator that determines whether a given "An operator that determines whether a given
value is within a specified range of values."; value is within a specified range of values.
Note that this is an inclusive operator.";
} }
} }
mandatory true; mandatory true;
description description
"The type of operator used to compare the variable "The type of operator used to compare the variable
and value portions of this SUPA Policy Clause."; and value portions of this SUPAPolicyTerm.";
} }
description description
"This is one formulation of a SUPA Policy Clause. It uses "This is one formulation of a SUPA Policy Clause. It uses
an object, defined in the SUPA hierarchy, to represent the the canonical form of an expression, which is a three-tuple
operator portion of a SUPA Policy Clause. The attribute in the form {variable, operator, value}. In this approach,
defined by the supa-policy-op-type specifies an attribute each of the three terms can either be a subclass of the
whose content defines the type of operator used to compare appropriate SUPAPolicyTerm class, or another object that
the variable and value portions of this policy clause."; plays the role (i.e., an operator) of that term.
The value of the supa-policy-value-op-type attribute
specifies an operator that SHOULD be used to compare the
variable and value portions of a SUPAPolicyTerm. This is
typically specified by a SUPAPolicyOperator object.";
} }
container supa-policy-operator-container { container supa-policy-operator-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyOperator."; type SUPAPolicyOperator.";
list supa-policy-operator-list { list supa-policy-operator-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-policy-operator-type; uses supa-policy-operator-type;
description description
"List of all instances of supa-policy-operator-type. "List of all instances of supa-policy-operator-type.
skipping to change at page 18, line 28 skipping to change at page 29, line 28
identity POLICY-COMPONENT-VALUE-TYPE { identity POLICY-COMPONENT-VALUE-TYPE {
base POLICY-COMPONENT-TERM-TYPE; base POLICY-COMPONENT-TERM-TYPE;
description description
"The identity corresponding to a SUPAPolicyValue "The identity corresponding to a SUPAPolicyValue
object instance."; object instance.";
} }
grouping supa-policy-value-type { grouping supa-policy-value-type {
uses supa-policy-term-type { uses supa-policy-term-type {
refine entity-class { refine entity-class {
default POLICY-COMPONENT-VALUE-TYPE; default POLICY-COMPONENT-TYPE;
} }
} }
leaf-list supa-policy-value-content { leaf-list supa-policy-value-content {
type string; type string;
description description
"The content of the value portion of this SUPA Policy "The content of the value portion of this SUPA Policy
Clause. The data type of the content is specified in Clause. The data type of the content is specified in
the supa-policy-value-encoding."; the supa-policy-value-encoding attribute.";
} }
leaf supa-policy-value-encoding { leaf supa-policy-value-encoding {
type policy-data-type-encoding-list; type policy-data-type-encoding-list;
description description
"The data type of the supa-policy-value-content."; "The data type of the supa-policy-value-content
attribute.";
} }
description description
"This is one formulation of a SUPA Policy Clause. It uses "This is one formulation of a SUPA Policy Clause. It uses
an object, defined in the SUPA hierarchy, to represent the the canonical form of an expression, which is a three-tuple
value portion of a SUPA Policy Clause. The attribute in the form {variable, operator, value}. In this approach,
defined by the supa-policy-value-content specifies an each of the three terms can either be a subclass of the
attribute whose content should be compared to a variable, appropriate SUPAPolicyTerm class, or another object that
which is typically specified by supa-policy-variable-type."; plays the role (i.e., a value) of that term. The
attribute defined by supa-policy-value-content specifies a
a value (which is typically specified by a subclass of
SUPAPolicyVariable) that should be compared to a value in
the variable portion of the SUPAPolicyTerm.";
} }
container supa-policy-value-container { container supa-policy-value-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyValue."; type SUPAPolicyValue.";
list supa-policy-value-list { list supa-policy-value-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-policy-value-type; uses supa-policy-value-type;
description description
"List of all instances of supa-policy-value-type. "List of all instances of supa-policy-value-type.
skipping to change at page 19, line 28 skipping to change at page 30, line 28
identity POLICY-GENERIC-DECORATED-TYPE { identity POLICY-GENERIC-DECORATED-TYPE {
base POLICY-COMPONENT-DECORATOR-TYPE; base POLICY-COMPONENT-DECORATOR-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAGenericDecoratedComponent object instance."; SUPAGenericDecoratedComponent object instance.";
} }
grouping supa-policy-generic-decorated-type { grouping supa-policy-generic-decorated-type {
uses supa-policy-component-decorator-type { uses supa-policy-component-decorator-type {
refine entity-class { refine entity-class {
default POLICY-GENERIC-DECORATED-TYPE; default POLICY-COMPONENT-TYPE;
} }
} }
leaf-list supa-policy-generic-decorated-content { leaf-list supa-policy-generic-decorated-content {
type string; type string;
description description
"The content of this SUPA Policy Clause. The data type "The content of this SUPAGenericDecoratedComponent
of this attribute is specified in the object instance. The data type of this attribute is
specified in the leaf
supa-policy-generic-decorated-encoding."; supa-policy-generic-decorated-encoding.";
} }
leaf supa-policy-generic-decorated-encoding { leaf supa-policy-generic-decorated-encoding {
type policy-data-type-encoding-list; type policy-data-type-encoding-list;
description description
"The data type of the "The datatype of the
supa-policy-generic-decorated-content attribute."; supa-policy-generic-decorated-content attribute.";
} }
description description
"This object enables a generic object to be defined and "This class enables a generic object to be defined and
used as a decorator in a SUPA Policy Clause. used as a decorator in a SUPA Policy Clause. This class
This should not be confused with the SUPAEncodedClause should not be confused with the SUPAEncodedClause class.
class. This class represents a single, atomic, A SUPAGenericDecoratedComponent object represents a single,
vendor-specific object that defines a portion of a SUPA atomic object that defines a portion of the contents of a
Policy Clause, whereas a SUPA Policy Encoded Clause SUPAPolicyClause, whereas a SUPAPolicyEncodedClause
represents the entire policy clause."; represents the entire contents of a SUPAPolicyClause.";
} }
container supa-policy-generic-decorated-container { container supa-policy-generic-decorated-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAGenericDecoratedComponent."; type SUPAGenericDecoratedComponent.";
list supa-encoding-clause-list { list supa-encoding-clause-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-policy-generic-decorated-type; uses supa-policy-generic-decorated-type;
description description
"List of all instances of "List of all instances of
supa-policy-generic-decorated-type. If a module supa-policy-generic-decorated-type. If a module
defines subclasses of this class, those will be defines subclasses of this class, those will be
stored in a separate container."; stored in a separate container.";
} }
} }
identity POLICY-COLLECTION {
base POLICY-COMPONENT-DECORATOR-TYPE;
description
"The identity corresponding to a SUPAPolicyCollection
object instance.";
}
grouping supa-policy-collection {
uses supa-policy-component-decorator-type {
refine entity-class { default POLICY-COLLECTION;
}
}
leaf-list supa-policy-collection-content {
type string;
description
"The content of this collection object. The data type
is specified in supa-policy-collection-encoding.";
}
leaf supa-policy-collection-encoding {
type enumeration {
enum "undefined" {
description
"This may be used as an initialization and/or
an error state.";
}
enum "by regex" {
description
"This defines the data type of the content of
this collection instance to be a regular
expression that contains all or part of a
string to match the class name of the object
that is to be collected by this instance of a
SUPAPolicyCollection class.";
}
enum "by URI" {
description
"This defines the data type of the content of
this collection instance to be a Uniform
Resource Identifier. It identifies the object
instance that is to be collected by this
instance of a SUPAPolicyCollection class.";
}
}
mandatory true;
description
"The data type of the supa-policy-collection-content.";
}
leaf supa-policy-collection-function {
type enumeration {
enum "undefined" {
description
"This may be used as an initialization and/or
an error state.";
}
enum "event collection" {
description
"This collection contains objects that are used
to populate the event clause of a
SUPA Policy.";
}
enum "condition collection" {
description
"This collection contains objects that are used
to populate the condition clause of a
SUPA Policy.";
}
enum "action collection" {
description
"This collection contains objects that are used
to populate the action clause of a
SUPA Policy.";
}
enum "logic collection" {
description
"This collection contains objects that define
logic for processing a SUPA Policy.";
}
}
description
"Defines how this collection instance is to be used.";
}
leaf supa-policy-collection-is-ordered {
type boolean;
description
"If the value of this leaf is true, then all elements
in this collection are ordered.";
}
leaf supa-policy-collection-type {
type enumeration {
enum "undefined" {
description
"This may be used as an initialization and/or
an error state.";
}
enum "set" {
description
"An unordered collection of elements that MUST
NOT have duplicates.";
}
enum "bag" {
description
"An unordered collection of elements that MAY
have duplicates.";
}
enum "dictionary" {
description
"A list of values that is interpreted as a set
of pairs, with the first entry of each pair
interpreted as a dictionary key, and the
second entry interpreted as a value for that
key. As a result, collections using this value
of supa-policy-collection-type MUST have
supa-policy-collection-is-ordered set to true.";
}
}
mandatory true;
description
"The type of the supa-policy-collection.";
}
description
"This enables a collection of arbitrary objects to be
defined and used in a SUPA Policy Clause.
This should not be confused with the SUPAEncodedClause
class. This class represents a single, atomic, object that
defines a portion of a SUPA Policy Clause, whereas a SUPA
Policy Encoded Clause represents the entire policy clause.";
}
container supa-policy-collection-container {
description
"This is a container to collect all object instances of
type SUPAPolicyCollection.";
list supa-policy-collection-list {
key supa-policy-ID;
uses supa-policy-collection;
description
"List of all instances of supa-policy-collection.
If a module defines subclasses of this class,
those will be stored in a separate container.";
}
}
identity POLICY-STRUCTURE-TYPE { identity POLICY-STRUCTURE-TYPE {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAPolicyStructure "The identity corresponding to a SUPAPolicyStructure
object instance."; object instance.";
} }
grouping supa-policy-structure-type { grouping supa-policy-structure-type {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default POLICY-STRUCTURE-TYPE; default POLICY-STRUCTURE-TYPE;
} }
} }
leaf supa-policy-admin-status { leaf supa-policy-admin-status {
type enumeration { type enumeration {
enum "unknown" { enum "error" {
description description
"This may be used as an initialization and/or "This signifies an error state. OAM&P Policies
an error state."; SHOULD NOT use this SUPAPolicy if the value
of this attribute is error.";
}
enum "init" {
description
"This signifies an initialization state.";
} }
enum "enabled" { enum "enabled" {
description description
"This SUPA Policy Rule has been "This signifies that this SUPAPolicy has been
administratively enabled."; administratively enabled.";
} }
enum "disabled" { enum "disabled" {
description description
"This SUPA Policy Rule has been "This signifies that this SUPAPolicy has been
administratively disabled."; administratively disabled.";
} }
enum "in test" { enum "in test" {
description description
"This SUPA Policy Rule has been "This signifies that this SUPAPolicy has been
administratively placed into test mode, and administratively placed into test mode, and
SHOULD NOT be used as part of an operational SHOULD NOT be used as part of an operational
policy rule."; policy rule.";
} }
} }
mandatory true; mandatory true;
description description
"The current admnistrative status of this SUPA POLICY "The current admnistrative status of this SUPAPolicy.";
Rule.";
} }
leaf supa-policy-continuum-level { leaf supa-policy-continuum-level {
type uint32; type uint32;
description description
"This is the current level of abstraction of this "This is the current level of abstraction of this
particular SUPA Policy Rule."; particular SUPAPolicyRule. By convention, the
values 0 and 1 should be used for error and
initialization states; a value of 2 is the most
abstract level, and higher values denote more
concrete levels.";
} }
leaf supa-policy-deploy-status { leaf supa-policy-deploy-status {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description
"This may be used as an initialization and/or
an error state.";
}
enum "deployed and enabled" {
description
"This SUPA Policy Rule has been deployed and
enabled.";
}
enum "disabled" {
description
"This SUPA Policy Rule has been
administratively disabled.";
}
enum "in test" {
description
"This SUPA Policy Rule has been
administratively placed into test mode, and
SHOULD NOT be used as part of an operational
policy rule.";
}
}
mandatory true;
description
"This is the current level of abstraction of this
particular SUPA Policy Rule.";
}
leaf supa-policy-exec-status {
type enumeration {
enum "undefined" {
description
"This may be used as an initialization and/or
an error state.";
}
enum "operational success" {
description description
"This SUPA Policy Rule has been executed in "This signifies an error state. OAM&P Policies
operational mode, and produced no errors."; SHOULD NOT use this SUPAPolicy if the value
of this attribute is error.";
} }
enum "operational failure" { enum "init" {
description description
"This SUPA Policy Rule has been executed in "This signifies an initialization state.";
operational mode, but has produced at least
one error.";
} }
enum "currently in operation" { enum "deployed and enabled" {
description description
"This SUPA Policy Rule is currently still "This SUPAPolicy has been deployed in the
executing in operational mode."; system and is currently enabled.";
} }
enum "ready" { enum "deployed and in test" {
description description
"This SUPA Policy Rule is ready to be "This SUPAPolicy has been deployed in the
executed in operational mode."; system, but is currently in test and SHOULD
NOT be used in OAM&P policies.";
} }
enum "test success" { enum "deployed but not enabled" {
description description
"This SUPA Policy Rule has been executed in "This SUPAPolicy has been deployed in the
test mode, and produced no errors."; system, but has been administratively
disabled.";
} }
enum "test failure" { enum "ready to be deployed" {
description description
"This SUPA Policy Rule has been executed in "This SUPAPolicy has been properly initialized,
test mode, but has produced at least and is now ready to be deployed.";
one error.";
} }
enum "currently in test" { enum "cannot be deployed" {
description description
"This SUPA Policy Rule is currently still "This SUPAPolicy has been administratively
executing in test mode."; disabled, and SHOULD NOT be used as part of
an OAM&P policy.";
} }
} }
mandatory true; mandatory true;
description description
"This is the current level of abstraction of this "This attribute defines whether this SUPAPolicy has
particular SUPA Policy Rule."; been deployed and, if so, whether it is enabled and
ready to be used or not.";
} }
leaf supa-policy-exec-fail-strategy { leaf supa-policy-exec-fail-strategy {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description description
"This may be used as an initialization and/or "This signifies an error state. OAM&P Policies
an error state."; SHOULD NOT use this SUPAPolicy if the value
of this attribute is error.";
}
enum "init" {
description
"This signifies an initialization state.";
} }
enum "rollback all" { enum "rollback all" {
description description
"This means that execution of this SUPA "This means that execution of this SUPAPolicy
Policy Rule is stopped, rollback of all SHOULD be stopped, and rollback of all
actions (whether successful or not) is SUPAPolicyActions (whether they were
attempted, and all SUPA Policy Rules that successfully executed or not) performed by
otherwise would have executed are ignored."; this particular SUPAPolicy is attempted. Also,
all SUPAPolicies that otherwise would have
been executed as a result of this SUPAPolicy
are NOT executed.";
} }
enum "rollback failure" { enum "rollback single" {
description description
"This means that execution of this SUPA "This means that execution of this SUPAPolicy
Policy Rule is stopped, and rollback is SHOULD be stopped, and rollback is attempted
attempted for only the SUPA Policy Rule that for ONLY the SUPAPolicyAction (belonging to
failed to execute correctly."; this particular SUPAPolicy) that failed to
execute correctly. All remaining actions
including SUPAPolicyActions and SUPAPolicies
that otherwise would have been executed as a
result of this SUPAPolicy, are NOT executed.";
} }
enum "stop execution" { enum "stop execution" {
description description
"This means that execution of this SUPA Policy "This means that execution of this SUPAPolicy
Rule SHOULD be stopped."; SHOULD be stopped without any other action
being performed; this includes corrective
actions, such as rollback, as well as any
SUPAPolicyActions or SUPAPolicies that
otherwise would have been executed.";
} }
enum "ignore" { enum "ignore" {
description description
"This means that any failures produced by this "This means that any failures produced by this
SUPA Policy Rule SHOULD be ignored."; SUPAPolicy SHOULD be ignored, and hence, no
corrective actions, such as rollback, will
be performed at this time. Hence, any other
SUPAPolicyActions or SUPAPolicies SHOULD
continue to be executed.";
} }
} }
mandatory true; mandatory true;
description description
"This defines what actions, if any, should be taken by "This defines what actions, if any, should be taken by
this particular SUPA Policy Rule if it fails to this particular SUPA Policy Rule if it fails to
execute correctly. Some implementations may not be execute correctly. Some implementations may not be
able to accommodate the rollback failure option; able to accommodate the rollback failure option;
hence, this option may be skipped."; hence, this option may be skipped.";
} }
leaf-list supa-has-policy-source-agg { leaf-list supa-has-policy-source-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-SOURCE-ASSOC)"; SUPA-HAS-POLICY-SOURCE-ASSOC)";
description description
"The SUPAPolicyStructure (i.e., the type of SUPA "This leaf-list holds instance-identifiers that
Policy Rule) object instance that aggregates this set reference SUPAHasPolicySource associations [1].
set of SUPAPolicySource object instances. This This association is represented by the grouping
defines the object class that this instance-identifier supa-has-policy-source-detail, and describes how
points to."; this SUPAPolicyStructure instance is related to a
set of SUPAPolicySource instances. Each
SUPAPolicySource instance defines a set of
unambiguous sources of this SUPAPolicy. Since
this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-has-policy-source-detail (which
includes subclasses of this association class).";
} }
leaf-list supa-has-policy-target-agg { leaf-list supa-has-policy-target-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-TARGET-ASSOC)"; SUPA-HAS-POLICY-TARGET-ASSOC)";
description description
"This represents the aggregation of Policy Target "This leaf-list holds instance-identifiers that
objects by this particular SUPA Policy Rule. It is reference SUPAHasPolicyTarget associations [1].
the SUPAPolicyStructure object instance that This association is represented by the grouping
aggregates this set of SUPAPolicyTarget object supa-has-policy-target-detail, and describes how
instances. This defines the object class that this SUPAPolicyStructure instance is related to a
this instance-identifier points to."; set of SUPAPolicyTarget instances. Each
SUPAPolicyTarget instance defines a set of
unambiguous managed entities to which this
SUPAPolicy will be applied to. Since this association
class contains attributes, the instance-identifier
MUST point to an instance using the grouping
supa-has-policy-target-detail (which includes
subclasses of this association class).";
} }
leaf-list supa-has-policy-clause-agg { leaf-list supa-has-policy-clause-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-CLAUSE-ASSOC)"; SUPA-HAS-POLICY-CLAUSE-ASSOC)";
description description
"The SUPAPolicyStructure object instance that "This leaf-list holds instance-identifiers that
aggregates this set of SUPAPolicyClause object reference SUPAHasPolicyClause associations [1]. This
instances. This defines the object class that association is represented by the grouping
this instance-identifier points to."; supa-has-policy-clause-detail. This association
describes how this particular SUPAPolicyStructure
instance is related to this set of SUPAPolicyClause
instances. Since this association class contains
attributes, the instance-identifier MUST point to an
instance using the supa-has-policy-clause-detail
(which includes subclasses of this association
class).";
} }
leaf-list supa-has-policy-exec-action-assoc-src-ptr { leaf-list supa-has-policy-exec-fail-action-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)";
description description
"This associates a SUPAPolicyStructure (i.e., a SUPA "This leaf-list holds instance-identifiers that
Policy Rule) object instance to zero or more SUPA reference a SUPAHasPolExecFailtActionToTake
Policy Actions to be used to correct errors caused if association [1]. This association is represented by
this SUPA Policy Rule does not execute correctly."; the supa-has-policy-exec-action-detail grouping. This
association relates this SUPAPolicyStructure instance
(the parent) to one or more SUPAPolicyStructure
instances (the children), where each child
SUPAPolicyStructure contains one or more
SUPAPolicyActions to be executed if the parent
SUPAPolicyStructure instance generates an error while
it is executing. Since this association class contains
attributes, the instance-identifier MUST point to an
instance using the grouping
supa-has-policy-exec-action-detail (which includes
subclasses of this association class).";
} }
leaf-list supa-has-policy-exec-action-assoc-dst-ptr { leaf-list supa-has-policy-exec-fail-action-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)";
min-elements 1; min-elements 1;
description description
"The set of zero or more SUPA Policy Actions to be used "This leaf-list holds instance-identifiers that
by this particular SUPAPolicyStructure (i.e., SUPA reference a SUPAHasPolExecFailtActionToTake
Policy Rule to correct errors caused if this SUPA association [1]. This association is represented by
Policy Rule does not execute correctly."; the supa-has-policy-exec-action-detail grouping. This
association relates this SUPAPolicyStructure instance
(the child) to another SUPAPolicyStructure instance
(the parent). The child SUPAPolicyStructure contains
one or more SUPAPolicyActions to be executed if the
parent SUPAPolicyStructure instance generates an error
while it is executing; the parent SUPAPolicyStructure
contains one or more child SUPAPolicyStructure
instances to enable it to choose how to handle each
type of failure. Since this association class contains
attributes, the instance-identifier MUST point to an
instance using the grouping
supa-has-policy-exec-action-detail (which includes
subclasses of this association class).";
} }
description description
"A superclass for all objects that represent different types "A superclass for all objects that represent different types
of Policy Rules. Currently, this is limited to a single of SUPAPolicies. Currently, this is limited to a single
type - the event-condition-action (ECA) policy rule. type, which is the event-condition-action (ECA) Policy
A SUPA Policy may be an individual policy, or a set of Rule. A SUPA Policy may be an individual policy, or a set
policies. This is supported by applying the composite of policies. Subclasses MAY support this feature by
pattern to this class."; implementing the composite pattern.";
} }
identity POLICY-SOURCE-TYPE { identity POLICY-SOURCE-TYPE {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAPolicySource "The identity corresponding to a SUPAPolicySource
object instance."; object instance.";
} }
grouping supa-policy-source-type { grouping supa-policy-source-type {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
skipping to change at page 28, line 17 skipping to change at page 37, line 4
"The identity corresponding to a SUPAPolicySource "The identity corresponding to a SUPAPolicySource
object instance."; object instance.";
} }
grouping supa-policy-source-type { grouping supa-policy-source-type {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default POLICY-SOURCE-TYPE; default POLICY-SOURCE-TYPE;
} }
} }
leaf-list supa-has-policy-source-part { leaf-list supa-has-policy-source-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-SOURCE-ASSOC)"; SUPA-HAS-POLICY-SOURCE-ASSOC)";
description description
"This represents the aggregation of one or more SUPA "This leaf-list holds the instance-identifiers that
Policy Source objects to this particular SUPA Policy reference a SUPAHasPolicySource association [1], which
Rule object. In other words, it is the set of is represented by the supa-has-policy-source-detail
SUPAPolicySource object instances that are aggregated grouping. This association describes how each
by this SUPAPolicyStructure (i.e., this SUPA Policy SUPAPolicySource instance is related to this
Rule). This defines the object class that this particular SUPAPolicyStructure instance. Since
instance-identifier points to."; this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-has-policy-source-detail (which
includes subclasses of this association class).";
} }
description description
"This object defines a set of managed entities that "This object defines a set of managed entities that
authored, or are otherwise responsible for, this SUPA authored, or are otherwise responsible for, this
Policy Rule. Note that a SUPA Policy Source does not SUPAPolicy. Note that a SUPAPolicySource does not evaluate
evaluate or execute SUPAPolicies. Its primary use is for or execute SUPAPolicies. Its primary use is for
auditability and the implementation of deontic and/or auditability and the implementation of deontic and/or
alethic logic."; alethic logic. It is expected that this grouping will be
extended (i.e., subclassed) when used, so that the system
can add specific information appropriate to sources of
policy of that particular system.";
} }
identity POLICY-TARGET-TYPE { identity POLICY-TARGET-TYPE {
base POLICY-OBJECT-TYPE; base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAPolicyTarget "The identity corresponding to a SUPAPolicyTarget
object instance."; object instance.";
} }
grouping supa-policy-target-type { grouping supa-policy-target-type {
uses supa-policy-object-type { uses supa-policy-object-type {
refine entity-class { refine entity-class {
default POLICY-TARGET-TYPE; default POLICY-TARGET-TYPE;
} }
} }
leaf-list supa-has-policy-target-part { leaf-list supa-has-policy-target-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-TARGET-ASSOC)"; SUPA-HAS-POLICY-TARGET-ASSOC)";
description description
"This represents the aggregation of one or more SUPA "This leaf-list holds instance-identifiers that
Policy Target objects to this particular SUPA Policy reference a SUPAHasPolicyTarget association. This is
Rule object. In other words, it is the set of represented by the supa-has-policy-target-detail
SUPAPolicyTarget object instances that are aggregated grouping. This association describes how each
by this SUPAPolicyStructure (i.e., this SUPA Policy SUPAPolicyTarget instance is related to a particular
Rule). This defines the object class that this SUPAPolicyStructure instance. For example, this
instance-identifier points to."; association may restrict which SUPAPolicyTarget
instances can be used by which SUPAPolicyStructure
instances. The SUPAPolicyTarget defines a
set of managed entities that this SUPAPolicyStructure
will be applied to. Since this association class
contains attributes, the instance-identifier MUST
point to an instance using the grouping
supa-has-policy-target-detail (which
includes subclasses of this association class).";
} }
description description
"This object defines a set of managed entities that a "This object defines a set of managed entities that a
SUPA Policy Rule is applied to."; SUPAPolicy is applied to. It is expected that this
grouping will be extended (i.e., subclassed) when used,
so that the system can add specific information
appropriate to policy targets of that particular system.";
} }
identity POLICY-METADATA-TYPE { identity POLICY-METADATA-TYPE {
description description
"The identity corresponding to a SUPAPolicyMetadata "The identity corresponding to a SUPAPolicyMetadata
object instance."; object instance.";
} }
grouping supa-policy-metadata-type { grouping supa-policy-metadata-type {
leaf supa-policy-metadata-id { leaf supa-policy-metadata-id {
type string; type string;
mandatory true; mandatory true;
description description
"This represents part of the object identifier of an "This represents the object identifier of an instance
instance of this class. It defines the content of the of this class. This attribute is named
object identifier."; supaPolMetadataIDContent in [1], and is used with
another attribute (supaPolMetadataIDEncoding); since
the YANG data model does not need this genericity, the
supaPolMetadataIDContent attribute was renamed, and
the supaPolMetadataIDEncoding attribute was
not mapped.";
} }
leaf entity-class { leaf entity-class {
type identityref { type identityref {
base POLICY-METADATA-TYPE; base POLICY-METADATA-TYPE;
} }
default POLICY-METADATA-TYPE; default POLICY-METADATA-TYPE;
description description
"The identifier of the class of this grouping."; "The identifier of the class of this grouping.";
} }
leaf supa-policy-metadata-id-encoding {
type policy-data-type-id-encoding-list;
mandatory true;
description
"This represents part of the object identifier of an
instance of this class. It defines the format of the
object identifier.";
}
leaf supa-policy-metadata-description { leaf supa-policy-metadata-description {
type string; type string;
description description
"This contains a free-form textual description of this "This contains a free-form textual description of this
metadata object."; metadata object (e.g., what it may be used for).";
} }
leaf supa-policy-metadata-name { leaf supa-policy-metadata-name {
type string; type string;
description description
"This contains a human-readable name for this "This contains a human-readable name for this
metadata object."; metadata object.";
} }
leaf-list supa-has-policy-metadata-part { leaf-list supa-has-policy-metadata-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-METADATA-ASSOC)"; SUPA-HAS-POLICY-METADATA-ASSOC)";
description description
"This represents the set of SUPAPolicyMetadata object "This leaf-list holds instance-identifiers that
instances that are aggregated by this SUPAPolicyObject reference a SUPAHasPolicyMetadata association [1],
object instance (i.e., this is the set of policy which is represented by the grouping
metadata aggregated by this SUPAPolicyObject). As supa-has-policy-metadata-detail. Each instance-
there are attributes on this association, the identifier defines a unique set of information that
instance-identifier MUST point to an instance using describe and/or prescribe additional information,
the grouping supa-has-policy-metadata-detail (which provided by this SUPAPolicyMetadata instance, that can
includes the subclasses of the association class)."; be associated with this SUPAPolicyObject instance.
Multiple SUPAPolicyMetadata objects may be attached to
a concrete subclass of the SUPAPolicyObject class that
is referenced in this association by using the
Decorator pattern [1]. For example, a
SUPAPolicyVersionMetadataDef instance could wrap a
SUPAECAPolicyRuleAtomic instance; this would define
the version of this particular SUPAECAPolicyRuleAtomic
instance. Since this association class contains
attributes, the instance-identifier MUST point to an
instance using the grouping
supa-has-policy-metadata-detail (which includes
subclasses of this association class).";
} }
leaf supa-policy-metadata-decorator-part { leaf-list supa-has-policy-metadata-dec-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)";
mandatory true; min-elements 1;
description description
"This object implements the decorator pattern, which is "This leaf-list holds instance-identifiers that
applied to SUPA metadata objects. This enables all or reference a SUPAHasMetadaDecorator association [1].
part of one or more metadata objects to wrap another This association is represented by the grouping
concrete metadata object."; supa-has-policy-metadata-dec-detail. This association
describes how a SUPAPolicyMetadataDecorator instance
wraps a given SUPAPolicyMetadata instance using the
Decorator pattern [1]. Multiple concrete subclasses
of SUPAPolicyMetadataDecorator may be used to wrap
the same SUPAPolicyMetadata instance. Since this
association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-has-policy-metadata-dec-detail (which
includes subclasses of this association class).";
} }
description description
"This is the superclass of all metadata classes. Metadata "This is the superclass of all metadata classes. Metadata
is information that describes and/or prescribes the is information that describes and/or prescribes the
characteristics and behavior of another object that is characteristics and behavior of another object that is
not an inherent, distinguishing characteristics or not an inherent, distinguishing characteristics or
behavior of that object."; behavior of that object.";
} }
identity POLICY-METADATA-CONCRETE-TYPE { identity POLICY-METADATA-CONCRETE-TYPE {
skipping to change at page 31, line 4 skipping to change at page 40, line 25
not an inherent, distinguishing characteristics or not an inherent, distinguishing characteristics or
behavior of that object."; behavior of that object.";
} }
identity POLICY-METADATA-CONCRETE-TYPE { identity POLICY-METADATA-CONCRETE-TYPE {
base POLICY-METADATA-TYPE; base POLICY-METADATA-TYPE;
description description
"The identity corresponding to a SUPAPolicyConcreteMetadata "The identity corresponding to a SUPAPolicyConcreteMetadata
object instance."; object instance.";
} }
grouping supa-policy-concrete-metadata-type { grouping supa-policy-concrete-metadata-type {
uses supa-policy-metadata-type { uses supa-policy-metadata-type {
refine entity-class { refine entity-class {
default POLICY-METADATA-TYPE; default POLICY-METADATA-CONCRETE-TYPE;
} }
} }
leaf supa-policy-metadata-valid-period-end { leaf supa-policy-metadata-valid-period-end {
type yang:date-and-time; type yang:date-and-time;
description description
"This defines the ending date and time that this "This defines the ending date and time that this
metadata object is valid for."; metadata object is valid for.";
} }
leaf supa-policy-metadata-valid-period-start { leaf supa-policy-metadata-valid-period-start {
type yang:date-and-time; type yang:date-and-time;
skipping to change at page 32, line 4 skipping to change at page 41, line 23
system."; system.";
} }
} }
identity POLICY-METADATA-DECORATOR-TYPE { identity POLICY-METADATA-DECORATOR-TYPE {
base POLICY-METADATA-TYPE; base POLICY-METADATA-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAPolicyMetadataDecorator object instance."; SUPAPolicyMetadataDecorator object instance.";
} }
grouping supa-policy-metadata-decorator-type { grouping supa-policy-metadata-decorator-type {
uses supa-policy-metadata-type { uses supa-policy-metadata-type {
refine entity-class { refine entity-class {
default POLICY-METADATA-DECORATOR-TYPE; default POLICY-METADATA-DECORATOR-TYPE;
} }
} }
leaf-list supa-policy-metadata-decorator-agg { leaf supa-has-policy-metadata-dec-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)";
max-elements 1;
description description
"This represents the decorator pattern being applied to "This leaf-list holds instance-identifiers that
metadata. This is the aggregate part (i.e., the reference a SUPAHasMetadaDecorator association [1].
concrete subclass of the SUPAPolicyMetadataDecorator This association is represented by the grouping
class that wraps a concrete subclass of supa-has-policy-metadata-dec-detail. This association
SUPAPolicyMetadata; currently, the only such class is describes how a SUPAPolicyMetadataDecorator instance
SUPAPolicyConcreteMetadata)."; wraps a given SUPAPolicyMetadata instance
using the Decorator pattern [1]. Multiple concrete
subclasses of SUPAPolicyMetadataDecorator may be used
to wrap the same SUPAPolicyMetadata instance. Since
this association class contains attributes, the
instance-identifier MUST point to an instance using
the grouping supa-has-policy-metadata-dec-detail (which
includes subclasses of this association class).";
} }
description description
"This object implements the decorator pattern, which is "This object implements the Decorator pattern [1] for SUPA,
applied to SUPA metadata objects. This enables all or part which is applied to SUPA metadata objects. This enables all
of one or more metadata objects to wrap another concrete or part of one or more metadata objects to wrap another
metadata object."; concrete metadata object. The only concrete subclass of
SUPAPolicyMetadata in this document is the
SUPAPolicyConcreteMetadata class.";
} }
identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { identity POLICY-METADATA-DECORATOR-ACCESS-TYPE {
base POLICY-METADATA-DECORATOR-TYPE; base POLICY-METADATA-DECORATOR-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAPolicyAccessMetadataDef object instance."; SUPAPolicyAccessMetadataDef object instance.";
} }
grouping supa-policy-metadata-decorator-access-type { grouping supa-policy-metadata-decorator-access-type {
uses supa-policy-metadata-decorator-type { uses supa-policy-metadata-decorator-type {
refine entity-class { refine entity-class {
default POLICY-METADATA-DECORATOR-ACCESS-TYPE; default POLICY-METADATA-TYPE;
} }
} }
leaf supa-policy-metadata-access-priv-def { leaf supa-policy-metadata-access-priv-def {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description description
"This may be used as an initialization and/or "This signifies an error state. OAM&P Policies
an error state."; SHOULD NOT use this SUPAPolicyAccessMetadataDef
if the value of this attribute is error.";
}
enum "init" {
description
"This signifies an initialization state.";
} }
enum "read only" { enum "read only" {
description description
"This defines access as read only for ALL SUPA "This defines access as read only for ALL
Policy object instances that are adorned with SUPAPolicyObject objects that are adorned
this metadata object."; with this SUPAPolicyAccessMetadataDef object.
As such, an explicit access control model,
such as RBAC [7], is NOT present.";
} }
enum "read write" { enum "read write" {
description description
"This defines access as read and/or write for "This defines access as read and/or write for
ALL SUPA Policy object instances that are ALL SUPAPolicyObject objects that are adorned
adorned with this metadata object."; with this SUPAPolicyAccessMetadataDef object.
As such, an explicit access control model,
such as RBAC [7], is NOT present.";
} }
enum "specified by MAC" { enum "specified by MAC" {
description description
"This defines access as defined by an external "This uses an external Mandatory Access Control
Mandatory Access Control model. The name and (MAC) [7] model to define access control for
location of this model are specified in the ALL SUPAPolicyObject objects that are adorned
with this SUPAPolicyAccessMetadataDef object.
The name and location of this access control
model are specified, respectively, in the
supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-name
and supa-policy-metadata-access-priv-model-ref and supa-policy-metadata-access-priv-model-ref
attributes of this metadata object."; attributes of this SUPAPolicyAccessMetadataDef
object.";
} }
enum "specified by DAC" { enum "specified by DAC" {
description description
"This defines access as defined by an external "This uses an external Discretionary Access
Discretionary Access Control model. The name Control (DAC) [7] model to define access
and location of this model are specified in the control for ALL SUPAPolicyObject objects that
are adorned with this
SUPAPolicyAccessMetadataDef object. The name
and location of this access control model are
specified, respectively, in the
supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-name
and supa-policy-metadata-access-priv-model-ref and supa-policy-metadata-access-priv-model-ref
attributes of this metadata object."; attributes of this SUPAPolicyAccessMetadataDef
object.";
} }
enum "specified by RBAC" { enum "specified by RBAC" {
description description
"This defines access as defined by an external "This uses an external Role-Based Access Control
Role Based Access Control model. The name (RBAC) [7] model to define access control for
and location of this model are specified in the ALL SUPAPolicyObject objects that are adorned
with this SUPAPolicyAccessMetadataDef object.
The name and location of this access control
model are specified, respectively, in the
supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-name
and supa-policy-metadata-access-priv-model-ref and supa-policy-metadata-access-priv-model-ref
attributes of this metadata object."; attributes of this SUPAPolicyAccessMetadataDef
object.";
} }
enum "specified by ABAC" { enum "specified by ABAC" {
description description
"This defines access as defined by an external "This uses an external Attribute-Based Access
Attribute Based Access Control model. The name Control (ABAC) [8] model to define access
and location of this model are specified in the control for ALL SUPAPolicyObject objects that
are adorned with this
SUPAPolicyAccessMetadataDef object. The name
and location of this access control model are
specified, respectively, in the
supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-name
and supa-policy-metadata-access-priv-model-ref and supa-policy-metadata-access-priv-model-ref
attributes of this metadata object."; attributes of this SUPAPolicyAccessMetadataDef
object.";
} }
enum "specified by custom" { enum "specified by custom" {
description description
"This defines access as defined by an external "This uses an external Custom Access Control
Custom Access Control model. The name and model to define access control for ALL
location of this model are specified in the SUPAPolicyObject objects that are adorned
with this SUPAPolicyAccessMetadataDef object.
The name and location of this access control
model are specified, respectively, in the
supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-name
and supa-policy-metadata-access-priv-model-ref and supa-policy-metadata-access-priv-model-ref
attributes of this metadata object."; attributes of this SUPAPolicyAccessMetadataDef
object.";
} }
} }
description description
"This defines the type of access control model that is "This defines the type of access control model that is
used by this object instance."; used by this SUPAPolicyObject object instance.";
} }
leaf supa-policy-metadata-access-priv-model-name { leaf supa-policy-metadata-access-priv-model-name {
type string; type string;
description description
"This contains the name of the access control model "This contains the name of the access control model
being used. If the value of the being used. If the value of the
supa-policy-metadata-access-priv-model-ref is 0-2, supa-policy-metadata-access-priv-model-ref is
then the value of this attribute is not applicable. error, then this SUPAPolicyAccessMetadataDef object
Otherwise, the text in this class attribute should be MUST NOT be used. If the value of the
interpreted according to the value of the supa-policy-metadata-access-priv-model-ref is init,
then this SUPAPolicyAccessMetadataDef object has been
properly initialized, and is ready to be used. If the
value of the supa-policy-metadata-access-priv-model-ref
is read only or read write, then the value of this
attribute is not applicable (because a type of model
is NOT being defined; instead, the access control for
all SUPAPolicyObjects is being defined). Otherwise,
the text in this class attribute SHOULD be interpreted
according to the value of the
supa-policy-metadata-access-priv-model-ref class supa-policy-metadata-access-priv-model-ref class
attribute."; attribute.";
} }
leaf supa-policy-metadata-access-priv-model-ref { leaf supa-policy-metadata-access-priv-model-ref {
type enumeration { type enumeration {
enum "undefined" { enum "error" {
description description
"This can be used for either initialization "This signifies an error state. OAM&P Policies
or for signifying an error."; SHOULD NOT use this SUPAPolicyAccessMetadataDef
object if the value of this attribute is
error.";
}
enum "init" {
description
"This signifies an initialization state.";
} }
enum "URI" { enum "URI" {
description description
"The clause is referenced by this URI."; "The access control model is referenced by
this URI.";
} }
enum "GUID" { enum "GUID" {
description description
"The clause is referenced by this GUID."; "The access control model is referenced by
this GUID.";
} }
enum "UUID" { enum "UUID" {
description description
"The clause is referenced by this UUID."; "The access control model is referenced by
this UUID.";
} }
enum "FQDN" { enum "FQDN" {
description description
"The clause is referenced by this FQDN."; "The access control model is referenced by
this FQDN.";
}
enum "FQPN" {
description
"The access control model is referenced by
this FQPN.";
}
enum "string_instance_id" {
description
"A string that is the canonical representation,
in ASCII, of an instance ID of this object.";
} }
} }
description description
"This defines the data type of the "This defines the data type of the
supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-name
attribute."; attribute.";
} }
description description
"This is a concrete class that defines metadata for access "This is a concrete class that defines metadata for access
control information that can be added to a SUPA Policy control information that can be added to any
object. This is done using the SUPAHasPolicyMetadata SUPAPolicyObject object instance.
aggregation.";
This is done using the SUPAHasPolicyMetadata association
in conjunction with the Decorator pattern [1].";
} }
container supa-policy-metadata-decorator-access-container { container supa-policy-metadata-decorator-access-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyAccessMetadataDef."; type SUPAPolicyAccessMetadataDef.";
list supa-policy-metadata-decorator-access-list { list supa-policy-metadata-decorator-access-list {
key supa-policy-metadata-id; key supa-policy-metadata-id;
uses supa-policy-metadata-decorator-type; uses supa-policy-metadata-decorator-type;
description description
"A list of all supa-policy-metadata-decorator-access "A list of all supa-policy-metadata-decorator-access
instances in the system. Instances of subclasses instances in the system. Instances of subclasses
skipping to change at page 35, line 34 skipping to change at page 46, line 39
grouping supa-policy-metadata-decorator-version-type { grouping supa-policy-metadata-decorator-version-type {
uses supa-policy-metadata-decorator-type { uses supa-policy-metadata-decorator-type {
refine entity-class { refine entity-class {
default POLICY-METADATA-DECORATOR-VERSION-TYPE; default POLICY-METADATA-DECORATOR-VERSION-TYPE;
} }
} }
leaf supa-policy-metadata-version-major { leaf supa-policy-metadata-version-major {
type string; type string;
description description
"This contains a string (typically representing an "This contains a string representation of an integer
integer in the overall version format) that indicates that is greater than or equal to zero. It indicates
a significant increase in functionality is present in that a significant increase in functionality is present
this version."; in this version. It MAY also indicate that this version
has changes that are NOT backwards-compatible (the
supa-policy-metadata-version-build class attribute is
used to denote such changes). The string 0.1.0
defines an initial version that MUST NOT be considered
stable. Improvements to this initial version are
denoted by incrementing the minor and patch class
attributes (supa-policy-metadata-version-major and
supa-policy-metadata-version-patch, respectively). The
major version X (i.e., X.y.z, where X > 0) MUST be
incremented if any backwards-incompatible changes are
introduced. It MAY include minor and patch level
changes. The minor and patch version numbers MUST be
reset to 0 when the major version number is
incremented.";
} }
leaf supa-policy-metadata-version-minor { leaf supa-policy-metadata-version-minor {
type string; type string;
description description
"This contains a string (typically representing an "This contains a string representation of an integer
integer in the overall version format) that indicates that is greater than or equal to zero. It indicates
that this release contains a set of features and/or bug that this release contains a set of features and/or
fixes that collectively do not warrant incrementing the bug fixes that MUST be backwards-compatible. The
supa-policy-metadata-version-major attribute."; minor version Y (i.e., x.Y.z, where x > 0) MUST be
incremented if new, backwards-compatible changes are
introduced. It MUST be incremented if any features are
marked as deprecated. It MAY be incremented if new
functionality or improvements are introduced, and MAY
include patch level changes. The patch version number
MUST be reset to 0 when the minor version number is
incremented.";
} }
leaf supa-policy-metadata-version-rel-type { leaf supa-policy-metadata-version-patch {
type enumeration { type string;
enum "undefined" {
description
"This can be used for either initialization
or for signifying an error.";
}
enum "internal" {
description
"This indicates that this version should only
be used for internal (development) purposes.";
}
enum "alpha" {
description
"This indicates that this version is considered
to be alpha quality.";
}
enum "beta" {
description
"This indicates that this version is considered
to be beta quality.";
}
enum "release candidate" {
description
"This indicates that this version is considered
to be a candidate for full production.";
}
enum "release production" {
description
"This indicates that this version is considered
to be ready for full production.";
}
enum "maintenance" {
description
"This indicates that this version is considered
to be for maintenance purposes.";
}
}
description description
"This defines the type of this version's release."; "This contains a string representation of an integer
that is greater than or equal to zero. It indicates
that this version contains ONLY bug fixes. The patch
version Z (i.e., x.y.Z, where x > 0) MUST be
incremented if new, backwards-compatible changes are
introduced. A bug fix is defined as an internal change
that fixes incorrect behavior.";
} }
leaf supa-policy-metadata-version-rel-type-num { leaf supa-policy-metadata-version-prerelease {
type string; type string;
description description
"This contains a string (typically representing an "This contains a string that defines the pre-release
integer in the overall version format) that indicates version. A pre-release version MAY be denoted by
a significant increase in functionality is present in appending a hyphen and a series of dot-separated
this version."; identifiers immediately following the patch version.
Identifiers MUST comprise only ASCII alphanumerics and
a hyphen. Identifiers MUST NOT be empty. Numeric
identifiers MUST NOT include leading zeroes.
Pre-release versions have a lower precedence than the
associated normal version. A pre-release version
indicates that the version is unstable and might not
satisfy the intended compatibility requirements as
denoted by its associated normal version. Examples
include: 1.0.0-alpha and 1.0.0-0.3.7.";
}
leaf supa-policy-metadata-version-build {
type string;
description
"This contains a string that defines the metadata of
this build. Build metadata is optional. If present,
build metadata MAY be denoted by appending a plus
(+) sign to the version, followed by a series of
dot-separated identifiers. This may follow either
the patch or pre-release portions of the version.
If build metadata is present, then any identifiers
that it uses MUST be made up of only ASCII
alphanumerics and a hyphen. The identifier portion of
the build metadata MUST NOT be empty. Build metadata
SHOULD be ignored when determining version precedence.
Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1,
1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85.";
} }
description description
"This is a concrete class that defines metadata for version "This is a concrete class that defines metadata for version
control information that can be added to a SUPA Policy control information that can be added to any
object. This is done using the SUPAHasPolicyMetadata SUPAPolicyObject. This is done using the
aggregation."; SUPAHasPolicyMetadata association. This class uses the
Semantic Versioning Specification [6] as follows:
<major>.<minor>.<patch>[<pre-release>][<build-metadata>]
where the first three components (major, minor, and patch)
MUST be present, and the latter two components (pre-release
and build-metadata) MAY be present. A version number MUST
take the form <major>.<minor>.<patch>, where <major>,
<minor>, and <patch> are each non-negative integers that
MUST NOT contain leading zeros. In addition, the value of
each of these three elements MUST increase numerically.
In this approach, supaVersionMajor denotes a new release;
supaVersionMinor denotes a minor release; supaVersionPatch
denotes a version that consists ONLY of bug fixes. Version
precedence MUST be calculated by separating the version
into major, minor, patch, and pre-release identifiers, in
that order. See [1] for more information.";
} }
container supa-policy-metadata-decorator-version-container { container supa-policy-metadata-decorator-version-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyVersionMetadataDef."; type SUPAPolicyVersionMetadataDef.";
list supa-policy-metadata-decorator-version-list { list supa-policy-metadata-decorator-version-list {
key supa-policy-metadata-id; key supa-policy-metadata-id;
uses supa-policy-metadata-decorator-type; uses supa-policy-metadata-decorator-type;
description description
"A list of all supa-policy-metadata-decorator-version "A list of all supa-policy-metadata-decorator-version
instances in the system. Instances of subclasses instances in the system. Instances of subclasses
skipping to change at page 37, line 17 skipping to change at page 49, line 4
type SUPAPolicyVersionMetadataDef."; type SUPAPolicyVersionMetadataDef.";
list supa-policy-metadata-decorator-version-list { list supa-policy-metadata-decorator-version-list {
key supa-policy-metadata-id; key supa-policy-metadata-id;
uses supa-policy-metadata-decorator-type; uses supa-policy-metadata-decorator-type;
description description
"A list of all supa-policy-metadata-decorator-version "A list of all supa-policy-metadata-decorator-version
instances in the system. Instances of subclasses instances in the system. Instances of subclasses
will be in a separate list."; will be in a separate list.";
} }
} }
identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE {
identity SUPA-HAS-POLICY-METADATA-ASSOC { base POLICY-COMPONENT-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAHasPolicyMetadataDetail association class SUPAHasPolicyMetadataDetail association class
object instance."; object instance.";
} }
grouping supa-has-policy-metadata-detail { grouping supa-has-policy-metadata-detail {
leaf supa-policy-ID { uses supa-policy-object-type {
type string; refine entity-class {
description default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE;
"This is a globally unique ID for this association
instance in the overall policy system.";
}
leaf entity-class {
type identityref {
base SUPA-HAS-POLICY-METADATA-ASSOC;
} }
default SUPA-HAS-POLICY-METADATA-ASSOC;
description
"The identifier of the class of this assocation.";
} }
leaf supa-has-policy-metadata-object-ptr { leaf supa-has-policy-metadata-detail-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
POLICY-OBJECT-TYPE)"; POLICY-OBJECT-TYPE)";
description description
"This is a reference from the SUPAPolicyObject object "This leaf is an instance-identifier that references
instance that is aggregating SUPAPolicyMetadata object the SUPAPolicyObject instance end point of the
instances using the SUPAHasPolicyMetadata aggregation. association represented by this instance of the
This SUPAPolicyMetadataDetail association class is SUPAHasPolicyMetadata association [1]. The groupings
used to define part of the semantics of the supa-policy-object-type and supa-policy-metadata-type
SUPAHasPolicyMetadata aggregation. For example, it can represent the SUPAPolicyObject and SUPAPolicyMetadata
define which SUPAPolicyMetadata object instances can classes, respectively. Thus, the instance identified
be aggregated by this particular SUPAPolicyObject by this leaf is the SUPAPolicyObject instance that is
object instance."; associated by this association to the set of
SUPAPolicyMetadata instances referenced by the
supa-has-policy-metadata-detail-part-ptr leaf of
this grouping.";
} }
leaf supa-has-policy-metadata-ptr { leaf supa-has-policy-metadata-detail-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
POLICY-METADATA-TYPE)"; POLICY-METADATA-TYPE)";
description description
"This is a reference from the SUPAPolicyMetadata object "This leaf is an instance-identifier that references
instance(s) that are being aggregated by this the SUPAPolicyMetadata instance end point of the
SUPAPolicyObject object instance using the association represented by this instance of the
SUPAHasPolicyMetadata aggregation. The class SUPAHasPolicyMetadata association [1]. The groupings
SUPAPolicyMetadataDetail association class is used to supa-policy-object-type and supa-policy-metadata-type
define part of the semantics of the represents the SUPAPolicyObject and SUPAPolicyMetadata
SUPAHasPolicyMetadata aggregation. For example, it can classes, respectively. Thus, the instance
define which SUPAPolicyMetadata object instances can identified by this leaf is the SUPAPolicyMetadata
be aggregated by this particular SUPAPolicyObject instance that is associated by this association to
object instance."; the set of SUPAPolicyObject instances referenced by
the supa-has-policy-metadata-detail-agg-ptr leaf of
this grouping.";
} }
leaf supa-policy-metadata-detail-is-applicable { leaf supa-policy-metadata-detail-is-applicable {
type boolean; type boolean;
description description
"This attributes controls whether the associated "This attribute controls whether the associated
metadata is currently considered applciable to this metadata is currently considered applicable to this
policy object; this enables metadata to be turned on SUPAPolicyObject; this enables metadata to be turned
and off when needed without disturbing the structure on and off when needed without disturbing the
of the object that the metadata applies to."; structure of the object that the metadata applies to,
or affecting other objects in the system.";
} }
leaf-list supa-policy-metadata-detail-constraint { leaf-list supa-policy-metadata-detail-constraint {
type string; type string;
description description
"A list of constraints, expressed as strings "A list of constraints, expressed as strings, in
in the language defined by the the language defined by the
supa-policy-metadata-detail-encoding."; supa-policy-metadata-detail-encoding attribute.
If there are no constraints on using this
SUPAPolicyMetadata object with this particular
SUPAPolicyObject object, then this leaf-list will
consist of a list of a single null string.";
} }
leaf supa-policy-metadata-detail-encoding { leaf supa-policy-metadata-detail-constraint-encoding {
type string; type policy-constraint-language-list;
description description
"The langauge used to encode the constraints "The language used to encode the constraints relevant
relevant to the relationship between the metadata to the relationship between the SUPAPolicyMetadata
and the underlying policy object."; object and the underlying SUPAPolicyObject.";
} }
description description
"This is a concrete association class that defines the "This is a concrete association class that defines the
semantics of the SUPAPolicyMetadata aggregation. This semantics of the SUPAHasPolicyMetadata association. This
enables the attributes and relationships of the enables the attributes and relationships of the
SUPAPolicyMetadataDetail class to be used to constrain SUPAHasPolicyMetadataDetail class to be used to constrain
which SUPAPolicyMetadata objects can be aggregated by which SUPAPolicyMetadata objects can be associated by
this particular SUPAPolicyObject instance."; this particular SUPAPolicyObject instance.";
} }
container supa-policy-metadata-detail-container { container supa-policy-metadata-detail-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyMetadataDetail."; type SUPAPolicyMetadataDetail.";
list supa-policy-metadata-detail-list { list supa-policy-metadata-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-metadata-detail; uses supa-has-policy-metadata-detail;
description description
"This is a list of all supa-policy-metadata-detail "This is a list of all supa-policy-metadata-detail
instances in the system. Instances of subclasses instances in the system. Instances of subclasses
skipping to change at page 39, line 14 skipping to change at page 50, line 51
container supa-policy-metadata-detail-container { container supa-policy-metadata-detail-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyMetadataDetail."; type SUPAPolicyMetadataDetail.";
list supa-policy-metadata-detail-list { list supa-policy-metadata-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-metadata-detail; uses supa-has-policy-metadata-detail;
description description
"This is a list of all supa-policy-metadata-detail "This is a list of all supa-policy-metadata-detail
instances in the system. Instances of subclasses instances in the system. Instances of subclasses
will be in a separate list. will be in a separate list. Note that this association
Note that this policy is made concrete for exemplary class is made concrete for exemplary purposes. To be
purposes. To be useful, it almost certainly needs useful, it almost certainly needs refinement.";
refinement.";
} }
} }
identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC {
base POLICY-COMPONENT-TYPE;
description description
"The identity corresponding to a SUPAHasMetadataDecorator "The identity corresponding to a
association class object instance."; SUPAHasDecoratedPolicyComponentDetail association class
object instance.";
} }
grouping supa-has-decorator-policy-component-detail { grouping supa-has-decorator-policy-component-detail {
leaf supa-policy-ID { uses supa-policy-object-type {
type string; refine entity-class {
description default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC;
"This is a globally unique ID for this association
instance in the overall policy system.";
}
leaf entity-class {
type identityref {
base SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC;
} }
default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC;
description
"The identifier of the class of this assocation.";
} }
leaf supa-policy-component-decorator-ptr { leaf supa-has-policy-component-decorator-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-POLICY-COMPONENT-DECORATOR-TYPE)"; POLICY-COMPONENT-DECORATOR-TYPE)";
description description
"This associates the SUPAPolicyComponentStructure "This leaf is an instance-identifier that references
object instance participating in a the SUPAPolicyComponentDecorator instance end point of
SUPAHasDecoratedPolicyComponent aggregation to the the association represented by this instance of the
SUPAHasDecoratedPolicyComponentDetail association SUPAHasDecoratedPolicyComponent association [1]. The
class that provides the semantics of this aggregation. groupings supa-policy-component-decorator-type and
This defines the object class that this supa-policy-component-structure-type represent the
instance-identifier points to."; SUPAPolicyComponentDecorator and
SUPAPolicyComponentStructure classes, respectively.
Thus, the instance identified by this leaf is the
SUPAPolicyComponentDecorator instance that is
associated by this association to the set of
SUPAPolicyComponentStructure instances referenced by
the supa-has-policy-component-decorator-part-ptr leaf
of this grouping.";
} }
leaf supa-policy-component-ptr { leaf supa-has-policy-component-decorator-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-POLICY-COMPONENT-TYPE)"; POLICY-COMPONENT-TYPE)";
description description
"This associates the SUPAPolicyComponentDecorator "This leaf is an instance-identifier that references
object instance participating in a the SUPAPolicyComponentStructure instance end point of
SUPAHasDecoratedPolicyComponent aggregation to the the association represented by this instance of the
SUPAHasDecoratedPolicyComponentDetail association SUPAHasDecoratedPolicyComponent association [1]. The
class that provides the semantics of this aggregation. groupings supa-policy-component-decorator-type and
This defines the object class that this supa-policy-component-structure-type represent the
instance-identifier points to."; SUPAPolicyComponentDecorator and
SUPAPolicyComponentStructure classes, respectively.
Thus, the instance identified by this leaf is the
SUPAPolicyComponentStructure instance that is
associated by this association to the set of
SUPAPolicyComponentStructure instances referenced by
the supa-has-policy-component-decorator-agg-ptr leaf
of this grouping.";
} }
leaf-list supa-has-decorator-constraint { leaf-list supa-has-decorator-constraint {
type string; type string;
description description
"A constraint expression applying to this association "A constraint expression applying to this association
between a policy component decorator and the between a SUPAPolicyComponentDecorator and the
decorated component."; decorated component (which is a concrete subclass of
the SUPAPolicyComponentStructure class, such as
SUPAEncodedClause or SUPABooleanClauseAtomic). The
supa-has-decorator-constraint-encoding attribute
specifies the language used to write the set of
constraint expressions.";
} }
leaf supa-has-decorator-constraint-encoding { leaf supa-has-decorator-constraint-encoding {
type string; type policy-constraint-language-list;
description description
"The language in which the constraints on the "The language used to encode the constraints relevant
policy component-decoration is expressed."; to the relationship between the
SUPAPolicyComponentDecorator and the
SUPAPolicyComponentStructure object instances.";
} }
description description
"This is a concrete association class that defines the "This is a concrete association class that defines the
semantics of the SUPAHasDecoratedPolicyComponent semantics of the SUPAHasDecoratedPolicyComponent
aggregation. The purpose of this class is to use the association. The purpose of this class is to use the
Decorator pattern to detemine which Decorator pattern [1] to detemine which
SUPAPolicyComponentDecorator object instances, if any, SUPAPolicyComponentDecorator object instances, if any,
are required to augment the functionality of the concrete are required to augment the functionality of a concrete
subclass of SUPAPolicyClause that is being used."; subclass of SUPAPolicyClause that is being used.";
} }
container supa-policy-component-decorator-detail-container { container supa-policy-component-decorator-detail-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyComponentDecoratorDetail."; type SUPAPolicyComponentDecoratorDetail.";
list supa-policy-component-decorator-detail-list { list supa-policy-component-decorator-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-decorator-policy-component-detail; uses supa-has-decorator-policy-component-detail;
description description
"This is a list of all "This is a list of all
supa-policy-component-decorator-details."; supa-policy-component-decorator-details.";
} }
} }
identity SUPA-HAS-POLICY-SOURCE-ASSOC { identity SUPA-HAS-POLICY-SOURCE-ASSOC {
base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAHasPolicySource "The identity corresponding to a SUPAHasPolicySource
association class object instance."; association class object instance.";
} }
grouping supa-has-policy-source-detail { grouping supa-has-policy-source-detail {
leaf supa-policy-ID { uses supa-policy-object-type {
type string; refine entity-class {
description default SUPA-HAS-POLICY-SOURCE-ASSOC;
"This is a globally unique ID for this association
instance in the overall policy system.";
}
leaf entity-class {
type identityref {
base SUPA-HAS-POLICY-SOURCE-ASSOC;
} }
default SUPA-HAS-POLICY-SOURCE-ASSOC;
description
"The identifier of the class of this assocation.";
} }
leaf supa-policy-source-structure-ptr { leaf supa-has-policy-source-detail-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
POLICY-STRUCTURE-TYPE)"; POLICY-STRUCTURE-TYPE)";
description description
"This associates the SUPAPolicyStructure object "This leaf is an instance-identifier that references
instance participating in a SUPAHasPolicySource a SUPAPolicyStructure instance end point of the
aggregation to the SUPAHasPolicySourceDetail association represented by this instance of the
association class that provides the semantics of SUPAHasPolicySource association [1]. The grouping
this aggregation. This defines the object class supa-has-policy-source-detail represents the
that this instance-identifier points to."; SUPAHasPolicySourceDetail class. Thus, the instance
identified by this leaf is the SUPAPolicyStructure
instance that is associated by this association to the
SUPAPolicySource instance referenced by the
supa-has-policy-source-detail-part-ptr leaf of
this grouping.";
} }
leaf supa-policy-source-ptr { leaf supa-has-policy-source-detail-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-POLICY-SOURCE-TYPE)"; POLICY-SOURCE-TYPE)";
description description
"This associates the SUPAPolicySource object "This leaf is an instance-identifier that references
instance participating in a SUPAHasPolicySource a SUPAPolicySource instance end point of the
aggregation to the SUPAHasPolicySourceDetail association represented by this instance of the
association class that provides the semantics of SUPAHasPolicySource association [1]. The grouping
this aggregation. This defines the object class supa-has-policy-source-detail represents the
that this instance-identifier points to."; SUPAHasPolicySourceDetail class. Thus, the instance
identified by this leaf is the SUPAPolicySource
instance that is associated by this association to the
SUPAPolicyStructure instance referenced by the
supa-has-policy-source-detail-agg-ptr leaf of
this grouping.";
} }
leaf supa-policy-source-is-authenticated { leaf supa-policy-source-is-authenticated {
type boolean; type boolean;
description description
"If the value of this attribute is true, then this "If the value of this attribute is true, then this
SUPAPolicySource object has been authenticated by SUPAPolicySource object has been authenticated by
this particular SUPAPolicyStructure object."; a policy engine or application that is executing this
particular SUPAPolicyStructure object.";
} }
leaf supa-policy-source-is-trusted { leaf supa-policy-source-is-trusted {
type boolean; type boolean;
description description
"If the value of this attribute is true, then this "If the value of this attribute is true, then this
SUPAPolicySource object has been verified to be SUPAPolicySource object has been verified to be
trusted by this particular SUPAPolicyStructure trusted by a policy engine or application that is
object."; executing this particular SUPAPolicyStructure object.";
} }
description description
"This is an association class, and defines the semantics of "This is an association class, and defines the semantics of
the SUPAHasPolicySource aggregation. The attributes and the SUPAHasPolicySource association. The attributes and
relationships of this class can be used to define which relationships of this class can be used to define which
SUPAPolicySource objects can be attached to which SUPAPolicySource objects can be attached to which
particular set of SUPAPolicyStructure objects."; particular set of SUPAPolicyStructure objects. Note that a
SUPAPolicySource object is NOT responsible for evaluating
or executing SUPAPolicies; rather, it identifies the set
of entities that are responsible for managing this
SUPAPolicySource object. Its primary uses are for
auditability, as well as processing deontic logic. This
object represents the semantics of associating a
SUPAPolicySource to a SUPAPolicyTarget.";
} }
container supa-policy-source-detail-container { container supa-policy-source-detail-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicySourceDetail."; type SUPAPolicySourceDetail.";
list supa-policy-source-detail-list { list supa-policy-source-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-source-detail; uses supa-has-policy-source-detail;
description description
"This is a list of all supa-policy-source-detail "This is a list of all supa-policy-source-detail
objects."; objects.";
} }
} }
identity SUPA-HAS-POLICY-TARGET-ASSOC { identity SUPA-HAS-POLICY-TARGET-ASSOC {
base POLICY-OBJECT-TYPE;
description description
"The identity corresponding to a SUPAHasPolicyTarget "The identity corresponding to a SUPAHasPolicyTarget
association class object instance."; association class object instance.";
} }
grouping supa-has-policy-target-detail { grouping supa-has-policy-target-detail {
leaf supa-policy-ID { uses supa-policy-object-type {
type string; refine entity-class {
description default SUPA-HAS-POLICY-TARGET-ASSOC;
"This is a globally unique ID for this association
instance in the overall policy system.";
}
leaf entity-class {
type identityref {
base SUPA-HAS-POLICY-TARGET-ASSOC;
} }
default SUPA-HAS-POLICY-TARGET-ASSOC;
description
"The identifier of the class of this assocation.";
} }
leaf supa-policy-target-structure-ptr { leaf supa-has-policy-target-detail-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
POLICY-STRUCTURE-TYPE)"; POLICY-STRUCTURE-TYPE)";
description description
"This associates the SUPAPolicyStructure object "This leaf is an instance-identifier that references
instance participating in a SUPAHasPolicyTarget a SUPAPolicyStructure instance end point of the
aggregation to the SUPAHasPolicyTargetDetail association represented by this instance of the
association class that provides the semantics of SUPAHasPolicyTarget association [1]. The grouping
this aggregation. This defines the object class supa-has-policy-target-detail represents the
that this instance-identifier points to."; SUPAHasPolicyTargetDetail class. Thus, the instance
identified by this leaf is the SUPAPolicyStructure
instance that is associated by this association to the
SUPAPolicyTarget instance referenced by the
supa-has-policy-target-detail-part-ptr leaf of
this grouping.";
} }
leaf supa-policy-target-ptr { leaf supa-has-policy-target-detail-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-POLICY-TARGET-TYPE)"; POLICY-TARGET-TYPE)";
description description
"This associates the SUPAPolicyTarget object "This leaf is an instance-identifier that references
instance participating in a SUPAHasPolicyTarget a SUPAPolicyTarget instance end point of the
aggregation to the SUPAHasPolicyTargetDetail association represented by this instance of the
association class that provides the semantics of SUPAHasPolicyTarget association [1]. The grouping
this aggregation. This defines the object class supa-has-policy-target-detail represents the
that this instance-identifier points to."; SUPAHasPolicyTargetDetail class. Thus, the instance
identified by this leaf is the SUPAPolicyTarget
instance that is associated by this association to the
SUPAPolicyStructure instance referenced by the
supa-has-policy-source-detail-agg-ptr leaf of
this grouping.";
} }
leaf supa-policy-source-is-authenticated { leaf supa-policy-target-is-authenticated {
type boolean; type boolean;
description description
"If the value of this attribute is true, then this "If the value of this attribute is true, then this
SUPAPolicyTarget object has been authenticated by SUPAPolicyTarget object has been authenticated by
this particular SUPAPolicyStructure object."; a policy engine or application that is executing this
particular SUPAPolicyStructure object.";
} }
leaf supa-policy-source-is-enabled { leaf supa-policy-target-is-enabled {
type boolean; type boolean;
description description
"If the value of this attribute is true, then this "If the value of this attribute is true, then each
SUPAPolicyTarget object is able to be used as a SUPAPolicyTarget object that is referenced by this
SUPAPolicyTarget. This means that it has agreed to SUPAHasPolicyTarget aggregation is able to be used as
play the role of a SUPAPolicyTarget, and that it is a SUPAPolicyTarget by the SUPAPolicyStructure object
able to either process (directly or with the aid of a that is referenced by this SUPAHasPolicyTarget
proxy) SUPAPolicies, or receive the results of a aggregation. This means that this SUPAPolicyTarget has
agreed to: 1) have SUPAPolicies applied to it, and 2)
process (directly or with the aid of a proxy) one or
more SUPAPolicies, or receive the results of a
processed SUPAPolicy and apply those results to processed SUPAPolicy and apply those results to
itself."; itself.";
} }
description description
"This is an association class, and defines the semantics of "This is an association class, and defines the semantics of
the SUPAHasPolicyTarget aggregation. The attributes and the SUPAHasPolicyTarget association. The attributes and
relationships of this class can be used to define which relationships of this class can be used to define which
SUPAPolicyTarget objects can be attached to which SUPAPolicyTarget objects can be attached to which
particular set of SUPAPolicyStructure objects."; particular set of SUPAPolicyStructure objects. Note that a
SUPAPolicyTarget is used to identify a set of managed
entities to which a SUPAPolicy should be applied; this
object represents the semantics of applying a SUPAPolicy
to a SUPAPolicyTarget.";
} }
container supa-policy-target-detail-container { container supa-policy-target-detail-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyTargetDetail."; type SUPAPolicyTargetDetail.";
list supa-policy-target-detail-list { list supa-policy-target-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-target-detail; uses supa-has-policy-target-detail;
description description
"This is a list of all supa-policy-target-detail "This is a list of all supa-policy-target-detail
objects."; objects.";
skipping to change at page 44, line 18 skipping to change at page 56, line 45
list supa-policy-target-detail-list { list supa-policy-target-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-target-detail; uses supa-has-policy-target-detail;
description description
"This is a list of all supa-policy-target-detail "This is a list of all supa-policy-target-detail
objects."; objects.";
} }
} }
identity SUPA-HAS-POLICY-CLAUSE-ASSOC { identity SUPA-HAS-POLICY-CLAUSE-ASSOC {
base POLICY-STRUCTURE-TYPE;
description description
"The identity corresponding to a SUPAHasPolicyClause "The identity corresponding to a SUPAHasPolicyClause
association class object instance."; association class object instance.";
} }
grouping supa-has-policy-clause-detail { grouping supa-has-policy-clause-detail {
leaf supa-policy-ID { uses supa-policy-structure-type {
type string; refine entity-class {
description default SUPA-HAS-POLICY-CLAUSE-ASSOC;
"This is a globally unique ID for this association
instance in the overall policy system.";
}
leaf entity-class {
type identityref {
base SUPA-HAS-POLICY-CLAUSE-ASSOC;
} }
default SUPA-HAS-POLICY-CLAUSE-ASSOC;
description
"The identifier of the class of this assocation.";
} }
leaf supa-policy-clause-structure-ptr { leaf supa-has-policy-clause-detail-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
POLICY-STRUCTURE-TYPE)"; POLICY-STRUCTURE-TYPE)";
description description
"This associates the SUPAPolicyStructure object "This leaf is an instance-identifier that references
instance participating in a SUPAHasPolicyClause a concrete subclass of the SUPAPolicyStructure class
aggregation to the SUPAHasPolicyClauseDetail end point of the association represented by this
association class that provides the semantics of instance of the SUPAHasPolicyClause association [1].
this aggregation. This defines the object class The grouping supa-has-policy-clause-detail represents
that this instance-identifier points to."; the SUPAHasPolicyClauseDetail association class. Thus,
the instance identified by this leaf is the
SUPAPolicyStructure instance that is associated by
this association to the set of SUPAPolicyClause
instances referenced by the
supa-has-policy-clause-detail-part-ptr leaf of this
grouping.";
} }
leaf supa-policy-clause-ptr { leaf supa-has-policy-clause-detail-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
SUPA-POLICY-CLAUSE-TYPE)"; POLICY-CLAUSE-TYPE)";
description description
"This associates the SUPAPolicyClause object "This leaf is an instance-identifier that references
instance participating in a SUPAHasPolicyClause a concrete subclass of the SUPAPolicyClause class
aggregation to the SUPAHasPolicyClauseDetail end point of the association represented by this
association class that provides the semantics of instance of the SUPAHasPolicyClause association [1].
this aggregation. This defines the object class The grouping supa-has-policy-clause-detail represents
that this instance-identifier points to."; the SUPAHasPolicyClauseDetail association class. Thus,
the instance identified by this leaf is the
SUPAPolicyClause instance that is associated by this
association to the set of SUPAPolicyStructure
instances referenced by the
supa-has-policy-clause-detail-agg-ptr leaf of this
grouping.";
} }
description description
"This is an association class, and defines the semantics of "This is an association class, and defines the semantics of
the SUPAHasPolicyClause aggregation. The attributes and the SUPAHasPolicyClause association. The attributes and
relationships of this class can be used to define which relationships of this class can be used to define which
SUPAPolicyTarget objects can be attached to which SUPAPolicyTarget objects can be used by which particular
particular set of SUPAPolicyStructure objects. set of SUPAPolicyStructure objects. Every
Every SUPAPolicyStructure object instance MUST aggregate SUPAPolicyStructure instance MUST aggregate at
at least one SUPAPolicyClause object instance. However, least one SUPAPolicyClause instance. However, the
the converse is NOT true. For example, a SUPAPolicyClause converse is NOT true. For example, a SUPAPolicyStructure
could be instantiated and then stored for later use in a instance MUST aggregate at least one SUPAPolicyClause
policy repository."; instance. However, a SUPAPolicyClause object could be
instantiated and then stored for later use in a policy
repository.";
} }
container supa-policy-clause-detail-container { container supa-policy-clause-detail-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolicyClauseDetail."; type SUPAPolicyClauseDetail.";
list supa-policy-clause-detail-list { list supa-policy-clause-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-clause-detail; uses supa-has-policy-clause-detail;
description description
"This is a list of all supa-policy-clause-detail "This is a list of all supa-policy-clause-detail
objects."; objects.";
} }
} }
identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC {
base POLICY-STRUCTURE-TYPE;
description description
"The identity corresponding to a "The identity corresponding to a
SUPAHasPolExecFailActionToTake association class SUPAHasPolExecFailActionToTake association class
object instance."; object instance.";
} }
grouping supa-has-policy-exec-action-detail { grouping supa-has-policy-exec-action-detail {
leaf supa-policy-ID { uses supa-policy-structure-type {
type string; refine entity-class {
description default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC;
"This is a globally unique ID for this association
instance in the overall policy system.";
}
leaf entity-class {
type identityref {
base SUPA-HAS-POLICY-EXEC-ACTION-ASSOC;
} }
default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC;
description
"The identifier of the class of this assocation.";
} }
leaf supa-policy-structure-action-src-ptr { leaf supa-has-exec-fail-action-detail-agg-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
POLICY-STRUCTURE-TYPE)"; POLICY-STRUCTURE-TYPE)";
description description
"This associates the SUPAPolicyStructure object "This leaf is an instance-identifier that references
instance participating in a a SUPAPolicyStructure instance end point of the
SUPAHasPolExecFailActionToTake association to the association represented by this instance of the
SUPAHasPolExecFailActionToTakeDetail association SUPAHasPolExecFailActionToTake association [1] that
class that provides the semantics of this was executing a SUPAPolicy. This SUPAPolicyStructure
aggregation. This defines the object class that is referred to as the 'parent' SUPAPolicyStructure
this instance-identifier points to."; instance, while the other instance end point of this
association is called the 'child' SUPAPolicyStructure.
The grouping supa-policy-structure-type represents the
SUPAPolicyStructure class. Thus, the instance
identified by this leaf is the parent
SUPAPolicyStructure instance that is associated by this
association to the child SUPAPolicyStructure instance
referenced by the
supa-has-exec-fail-action-detail-part-ptr leaf of this
grouping.";
} }
leaf supa-policy-structure-action-dst-ptr { leaf supa-has-exec-fail-action-detail-part-ptr {
type instance-identifier; type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class, must "derived-from-or-self (deref(.)/entity-class,
POLICY-STRUCTURE-TYPE)"; POLICY-STRUCTURE-TYPE)";
description description
"This associates a SUPAPolicyAction object "This leaf is an instance-identifier that references
instance participating in a a SUPAPolicyStructure instance end point of the
SUPAHasPolExecFailActionToTake association to the association represented by this instance of the
SUPAHasPolExecFailActionToTakeDetail association SUPAHasPolExecFailActionToTake association [1] that
class that provides the semantics of this was NOT currently executing a SUPAPolicy. This
aggregation. This defines the object class that SUPAPolicyStructure is referred to as the 'child'
this instance-identifier points to."; SUPAPolicyStructure instance, while the other instance
} end point of this association is called the 'parent'
leaf supa-policy-exec-fail-take-action-encoding { SUPAPolicyStructure. The grouping
type policy-data-type-id-encoding-list; supa-policy-structure-type represents the
description SUPAPolicyStructure class. Thus, the instance
"This defines how to find the set of SUPA Policy identified by this leaf is the child
Action objects contained in each element of the SUPAPolicyStructure instance that is associated by
supa-policy-exec-fail-take-action-name attribute this association to the child SUPAPolicyStructure
object."; instance referenced by the
supa-has-exec-fail-action-detail-part-ptr leaf of
this grouping.";
} }
leaf-list supa-policy-exec-fail-take-action-name { leaf-list supa-policy-exec-fail-take-action-name {
type string; type string;
description description
"This identifies the set of SUPA Policy Actions to take "This is a list that contains the set of names for
if the SUPAPolicyStructure object that owns this SUPAPolicyActions to use if the SUPAPolicyStructure
association failed to execute properly. The object that owns this association failed to execute
interpretation of this string attribute is defined by properly. This association defines a set of child
the supa-policy-exec-fail-take-action-encoding class SUPAPolicyStructure objects to use if this (the parent)
attribute."; SUPAPolicyStructure object fails to execute correctly.
Each child SUPAPolicyStructure object has one or more
SUPAPolicyActions; this attribute defines the name(s)
of each SUPAPolicyAction in each child
SUPAPolicyStructure that should be used to try and
remediate the failure.";
} }
description description
"This is an association class, and defines the semantics of "This is an association class, and defines the semantics of
the SUPAHasPolExecFailTakeAction association. The the SUPAHasPolExecFailTakeAction association. The
attributes and relationships of this class can be used to attributes and relationships of this class can be used to
determine which SUPA Policy Action objects are executed in determine which SUPAPolicyAction objects are executed in
response to a failure of the SUPAPolicyStructure object response to a failure of the SUPAPolicyStructure object
instance that owns this association."; instance that owns this association.";
} }
container supa-policy-exec-fail-take-action-detail-container { container supa-policy-exec-fail-take-action-detail-container {
description description
"This is a container to collect all object instances of "This is a container to collect all object instances of
type SUPAPolExecFailActionToTakeDetail."; type SUPAPolExecFailActionToTakeDetail.";
list supa-policy-exec-fail-take-action-detail-list { list supa-policy-exec-fail-take-action-detail-list {
key supa-policy-ID; key supa-policy-ID;
uses supa-has-policy-exec-action-detail; uses supa-has-policy-exec-action-detail;
description description
"This is a list of all "This is a list of all
supa-has-policy-exec-action-detail objects."; supa-has-policy-exec-action-detail objects.";
} }
} }
identity SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC {
base POLICY-METADATA-TYPE;
description
"The identity corresponding to a
SUPAHasMetadataDecoratorDetail association class
object instance.";
}
grouping supa-has-policy-metadata-dec-detail {
uses supa-policy-metadata-type {
refine entity-class {
default SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC;
}
}
leaf supa-has-policy-metadata-detail-dec-agg-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
POLICY-METADATA-TYPE)";
description
"This leaf is an instance-identifier that references
a SUPAPolicyMetadataDecorator instance end point of
the association represented by this instance of the
SUPAHasMetadataDecorator association [1]. The
grouping supa-has-policy-metadata-detail represents
the SUPAHasMetadataDecoratorDetail association class.
Thus, the instance identified by this leaf is the
SUPAPolicyMetadataDecorator instance that is
associated by this association to the set of
SUPAPolicyMetadata instances referenced by the
supa-has-policy-metadata-detail-dec-part-ptr leaf of
this grouping.";
}
leaf supa-has-policy-metadata-detail-dec-part-ptr {
type instance-identifier;
must "derived-from-or-self (deref(.)/entity-class,
POLICY-METADATA-TYPE)";
description
"This leaf is an instance-identifier that references
a SUPAPolicyMetadata instance end point of the
association represented by this instance of the
SUPAHasMetadataDecorator association [1]. The
grouping supa-has-policy-metadata-detail represents
the SUPAHasMetadataDecoratorDetail association class.
Thus, the instance identified by this leaf is the
SUPAPolicyMetadata instance that is associated by
this association to the set of
SUPAPolicyMetadataDecorator instances referenced by
the supa-has-policy-metadata-detail-dec-agg-ptr leaf
of this grouping.";
}
description
"This is an association class, and defines the semantics of
the SUPAHasMetadataDecorator association. The attributes
and relationships of this class can be used to define which
concrete subclasses of the SUPAPolicyMetadataDecorator
class can be used to wrap which concrete subclasses of the
SUPAPolicyMetadata class.";
}
container supa-policy-metadata-decorator-detail-container {
description
"This is a container to collect all object instances of
type SUPAHasMetadaDecoratorDetail.";
list supa-policy-metadata-decorator-detail-list {
key supa-policy-metadata-id;
uses supa-has-policy-metadata-dec-detail;
description
"This is a list of all supa-policy-metadata-detail
objects.";
}
}
} }
<CODE ENDS> <CODE ENDS>
6. IANA Considerations 6. IANA Considerations
No IANA considerations exist for this document. No IANA considerations exist for this document.
7. Security Considerations 7. Security Considerations
TBD TBD
8. Acknowledgments 8. Acknowledgments
skipping to change at page 47, line 41 skipping to change at page 62, line 16
No IANA considerations exist for this document. No IANA considerations exist for this document.
7. Security Considerations 7. Security Considerations
TBD TBD
8. Acknowledgments 8. Acknowledgments
This document has benefited from reviews, suggestions, comments This document has benefited from reviews, suggestions, comments
and proposed text provided by the following members, listed in and proposed text provided by the following members, listed in
alphabetical order: Qin Wu. alphabetical order:
Qin Wu
9. References 9. References
This section defines normative and informative references for this This section defines normative and informative references for this
document. document.
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 48, line 21 skipping to change at page 62, line 41
the Network Configuration Protocol (NETCONF)", the Network Configuration Protocol (NETCONF)",
RFC 6020, October 2010. RFC 6020, October 2010.
[RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991,
July 2013. July 2013.
9.2. Informative References 9.2. Informative References
[1] Strassner, J., Halpern, J., Coleman, J., "Generic [1] Strassner, J., Halpern, J., Coleman, J., "Generic
Policy Information Model for Simplified Use of Policy Policy Information Model for Simplified Use of Policy
Abstractions (SUPA)", Abstractions (SUPA)", March 21, 2016,
draft-strassner-supa-generic-policy-info-model-05 draft-ietf-supa-generic-policy-info-model-01
March 21, 2016 [2] http://www.omg.org/spec/OCL/
[3] http://doc.omg.org/formal/2002-04-03.pdf
[4] http://alloy.mit.edu/alloy/
[5] http://www.omg.org/spec/QVT/
[6] http://semver.org/
[7] Definitions of DAC, MAC, and RBAC may be found here:
http://csrc.nist.gov/groups/SNS/rbac/faq.html#03
[8] ABAC is described here:
http://csrc.nist.gov/groups/SNS/rbac/index.html
Authors' Addresses Authors' Addresses
Joel Halpern Joel Halpern
Ericsson Ericsson
P. O. Box 6049 P. O. Box 6049
Leesburg, VA 20178 Leesburg, VA 20178
Email: joel.halpern@ericsson.com Email: joel.halpern@ericsson.com
John Strassner John Strassner
Huawei Technologies Huawei Technologies
2330 Central Expressway 2330 Central Expressway
Santa Clara, CA 95138 USA Santa Clara, CA 95138 USA
Email: john.sc.strassner@huawei.com Email: john.sc.strassner@huawei.com
Sven van der Meer
LM Ericsson Ltd.
Ericsson Software Campus
Garrycastle
Athlone
N37 PV44
Ireland
Email: sven.van.der.meer@ericsson.com
 End of changes. 316 change blocks. 
935 lines changed or deleted 1616 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/