draft-ietf-supa-generic-policy-data-model-00.txt | draft-ietf-supa-generic-policy-data-model-01.txt | |||
---|---|---|---|---|
Network Working Group J. Halpern | Network Working Group J. Halpern | |||
Internet-Draft Ericsson | Internet-Draft Ericsson | |||
Intended status: Informational J. Strassner | Intended status: Informational J. Strassner | |||
Expires: January 20, 2017 Huawei Technologies | Expires: April 3, 2017 Huawei Technologies | |||
July 20, 2016 | S. Van der Meer | |||
Ericsson | ||||
October 1, 2016 | ||||
Generic Policy Data Model for | Generic Policy Data Model for | |||
Simplified Use of Policy Abstractions (SUPA) | Simplified Use of Policy Abstractions (SUPA) | |||
draft-ietf-supa-generic-policy-data-model-00 | draft-ietf-supa-generic-policy-data-model-01 | |||
Abstract | Abstract | |||
This document defines two YANG policy data models. The first is a | This document defines two YANG policy data modules. The first is a | |||
generic policy model that is meant to be extended on an application- | generic policy model that is meant to be extended on an application- | |||
specific basis. The second is an exemplary extension of the first | specific basis. The second is an exemplary extension of the first | |||
generic policy model, and defines rules as event-condition-action | generic policy model, and defines rules as event-condition-action | |||
policies. Both models are independent of the level of abstraction of | policies. Both models are independent of the level of abstraction of | |||
the content and meaning of a policy. | the content and meaning of a policy. | |||
Status of this Memo | Status of this Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 39 ¶ | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current | working documents as Internet-Drafts. The list of current | |||
Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. | Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six | Internet-Drafts are draft documents valid for a maximum of six | |||
months and may be updated, replaced, or obsoleted by other | months and may be updated, replaced, or obsoleted by other | |||
documents at any time. It is inappropriate to use Internet-Drafts | documents at any time. It is inappropriate to use Internet-Drafts | |||
as reference material or to cite them other than as "work in | as reference material or to cite them other than as "work in | |||
progress." | progress." | |||
This Internet-Draft will expire on January 20, 2017. | This Internet-Draft will expire on April 3, 2017. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
respect to this document. Code Components extracted from this | respect to this document. Code Components extracted from this | |||
document must include Simplified BSD License text as described in | document must include Simplified BSD License text as described in | |||
Section 4.e of the Trust Legal Provisions and are provided | Section 4.e of the Trust Legal Provisions and are provided | |||
without warranty as described in the Simplified BSD License. | without warranty as described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Overview ....................................................... 2 | 1. Overview ....................................................... 2 | |||
2. Conventions Used in This Document .............................. 2 | 2. Conventions Used in This Document .............................. 2 | |||
3. Terminology .................................................... 3 | 3. Terminology .................................................... 3 | |||
3.1. Acronyms .................................................. 3 | 3.1. Acronyms ................................................. 3 | |||
3.2. Definitions ............................................... 3 | 3.2. Definitions .............................................. 3 | |||
3.3. Symbology ................................................. 4 | 3.3. Symbology ................................................ 5 | |||
4. Design of the SUPA Policy Data Models .......................... 4 | 4. Design of the SUPA Policy Data Models ......................... 5 | |||
5. SUPA Policy Data Model YANG Module ............................. 5 | 4.1. Objectives ............................................... 5 | |||
6. IANA Considerations ............................................ 47 | 4.2 Yang Data Model Maintenance ................................ 5 | |||
7. Security Considerations ........................................ 47 | 4.3 YANG Data Model Overview ................................... 6 | |||
8. Acknowledgments ................................................ 47 | 4.4. YANG Tree Diagram ........................................ 7 | |||
9. References ..................................................... 47 | 5. SUPA Policy Data Model YANG Module ............................ 11 | |||
9.1. Normative References ...................................... 48 | 6. IANA Considerations ........................................... 47 | |||
9.2. Informative References .................................... 48 | 7. Security Considerations ....................................... 47 | |||
8. Acknowledgments ............................................... 47 | ||||
9. References .................................................... 47 | ||||
9.1. Normative References ..................................... 48 | ||||
9.2. Informative References ................................... 48 | ||||
Authors' Addresses ................................................ 48 | Authors' Addresses ................................................ 48 | |||
1. Overview | 1. Overview | |||
This document defines two YANG [RFC6020] [RFC6991] policy data | This document defines two YANG [RFC6020] [RFC6991] policy data | |||
models. The first is a generic policy model that is meant to be | models. The first is a generic policy model that is meant to be | |||
extended on an application-specific basis. It is derived from the | extended on an application-specific basis. It is derived from the | |||
Generic Policy Information Model (GPIM) defined in [1]. The second | Generic Policy Information Model (GPIM) defined in [1]. The second | |||
is an exemplary extension of the first (generic policy) model, and | is an exemplary extension of the first (generic policy) model, and | |||
defines policy rules as event-condition-action tuples. Both models | defines policy rules as event-condition-action tuples. Both models | |||
are independent of the level of abstraction of the content and | are independent of the level of abstraction of the content and | |||
meaning of a policy. | meaning of a policy. | |||
The GPIM defines a common framework as a set of model elements | The GPIM defines a common framework as a set of model elements | |||
(e.g., classes, attributes, and relationships) that specify a | (e.g., classes, attributes, and relationships) that specify a | |||
common set of policy management concepts that are independent of the | common set of policy management concepts that are independent of the | |||
type of policy (e.g., imperative, procedural, declarative, or | type of policy (e.g., imperative, procedural, declarative, or | |||
otherwise). The first YANG data model is a translation of the GPIM | otherwise). The first YANG data model is a translation of the GPIM | |||
to a YANG module. The Eca Policy Rule Information Model (EPRIM), | to a YANG module. The ECA Policy Rule Information Model (EPRIM), | |||
also defined in [1], extends the GPIM to represent policy rules that | also defined in [1], extends the GPIM to represent policy rules that | |||
use the Event-Condition-Action (ECA) paradigm. The second YANG data | use the Event-Condition-Action (ECA) paradigm. The second YANG data | |||
model maps the EPRIM to YANG. The second YANG data model MAY be | model maps the EPRIM to YANG. The second YANG data model MAY be | |||
used to augment the functionality of the first YANG data model. | used to augment the functionality of the first YANG data model. | |||
2. Conventions Used in This Document | 2. Conventions Used in This Document | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in | |||
this document are to be interpreted as described in [RFC2119]. In | this document are to be interpreted as described in [RFC2119]. In | |||
skipping to change at page 3, line 15 ¶ | skipping to change at page 3, line 24 ¶ | |||
3. Terminology | 3. Terminology | |||
This section defines acronyms, terms, and symbology used in the | This section defines acronyms, terms, and symbology used in the | |||
rest of this document. | rest of this document. | |||
3.1. Acronyms | 3.1. Acronyms | |||
CNF Conjunctive Normal Form | CNF Conjunctive Normal Form | |||
DNF Disjunctive Normal Form | DNF Disjunctive Normal Form | |||
ECA Event-Condition-Action | ECA Event-Condition-Action | |||
EPRIM (SUPA) ECA Policy Rule Information Model | EPRIM (SUPA) ECA Policy Rule Information Model [1] | |||
GPIM (SUPA) Generic Policy Information Model | FQDN Fully Qualified Domain Name | |||
FQPN Fully Qualified Path Name | ||||
GPIM (SUPA) Generic Policy Information Model [1] | ||||
GUID Globally Unique IDentifier | ||||
NETCONF Network Configuration protocol | NETCONF Network Configuration protocol | |||
OAM&P Operations, Administration, Management, and Provisioning | OAM&P Operations, Administration, Management, and Provisioning | |||
OCL Object Constraint Language | OCL Object Constraint Language {2] [3] | |||
OID Object IDentifier | OID Object IDentifier | |||
SUPA Simplified Use of Policy Abstractions | SUPA Simplified Use of Policy Abstractions | |||
UML Unified Modeling Language | UML Unified Modeling Language | |||
URI Uniform Resource Identifier | URI Uniform Resource Identifier | |||
UUID Universally Unique IDentifier | ||||
3.2. Definitions | 3.2. Definitions | |||
Action: a set of purposeful activities that have a set of | Action: a set of activities that have a set of associated behavior. | |||
associated behavior. | ||||
Boolean Clause: a logical statement that evaluates to either TRUE | Boolean Clause: a logical statement that evaluates to either TRUE | |||
or FALSE. Also called Boolean Expression. | or FALSE. Also called Boolean Expression. | |||
Condition: a set of attributes, features, and/or values that are to | Condition: a set of attributes, features, and/or values that are to | |||
be compared with a set of known attributes, features, and/or | be compared with a set of known attributes, features, and/or | |||
values in order to make a decision. A Condition, when used in | values in order to make a decision. A Condition, when used in | |||
the context of a Policy Rule, is used to determine whether or not | the context of a Policy Rule, is used to determine whether or not | |||
the set of Actions in that Policy Rul can be executed or not. | the set of Actions in that Policy Rule can be executed or not. | |||
Constraint: A constraint is a limitation or restriction. | Constraint: A constraint is a limitation or restriction. | |||
Constraints may be added to any type of object (e.g., events, | Constraints may be added to any type of object (e.g., events, | |||
conditions, and actions in Policy Rules). | conditions, and actions in Policy Rules). | |||
Constraint Programming: a type of programming that uses constraints | ||||
to define relations between variables in order to find | ||||
a feasible (and not necessarily optimal) solution. | ||||
Data Model: a data model is a representation of concepts of | Data Model: a data model is a representation of concepts of | |||
interest to an environment in a form that is dependent on data | interest to an environment in a form that is dependent on data | |||
repository, data definition language, query language, | repository, data definition language, query language, | |||
implementation language, and protocol (typically one or more of | implementation language, and protocol (typically one or more of | |||
these). | these). This definition is taken from [1]. | |||
ECA: Event - Condition - Action policy. | ECA: Event - Condition - Action (a type of policy). | |||
Event: an Event is defined as any important occurrence in time of | Event: an Event is defined as any important occurrence in time in | |||
a change in the system being managed, and/or in the environment | the system being managed, and/or in the environment of the system | |||
of the system being managed. An Event, when used in the context | being managed. An Event may represent the changing or maintaining | |||
of a Policy Rule, is used to determine whether the condition | of the state of a managed object. An Event, when used in the | |||
clause of an imperative Policy Rule can be evaluated or not. | context of a Policy Rule, is used to determine whether the | |||
Condition clause of an imperative (i.e., ECA) Policy Rule can be | ||||
evaluated or not. | ||||
FQPN (FUlly Qualified Path Name) | ||||
The specification of a path to a file in a system that | ||||
unambiguously resolves to only that specific file. In this | ||||
sense, "fully qualified" is independent of context. However, | ||||
in a distributed system, it may be dependent on the specific | ||||
format of an operating system. Hence, implementations should | ||||
consider such issues before allowing the use of FQPNs. | ||||
Information Model: an information model is a representation of | Information Model: an information model is a representation of | |||
concepts of interest to an environment in a form that is | concepts of interest to an environment in a form that is | |||
independent of data repository, data definition language, query | independent of data repository, data definition language, query | |||
language, implementation language, and protocol. | language, implementation language, and protocol. This definition | |||
is taken from [1]. | ||||
Metadata: is data that provides descriptive and/or prescriptive | Metadata: metadata is data that provides descriptive and/or | |||
information about the object(s) to which it is attached. | prescriptive information about the object(s) to which it is | |||
associated. This enables structure and content of the object(s) | ||||
to which it applies, as well as usage and other information, to | ||||
be represented in an extensible manner. It avoids "burying" | ||||
common information in specific classes, and increases reuse. | ||||
Policy Rule: A Policy Rule is a set of rules that are used to | SUPAPolicy: A SUPAPolicy is, in this version of this document, an ECA | |||
manage and control the changing or maintaining of the state of one | policy rule that MUST contain an ECA policy rule, SHOULD contain | |||
or more managed objects. | one or more SUPAPolicyMetadata objects, and MAY contain other | |||
elements that define the semantics of the policy rule. An ECA | ||||
Policy Rule MUST contain an event clause, a condition clause, and | ||||
an action clause. Policies are generically defined as a means to | ||||
monitor and control the changing and/or maintaining of the state | ||||
of one or more managed objects. This definition is based on the | ||||
definition of SUPAPolicy in [1]. | ||||
3.3. Symbology | 3.3. Symbology | |||
The following representation is used to describe YANG data modules | The following representation is used to describe YANG data modules | |||
defined in this draft. | defined in this draft. | |||
o Brackets "[" and "]" enclose list keys. | o Brackets "[" and "]" enclose list keys. | |||
o Abbreviations before data node names: "rw" means configuration | o Abbreviations before data node names: "rw" means configuration | |||
data (read-write), and "ro" means state data (read-only). | data (read-write), and "ro" means state data (read-only). | |||
skipping to change at page 4, line 44 ¶ | skipping to change at page 5, line 26 ¶ | |||
means a presence container, and "*" denotes a list and leaf-list. | means a presence container, and "*" denotes a list and leaf-list. | |||
o Parentheses enclose choice and case nodes, and case nodes are also | o Parentheses enclose choice and case nodes, and case nodes are also | |||
marked with a colon (":"). | marked with a colon (":"). | |||
o Ellipsis ("...") stands for contents of subtrees that are not | o Ellipsis ("...") stands for contents of subtrees that are not | |||
shown. | shown. | |||
4. Design of the SUPA Policy Data Models | 4. Design of the SUPA Policy Data Models | |||
This will be completed in the next version of this draft. Three | This section describes the design philosophy of the YANG data model, | |||
important points are: | and how they will be maintained. | |||
- different policy models have common semantics | 4.1. Objectives | |||
- capture those semantics within a common framework (GPIM) | ||||
- extend these semantics with a specific ECA example (EPRIM) | These Data Models are derived from the SUPA Generic Policy | |||
Information Model [1]. The overall objective is to faithfully | ||||
transform that information model into a YANG data model that can | ||||
be used for communicating policy. The policy scope to be covered is | ||||
that defined by [1]; please refer to it for more details and | ||||
background information. | ||||
This model is an extensible framework that is independent of the | ||||
implementation approach for storing polices, as well as being | ||||
independent of the content and meaning of specific policies. These | ||||
models can be extended (generally by using the groupings here and | ||||
defining additional containers for concrete classes) to represent | ||||
domain- and/or application-specific policies. The ECA model in this | ||||
document is an example of extending the general policy model towards | ||||
specific policies. | ||||
By using this approach, different policy models will use common | ||||
semantics, enabling them to be more easily integrated. | ||||
One of the important goals of this work is for the semantics of | ||||
these models to align with those of the generic policy information | ||||
model. Thus, most of this model was generate by a quasi-algorithmic | ||||
transformation of the information model. This was done by hand. | ||||
Certain changes were made to reflect the fact that this is a YANG | ||||
data model, and therefore, does not need to generically allow for | ||||
all data modelling languages. Details of the process are described | ||||
below in section 4.3. | ||||
4.2 Yang Data Model maintenance | ||||
All model changes should be done to both the information model and | ||||
the data model in parallel. Care is being taken during development | ||||
of this model to ensure that is the case. | ||||
In general, structural changes will be applied to both the | ||||
information model and the data model, and then any necessary YANG | ||||
repairs taken to preserve the validity of the YANG data model. | ||||
4.3 YANG Data Model Overview | ||||
This YANG data model is generated by applying suitable YANG | ||||
constructs to represent the information in the information model. | ||||
There are three key information modeling concepts that this data | ||||
model needs to represent consistently. These are classes, class | ||||
inheritance (also known as subclassing) and associations. The | ||||
SUPA generic policy information model [1] makes extensive use of | ||||
these concepts. | ||||
Each class in the model is represented by a YANG identity and by a | ||||
YANG grouping. The use of groupings enables us to define these | ||||
classes abstractly. Each grouping begins with two leaves (either | ||||
defined in the grouping or inherited via a using clause), which | ||||
provide common functionality. One leaf is used for the system-wide | ||||
unique identifier for this instance. This is either named | ||||
supa-policy-ID (for the SUPAPolicyObject tree, which contains | ||||
everything EXCEPT metadata objects) or supa-policy-metadata-id (for | ||||
the SUPAPolicyMetadata tree, which ONLY contains metadata). All | ||||
associations use supa-policy-IDs. The second leaf is always called | ||||
the entity-class. It is an identityref which is set to the identity | ||||
of the instance. The default value for this leaf is always | ||||
correctly defined by the grouping. It is read-write in the YANG | ||||
formalism due to restrictions on the use of MUST clauses. | ||||
Class inheritance (or subclassing) is done by defining an identity | ||||
and a grouping for the new class. The identity is based on the | ||||
parent identity, and is given a new name to represent this class. | ||||
The new grouping uses the parent grouping. It refines the | ||||
entity-class of the parent, replacing the default value of the | ||||
entity-class with the correct value for this class. | ||||
Associations are represented by the use of instance-identifiers and | ||||
association classes. Association classes are classes, using the | ||||
above construction, which contain leaves representing the set of | ||||
instance-identifiers for each end of the association, along with | ||||
any other properties the information model assigns to the | ||||
association. The two associated classes each have a leaf with an | ||||
instance-identifier that points to the association class instance. | ||||
Each instance-identifier leaf is defined with a must clause. That | ||||
must clause references the entity-class of the target of the | ||||
instance-identifier, and specifies that the entity class type must | ||||
be the same as, or subclassed from, a specific named class. Thus, | ||||
associations can point to any instance of a selected class, or any | ||||
instance of any subclass of that target. | ||||
While not mandated by the YANG, it is expected that the xpath for | ||||
the instance-identifier will end with an array selection specifying | ||||
the supa-policy-ID or supa-policy-metadata-id of the target. This | ||||
enables us to construct the abstract class tree, with inheritance | ||||
and associations. It is noted and accepted that this process does | ||||
lose the distinction between containment, association, and | ||||
aggregation used by the information model. | ||||
The concrete class tree is constructed as follows. The YANG model | ||||
defines a container for each class that is defined as concrete by | ||||
the information model. That container contains a single list, | ||||
keyed by either the supa-policy-id or the supa-policy-metadata-id. | ||||
The content of the list is defined by a uses clause referencing the | ||||
grouping that defines the class. After this was done, certain | ||||
additional modifications were made. Specifically, any information | ||||
model constructs intended to represent lists of possible values | ||||
were recast as YANG enumerations. Where these lists are used more | ||||
than once, they are factored out into reusable enumerations. | ||||
Certain attributes that are not needed in the YANG (e.g., to | ||||
represent the range of choices different data models might use for | ||||
policy identification) were removed for simplicity and clarity. | ||||
4.4. YANG Tree Diagram | ||||
The YANG Tree Diagram starts on the next page. It uses the following | ||||
abbreviations for datatypes: | ||||
- B: Boolean | ||||
- E: enumeration | ||||
- II: instance-identifier | ||||
- IR: identityref | ||||
- PC: policy-constraint-language-list | ||||
- PD: policy-data-type-encoding-list | ||||
- S: string | ||||
- YD: yang:date-and-time | ||||
- UI: uint32 | ||||
module: ietf-supa-policydatamodel | ||||
+--rw supa-encoding-clause-container | ||||
| +--rw supa-encoding-clause-list* [supa-policy-ID] | ||||
| +--rw supa-policy-ID S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-has-policy-component-decorator-part-ptr II | ||||
| +--rw supa-policy-clause-deploy-status E | ||||
| +--rw supa-has-policy-clause-part-ptr* II | ||||
I +--rw supa-encoded-clause-content S | ||||
I +--rw supa-encoded-clause-language E | ||||
+--rw supa-policy-variable-container | ||||
| +--rw supa-policy-variable-list* [supa-policy-ID] | ||||
| +--rw supa-policy-ID S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-has-policy-component-decorator-part-ptr II | ||||
| +--rw supa-has-policy-component-decorator-agg-ptr* II | ||||
| +--rw supa-decorator-constraints* S | ||||
| +--rw supa-has-decorator-constraint-encoding? PC | ||||
| +--rw supa-policy-term-is-negated? B | ||||
| +-rw supa-policy-variable-name? S | ||||
+--rw supa-policy-operator-container | ||||
| +--rw supa-policy-operator-list* [supa-policy-ID] | ||||
| +--rw supa-policy-ID S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-has-policy-component-decorator-part-ptr II | ||||
| +--rw supa-has-policy-component-decorator-agg-ptr* II | ||||
| +--rw supa-decorator-constraints* S | ||||
| +--rw supa-has-decorator-constraint-encoding? PC | ||||
| +--rw supa-policy-term-is-negated? B | ||||
| +--rw supa-policy-value-op-type E | ||||
+--rw supa-policy-value-container | ||||
| +--rw supa-policy-value-list* [supa-policy-ID] | ||||
| +--rw supa-policy-ID S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-has-policy-component-decorator-part-ptr II | ||||
| +--rw supa-has-policy-component-decorator-agg-ptr* II | ||||
| +--rw supa-decorator-constraints* S | ||||
| +--rw supa-has-decorator-constraint-encoding? PC | ||||
| +--rw supa-policy-term-is-negated? B | ||||
| +--rw supa-policy-value-content* S | ||||
| +--rw supa-policy-value-encoding? PD | ||||
+--rw supa-policy-generic-decorated-container | ||||
| +--rw supa-encoding-clause-list* [supa-policy-ID] | ||||
| +--rw supa-policy-ID S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-has-policy-component-decorator-part-ptr II | ||||
| +--rw supa-has-policy-component-decorator-agg-ptr* II | ||||
| +--rw supa-decorator-constraints* S | ||||
| +--rw supa-has-decorator-constraint-encoding? PC | ||||
| +--rw supa-policy-generic-decorated-content* S | ||||
| +--rw supa-policy-generic-decorated-encoding? PD | ||||
+--rw supa-policy-concrete-metadata-container | ||||
| +--rw supa-policy-concrete-metadata-list* | ||||
[supa-policy-metadata-ID] | ||||
| +--rw supa-policy-metadata-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-metadata-description? S | ||||
| +--rw supa-policy-metadata-name? S | ||||
| +--rw supa-has-policy-metadata-part-ptr* II | ||||
| +--rw supa-has-policy-metadata-dec-part-ptr* II | ||||
| +--rw supa-policy-metadata-valid-period-end? YD | ||||
| +--rw supa-policy-metadata-valid-period-start? YD | ||||
+--rw supa-policy-metadata-decorator-access-container | ||||
| +--rw supa-policy-metadata-decorator-access-list* | ||||
[supa-policy-metadata-ID] | ||||
| +--rw supa-policy-metadata-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-metadata-description? S | ||||
| +--rw supa-policy-metadata-name? S | ||||
| +--rw supa-has-policy-metadata-part-ptr* II | ||||
| +--rw supa-has-policy-metadata-dec-part-ptr* II | ||||
| +--rw supa-has-policy-metadata-dec-agg-ptr? II | ||||
+--rw supa-policy-metadata-decorator-version-container | ||||
| +--rw supa-policy-metadata-decorator-version-list* | ||||
[supa-policy-metadata-ID] | ||||
| +--rw supa-policy-metadata-ID S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-metadata-description? S | ||||
| +--rw supa-policy-metadata-name? S | ||||
| +--rw supa-has-policy-metadata-part-ptr* II | ||||
| +--rw supa-has-policy-metadata-dec-part-ptr* II | ||||
| +--rw supa-has-policy-metadata-dec-agg-ptr? II | ||||
+--rw supa-policy-metadata-detail-container | ||||
| +--rw supa-policy-metadata-detail-list [supa-policy-ID] | ||||
| +--rw supa-policy-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-has-policy-metadata-detail-agg-ptr? II | ||||
| +--rw supa-has-policy-metadata-detail-part-ptr? II | ||||
| +--rw supa-policy-metadata-detail-is-applicable? B | ||||
| +--rw supa-policy-metadata-detail-constraint* S | ||||
| +--rw supa-policy-metadata-detail-constraint-encoding? PC | ||||
+--rw supa-policy-component-decorator-detail-container | ||||
| +--rw supa-policy-component-decorator-detail-list* | ||||
[supa-policy-ID] | ||||
| +--rw supa-policy-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-has-policy-component-decorator-agg-ptr? II | ||||
| +--rw supa-has-policy-component-decorator-part-ptr? II | ||||
| +--rw supa-has-decorator-constraint* S | ||||
| +--rw supa-has-decorator-constraint-encoding PC | ||||
+--rw supa-policy-source-detail-container | ||||
| +--rw supa-policy-source-detail-list* [supa-policy-ID] | ||||
| +--rw supa-policy-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
I +--rw supa-has-policy-source-detail-agg-ptr? II | ||||
I +--rw supa-has-policy-source-detail-part-ptr? II | ||||
I +--rw supa-policy-source-is-authenticated? B | ||||
I +--rw supa-policy-source-is-trusted? B | ||||
+--rw supa-policy-target-detail-container | ||||
| +--rw supa-policy-target-detail-list* [supa-policy-ID] | ||||
| +--rw supa-policy-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
I +--rw supa-has-policy-target-detail-agg-ptr? II | ||||
I +--rw supa-has-policy-target-detail-part-ptr? II | ||||
I +--rw supa-policy-target-is-authenticated? B | ||||
I +--rw supa-policy-target-is-enabled? B | ||||
+--rw supa-policy-clause-detail-container | ||||
| +--rw supa-policy-clause-detail-list* [supa-policy-ID] | ||||
| +--rw supa-policy-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-policy-admin-status E | ||||
| +--rw supa-policy-continuum-level? UI | ||||
| +--rw supa-policy-deploy-status E | ||||
| +--rw supa-policy-exec-fail-strategy E | ||||
| +--rw supa-has-policy-source-agg-ptr* II | ||||
| +--rw supa-has-policy-target-agg-ptr* II | ||||
| +--rw supa-has-policy-clause-agg-ptr* II | ||||
| +--rw supa-has-policy-exec-fail-action-agg-ptr* II | ||||
| +--rw supa-has-policy-exec-fail-action-part-ptr* II | ||||
| +--rw supa-has-policy-clause-detail-agg-ptr? II | ||||
| +--rw supa-has-policy-clause-detail-part-ptr? II | ||||
+--rw supa-policy-exec-fail-take-action-detail-container | ||||
| +--rw supa-policy-exec-fail-take-action-detail-list* | ||||
[supa-policy-ID] | ||||
| +--rw supa-policy-id S | ||||
| +--rw entity-class? IR | ||||
| +--rw supa-policy-name? S | ||||
| +--rw supa-policy-object-description? S | ||||
| +--rw supa-has-policy-metadata-agg-ptr* II | ||||
| +--rw supa-policy-admin-status E | ||||
| +--rw supa-policy-continuum-level? UI | ||||
| +--rw supa-policy-deploy-status E | ||||
| +--rw supa-policy-exec-fail-strategy E | ||||
| +--rw supa-has-policy-source-agg-ptr* II | ||||
| +--rw supa-has-policy-target-agg-ptr* II | ||||
| +--rw supa-has-policy-clause-agg-ptr* II | ||||
| +--rw supa-has-policy-exec-fail-action-agg-ptr* II | ||||
| +--rw supa-has-policy-exec-fail-action-part-ptr* II | ||||
| +--rw supa-has-exec-fail-action-detail-agg-ptr? II | ||||
| +--rw supa-has-exec-fail-action-detail-part-ptr? II | ||||
| +--rw supa-policy-exec-fail-take-action-name* S | ||||
+--rw supa-policy-metadata-decorator-detail-container | ||||
+--rw supa-policy-metadata-decorator-detail-list* | ||||
[supa-policy-metadata-ID] | ||||
+--rw supa-policy-metadata-id S | ||||
+--rw entity-class? IR | ||||
+--rw supa-policy-metadata-description? S | ||||
+--rw supa-policy-metadata-name? S | ||||
+--rw supa-has-policy-metadata-part-ptr* II | ||||
+--rw supa-has-policy-metadata-dec-part-ptr* II | ||||
+--rw supa-has-policy-metadata-detail-dec-agg-ptr? II | ||||
+--rw supa-has-policy-metadata-detail-dec-part-ptr? II | ||||
5. SUPA Policy Data Model YANG Module | 5. SUPA Policy Data Model YANG Module | |||
The SUPA YANG data model module is divided into two main parts: | The SUPA YANG data model module is divided into two main parts: | |||
1) a set of containers that represent the objects that make | 1) a set of containers that represent the objects that make | |||
updated a Policy Rule and its Policy Rule Components | updated a Policy Rule and its Policy Rule Components | |||
2) a set of containers that represent the objects that define and | 2) a set of containers that represent the objects that define and | |||
apply metadata to Policy Rules and/or Policy Rule Components | apply metadata to Policy Rules and/or Policy Rule Components | |||
< This will be finished in version 02 > | [Editor's note] < This will be finished in version 02 > | |||
<CODE BEGINS> file "ietf-supa-policydatamodel@2016-10-01.yang" | ||||
<CODE BEGINS> file "ietf-supa-policydatamodel@2016-03-21.yang" | ||||
module ietf-supa-policydatamodel { | module ietf-supa-policydatamodel { | |||
yang-version 1.1; | yang-version 1.1; | |||
namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel"; | namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel"; | |||
prefix supa-pdm; | prefix supa-pdm; | |||
import ietf-yang-types { | import ietf-yang-types { | |||
prefix yang; | prefix yang; | |||
} | } | |||
skipping to change at page 5, line 39 ¶ | skipping to change at page 13, line 27 ¶ | |||
contact | contact | |||
"Editor: Joel Halpern | "Editor: Joel Halpern | |||
email: jmh@joelhalpern.com; | email: jmh@joelhalpern.com; | |||
Editor: John Strassner | Editor: John Strassner | |||
email: strazpdj@gmail.com;"; | email: strazpdj@gmail.com;"; | |||
description | description | |||
"This module defines a data model for generic high level | "This module defines a data model for generic high level | |||
definition of policies to be applied to a network. | definition of policies to be applied to a network. | |||
This module is derived from and aligns with | This module is derived from and aligns with | |||
draft-strassner-supa-generic-policy-info-model-04. | draft-ietf-supa-generic-policy-info-model-01. | |||
Details on all classes, associations, and attributes | Details on all classes, associations, and attributes | |||
can be found there. | can be found there. | |||
Copyright (c) 2015 IETF Trust and the persons identified | Copyright (c) 2015 IETF Trust and the persons identified | |||
as the document authors. All rights reserved. | as the document authors. All rights reserved. | |||
Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
without modification, is permitted pursuant to, and | without modification, is permitted pursuant to, and | |||
subject to the license terms contained in, the Simplified | subject to the license terms contained in, the Simplified | |||
BSD License set forth in Section 4.c of the IETF Trust's | BSD License set forth in Section 4.c of the IETF Trust's | |||
Legal Provisions Relating to IETF Documents | Legal Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info)."; | (http://trustee.ietf.org/license-info)."; | |||
revision 2016-07-20 { | revision "2016-10-01" { | |||
description | description | |||
"Conversion to WG draft, 20160720. | "20161001: Minor edits in association definitions. | |||
Fixed pyang 1.1 compilation errors. Fixed must clause | 20160928: Generated yang tree. | |||
derefencing used in grouping statements. Reformatted | 20160924: Rewrote association documentation; rebuilt | |||
and expanded descriptions. Fixed various typos. | how all classes are named for consistency. | |||
Initial version, 20160321"; | 20160904: Optimization of module by eliminating leaves | |||
that are not needed; rewrote section 4. | ||||
20160824: Edits to sync data model to info model. | ||||
20160720: Conversion to WG draft. Fixed pyang 1.1 | ||||
compilation errors. Fixed must clause derefencing | ||||
used in grouping statements. Reformatted and expanded | ||||
descriptions. Fixed various typos. | ||||
20160321: Initial version."; | ||||
reference | reference | |||
"draft-ietf-supa-policy-data-model-00"; | "draft-ietf-supa-policy-data-model-00"; | |||
} | } | |||
typedef policy-constraint-language-list { | typedef policy-constraint-language-list { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | description | |||
"This may be used as an initialization and/or | "This signifies an error state. OAM&P Policies | |||
an error state."; | SHOULD NOT use this SUPAPolicy if the value of | |||
this attribute is error."; | ||||
} | ||||
enum "init" { | ||||
description | ||||
"This signifies a generic initialization state. A | ||||
suitable Policy Constraint Language (e.g., OCL [2] | ||||
or Alloy[4]) may now be defined."; | ||||
} | } | |||
enum "OCL2.4" { | enum "OCL2.4" { | |||
description | description | |||
"Object Constraint Language v2.4. This is a | "Object Constraint Language v2.4 [2]. This is a | |||
declarative language for describing rules for | declarative language for describing rules for | |||
defining constraints and query expressions."; | defining constraints and query expressions."; | |||
} | } | |||
enum "OCL2.x" { | enum "OCL2.x" { | |||
description | description | |||
"Object Constraint Language, v2.0 through 2.3.1."; | "Object Constraint Language, v2.0 through 2.3.1 | |||
[2]."; | ||||
} | } | |||
enum "OCL1.x" { | enum "OCL1.x" { | |||
description | description | |||
"Object Constraint Language, any version prior | "Object Constraint Language, any version prior | |||
to v2.0."; | to v2.0 [3]."; | |||
} | } | |||
enum "QVT1.2R" { | enum "QVT1.2R" { | |||
description | description | |||
"QVT Relational Language."; | "QVT Relational Language [5]."; | |||
} | } | |||
enum "QVT1.2O" { | enum "QVT1.2O" { | |||
description | description | |||
"QVT Operational language."; | "QVT Operational language [5]."; | |||
} | } | |||
enum "Alloy" { | enum "Alloy" { | |||
description | description | |||
"A language for defining structures and | "A language for defining structures and | |||
and relations using constraints."; | and relations using constraints [4]."; | |||
} | } | |||
} | } | |||
description | description | |||
"The language used to encode the constraints | "The language used to encode the constraints | |||
relevant to the relationship between the metadata | relevant to the relationship between the metadata | |||
and the underlying policy object."; | and the underlying policy object."; | |||
} | } | |||
typedef policy-data-type-id-encoding-list { | typedef policy-data-type-id-encoding-list { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | description | |||
"This can be used for either initialization | "This signifies an error state. OAM&P Policies | |||
or for signifying an error."; | SHOULD NOT use this SUPAPolicy if the value of | |||
this attribute is error."; | ||||
} | } | |||
enum "String" { | enum "init" { | |||
description | description | |||
"The clause is directly present in | "This signifies an initialization state."; | |||
the content."; | } | |||
enum "primary_key" { | ||||
description | ||||
"This represents the primary key of a table, which | ||||
uniquely identifies each record in that table. | ||||
It MUST NOT be NULL. It MAY consist of a single | ||||
or multiple fields. Note that a YANG data model | ||||
implementation does NOT have to implement this | ||||
enumeration."; | ||||
} | ||||
enum "foreign_key" { | ||||
description | ||||
"This represents the foreign key, which is a set | ||||
or more fields in one table that uniquely | ||||
identify a row in another table. It MAY be | ||||
NULL. Note that a YANG data model implementation | ||||
does NOT have to implement this enumeration."; | ||||
} | } | |||
enum "GUID" { | enum "GUID" { | |||
description | description | |||
"The clause is referenced by this GUID."; | "The object is referenced by this GUID."; | |||
} | } | |||
enum "UUID" { | enum "UUID" { | |||
description | description | |||
"The clause is referenced by this UUID."; | "The object is referenced by this UUID."; | |||
} | } | |||
enum "URI" { | enum "URI" { | |||
description | description | |||
"The clause is referenced by this URI."; | "The object is referenced by this URI."; | |||
} | } | |||
enum "FQDN" { | enum "FQDN" { | |||
description | description | |||
"The clause is referenced by this FQDN."; | "The object is referenced by this FQDN."; | |||
} | ||||
enum "FQPN" { | ||||
description | ||||
"The object is referenced by this FQPN. Note that | ||||
FQPNs assume that all components can access a | ||||
single logical file repostory."; | ||||
} | ||||
enum "string_instance_id" { | ||||
description | ||||
"A string that is the canonical representation, | ||||
in ASCII, of an instance ID of this object."; | ||||
} | } | |||
} | } | |||
description | description | |||
"The list of possible data types used to represent object | "The list of possible data types used to represent object | |||
IDs in the SUPA policy hierarchy."; | IDs in the SUPA policy hierarchy."; | |||
} | } | |||
typedef policy-data-type-encoding-list { | typedef policy-data-type-encoding-list { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | description | |||
"This can be used for either initialization | "This signifies an error state. OAM&P Policies | |||
or for signifying an error."; | SHOULD NOT use this SUPAPolicy if the value of | |||
this attribute is error."; | ||||
} | ||||
enum "init" { | ||||
description | ||||
"This signifies an initialization state."; | ||||
} | } | |||
enum "string" { | enum "string" { | |||
description | description | |||
"This represents a string data type."; | "This represents a string data type."; | |||
} | } | |||
enum "integer" { | enum "integer" { | |||
description | description | |||
"This represents an integer data type."; | "This represents an integer data type."; | |||
} | } | |||
enum "boolean" { | enum "boolean" { | |||
skipping to change at page 8, line 31 ¶ | skipping to change at page 17, line 6 ¶ | |||
enum "GUID" { | enum "GUID" { | |||
description | description | |||
"This represents a GUID data type."; | "This represents a GUID data type."; | |||
} | } | |||
enum "UUID" { | enum "UUID" { | |||
description | description | |||
"This represents a UUID data type."; | "This represents a UUID data type."; | |||
} | } | |||
enum "URI" { | enum "URI" { | |||
description | description | |||
"This represents a Uniform Resource Identifier | "This represents a URI data type."; | |||
(URI) data type."; | ||||
} | } | |||
enum "DN" { | enum "DN" { | |||
description | description | |||
"This represents a Distinguished Name (DN) | "This represents a DN data type."; | |||
data type."; | } | |||
enum "FQDN" { | ||||
description | ||||
"The object is referenced by this FQDN."; | ||||
} | ||||
enum "FQPN" { | ||||
description | ||||
"The object is referenced by this FQPN. Note that | ||||
FQPNs assume that all components can access a | ||||
single logical file repostory."; | ||||
} | } | |||
enum "NULL" { | enum "NULL" { | |||
description | description | |||
"This represents a NULL data type. NULL means the | "This represents a NULL data type. NULL means the | |||
absence of an actual value. NULL is frequently | absence of an actual value. NULL is frequently | |||
used to represent a missing or invalid value."; | used to represent a missing or invalid value."; | |||
} | } | |||
enum "string_instance_id" { | ||||
description | ||||
"A string that is the canonical representation, | ||||
in ASCII, of an instance ID of this object."; | ||||
} | ||||
} | } | |||
description | description | |||
"The set of allowable data types used to encode | "The set of allowable data types used to encode | |||
multi-valued SUPA Policy attributes."; | multi-valued SUPA Policy attributes."; | |||
} | } | |||
// identities are used in this model as a means to provide simple | // Identities are used in this model as a means to provide simple | |||
// reflection to allow an instance-identifier to be tested as to what | // introspection to allow an instance-identifier to be tested as to | |||
// class it represents. In turn, this allows must clauses to specify | // what class it represents. This allows must clauses to specify | |||
// that the target of a particular instance-identifier leaf must be a | // that the target of a particular instance-identifier leaf must be a | |||
// specific class, or within a certain branch of the inheritance tree. | // specific class, or within a certain branch of the inheritance tree. | |||
// This depends upon the ability to refine the entity class default | // This depends upon the ability to refine the entity class default | |||
// value. The entity class should be read-only. Howeverm as this is | // value. The entity class should be read-only. However, as this is | |||
// the target of a MUST condition, it cannot be config-false. Also, | // the target of a MUST condition, it cannot be config-false. Also, | |||
// it appears that we cannot put a MUST condition on its definition, | // it appears that we cannot put a MUST condition on its definition, | |||
// as the default (actual) value changes at each inheritance. | // as the default (actual) value changes for each inherited object. | |||
identity POLICY-OBJECT-TYPE { | identity POLICY-OBJECT-TYPE { | |||
description | description | |||
"The identity corresponding to a SUPAPolicyObject | "The identity corresponding to a SUPAPolicyObject | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-object-type { | grouping supa-policy-object-type { | |||
leaf supa-policy-ID { | leaf supa-policy-ID { | |||
type string; | type string; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The string identifier of this policy object. | "The string identifier of this policy object, which | |||
It must be unique within the policy system."; | functions as the unique object identifier of this | |||
object instance. This attribute MUST be unique within | ||||
the policy system. This attribute is named | ||||
supaObjectIDContent in [1], and is used with another | ||||
attribute (supaObjectIDEncoding); since the YANG data | ||||
model does not need this genericity, the | ||||
supaObjectIDContent attribute was renamed, and the | ||||
supaObjectIDEncoding attribute was not mapped."; | ||||
} | } | |||
leaf entity-class { | leaf entity-class { | |||
type identityref { | type identityref { | |||
base POLICY-OBJECT-TYPE; | base POLICY-OBJECT-TYPE; | |||
} | } | |||
default POLICY-OBJECT-TYPE; | default POLICY-OBJECT-TYPE; | |||
description | description | |||
"The identifier of the class of this grouping."; | "The identifier of the class of this grouping."; | |||
} | } | |||
leaf supa-policy-object-ID-encoding { | leaf supa-policy-name { | |||
type policy-data-type-id-encoding-list; | type string; | |||
mandatory true; | ||||
description | description | |||
"The encoding used by the supa-object-ID."; | "A human-readable name for this policy object. Note | |||
that this is NOT the object ID."; | ||||
} | } | |||
leaf supa-policy-object-description { | leaf supa-policy-object-description { | |||
type string; | type string; | |||
description | description | |||
"Human readable description of the characteristics | "A human-readable description of the characteristics | |||
and behavior of this policy object."; | and behavior of this policy object."; | |||
} | } | |||
leaf supa-policy-name { | leaf-list supa-has-policy-metadata-agg-ptr { | |||
type string; | ||||
description | ||||
"A human-readable name for this policy."; | ||||
} | ||||
leaf-list supa-has-policy-metadata-agg { | ||||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-METADATA-ASSOC)"; | SUPA-HAS-POLICY-METADATA-ASSOC)"; | |||
description | description | |||
"The SUPAPolicyObject object instance that aggregates | "This leaf-list holds instance-identifiers that | |||
this set of SUPAPolicyMetadata object instances. As | reference a SUPAHasPolicyMetadata association [1]. | |||
there are attributes on this association, the | This association is represented by the grouping | |||
supa-has-policy-metadata-detail. This association | ||||
describes how each SUPAPolicyMetadata instance is | ||||
related to a given SUPAPolicyObject instance. Since | ||||
this association class contains attributes, the | ||||
instance-identifier MUST point to an instance using | instance-identifier MUST point to an instance using | |||
the grouping supa-has-policy-metadata-detail (which | the grouping supa-has-policy-metadata-detail (which | |||
includes subclasses of this association class)."; | includes subclasses of this association class)."; | |||
} | } | |||
description | description | |||
"This is the superclass for all SUPA objects. It is | "This represents the SUPAPolicyObject [1] class. It is the | |||
used to define common attributes and relationships | superclass for all SUPA Policy objects (i.e., all objects | |||
that all SUPA subclasses inherit."; | that are either Policies or components of Policies). Note | |||
that SUPA Policy Metadata objects are NOT subclassed from | ||||
this class; they are instead subclassed from the | ||||
SUPAPolicyMetadata (i.e., supa-policy-metadata-type) | ||||
object. This class (supa-policy-object-type) is used to | ||||
define common attributes and relationships that all SUPA | ||||
Policy subclasses inherit. It MAY be augmented with a set | ||||
of zero or more SUPAPolicyMetadata objects using the | ||||
SUPAHasPolicyMetadata association, which is represented | ||||
by the supa-has-policy-metadata-agg leaf-list."; | ||||
} | } | |||
identity POLICY-COMPONENT-TYPE { | identity POLICY-COMPONENT-TYPE { | |||
base POLICY-OBJECT-TYPE; | base POLICY-OBJECT-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAPolicyComponentStructure object instance."; | SUPAPolicyComponentStructure object instance."; | |||
} | } | |||
grouping supa-policy-component-structure-type { | grouping supa-policy-component-structure-type { | |||
uses supa-policy-object-type { | uses supa-policy-object-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-COMPONENT-TYPE; | default POLICY-OBJECT-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-has-policy-component-decorator-part { | leaf supa-has-policy-component-decorator-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; | SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"A reference to the association class for relating | "This leaf holds instance-identifiers that | |||
policy component decorators to the policy components | reference a SUPAHasDecoratedPolicyComponent | |||
they decorate. This is the set of | association [1], and is represented by the grouping | |||
SUPAPolicyComponentStructure object instances that are | supa-has-decorator-policy-component-detail. This | |||
aggregated by a SUPAPolicyComponentDecorator object | association describes how each | |||
instance. As there are attributes on this association, | SUPAPolicyComponentStructure instance is related to a | |||
the instance-identifier MUST point to an instance | given SUPAPolicyComponentDecorator instance. Multiple | |||
using the specified grouping. This defines the object | SUPAPolicyComponentDecorator instances may be attached | |||
class that this instance-identifier points to."; | to a SUPAPolicyComponentStructure instance that is | |||
} | referenced in this association by using the Decorator | |||
description | pattern [1]. Since this association class contains | |||
"A superclass for all objects that represent different types | attributes, the instance-identifier MUST point to an | |||
of components of a Policy Rule. Important subclasses include | instance using the grouping | |||
the SUPAPolicyClause and the SUPAPolicyComponentDecorator. | supa-has-decorator-policy-component-detail (which | |||
This object is the root of the decorator pattern; as such, | includes subclasses of this association class)."; | |||
it enables all subclasses to be decorated."; | } | |||
description | ||||
"This represents the SUPAPolicyComponent class [1], which is | ||||
the superclass for all objects that represent different | ||||
components of a Policy. Important subclasses include the | ||||
SUPAPolicyClause and the SUPAPolicyComponentDecorator. | ||||
This object is the root of the Decorator pattern [1]; as | ||||
such, it enables all of its concrete subclasses to be | ||||
wrapped with other concrete subclasses of the | ||||
SUPAPolicyComponentDecorator class."; | ||||
} | } | |||
identity POLICY-COMPONENT-DECORATOR-TYPE { | identity POLICY-COMPONENT-DECORATOR-TYPE { | |||
base POLICY-COMPONENT-TYPE; | base POLICY-COMPONENT-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAPolicyComponentDecorator object instance."; | SUPAPolicyComponentDecorator object instance."; | |||
} | } | |||
grouping supa-policy-component-decorator-type { | grouping supa-policy-component-decorator-type { | |||
uses supa-policy-component-structure-type { | uses supa-policy-component-structure-type { | |||
refine entity-class { | refine entity-class { | |||
skipping to change at page 11, line 14 ¶ | skipping to change at page 20, line 25 ¶ | |||
identity POLICY-COMPONENT-DECORATOR-TYPE { | identity POLICY-COMPONENT-DECORATOR-TYPE { | |||
base POLICY-COMPONENT-TYPE; | base POLICY-COMPONENT-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAPolicyComponentDecorator object instance."; | SUPAPolicyComponentDecorator object instance."; | |||
} | } | |||
grouping supa-policy-component-decorator-type { | grouping supa-policy-component-decorator-type { | |||
uses supa-policy-component-structure-type { | uses supa-policy-component-structure-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-COMPONENT-DECORATOR-TYPE; | default POLICY-COMPONENT-TYPE; | |||
} | } | |||
} | } | |||
leaf-list supa-has-policy-component-decorator-agg { | leaf-list supa-has-policy-component-decorator-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; | SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; | |||
max-elements 1; | min-elements 1; | |||
description | description | |||
"The SUPAPolicyComponentDecorator object instance | "This leaf-list holds instance-identifiers that | |||
that aggregates this set of | reference a SUPAHasDecoratedPolicyComponent | |||
SUPAPolicyComponentStructure object instances. This | association [1]. This association is represented by the | |||
is a list of associations to the SUPA policy components | grouping supa-has-decorator-policy-component-detail. | |||
that this decorator decorates. As there are attributes | This leaf-list helps implement the Decorator pattern | |||
on this association, the instance-identifier MUST | [1], which enables all or part of one or more object | |||
point to an instance using the specified grouping. | instances to wrap another object instance. For | |||
This defines the object class that this | example, any concrete subclass of SUPAPolicyClause, | |||
instance-identifier points to."; | such as SUPAEncodedClause, may be wrapped by any | |||
concrete subclass of SUPAPolicyComponentDecorator | ||||
(e.g., SUPAPolicyEvent). Since this association class | ||||
contains attributes, the instance-identifier MUST | ||||
point to an instance using the grouping | ||||
supa-has-decorator-policy-component-detail (which | ||||
includes subclasses of this association class)."; | ||||
} | } | |||
leaf-list supa-decorator-constraints { | leaf-list supa-decorator-constraints { | |||
type string; | type string; | |||
description | description | |||
"A constraint expression applying to this | "This is a set of constraint expressions that are | |||
decorator, allowing specification of details not | applied to this decorator, allowing the specification | |||
captured in its subclasses, using an appropriate | of details not captured in its subclasses, using an | |||
constraint language."; | appropriate constraint language that is specified in | |||
the supa-has-decorator-constraint-encoding leaf."; | ||||
} | } | |||
leaf supa-has-decorator-constraint-encoding { | leaf supa-has-decorator-constraint-encoding { | |||
type policy-constraint-language-list; | type policy-constraint-language-list; | |||
description | description | |||
"The language in which the constraints on the | "The language in which the constraints on the | |||
policy component decorator is expressed."; | policy component decorator is expressed. Examples | |||
include OCL 2.4 [2], Alloy [3], and English text."; | ||||
} | } | |||
description | description | |||
"This object implements the decorator pattern, which | "This object implements the Decorator pattern [1], which | |||
enables all or part of one or more objects to wrap | enables all or part of one or more concrete objects to | |||
another concrete object."; | wrap another concrete object."; | |||
} | } | |||
identity POLICY-COMPONENT-CLAUSE-TYPE { | identity POLICY-COMPONENT-CLAUSE-TYPE { | |||
base POLICY-COMPONENT-TYPE; | base POLICY-OBJECT-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyClause | "The identity corresponding to a SUPAPolicyClause | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-clause-type { | grouping supa-policy-clause-type { | |||
uses supa-policy-component-structure-type { | uses supa-policy-component-structure-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-COMPONENT-CLAUSE-TYPE; | default POLICY-COMPONENT-CLAUSE-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-clause-exec-status { | leaf supa-policy-clause-deploy-status { | |||
type enumeration { | type enumeration { | |||
enum "Unknown" { | enum "error" { | |||
description | description | |||
"This may be used as an initialization and/or | "This signifies an error state. OAM&P Policies | |||
an error state."; | SHOULD NOT use this SUPAPolicyClause if the | |||
value of this attribute is error."; | ||||
} | } | |||
enum "Completed" { | enum "init" { | |||
description | description | |||
"This signifies that this particular policy | "This signifies an initialization state."; | |||
clause has run successfully, and is now idle."; | ||||
} | } | |||
enum "Working" { | enum "deployed and enabled" { | |||
description | description | |||
"This signifies that this particular policy | "This SUPAPolicyClause has been deployed in | |||
clause is currently in use, and no errors have | the system and is currently enabled."; | |||
been reported."; | ||||
} | } | |||
enum "Not Working" { | enum "deployed and in test" { | |||
description | description | |||
"This signifies that this particular policy | "This SUPAPolicyClause has been deployed in the | |||
clause is currently in use, but one or more | system, but is currently in test and SHOULD | |||
errors have been reported."; | NOT be used in OAM&P policies."; | |||
} | } | |||
enum "Available" { | enum "deployed but not enabled" { | |||
description | description | |||
"This signifies that this particular policy | "This SUPAPolicyClause has been deployed in the | |||
clause could be used, but currently is not | system, but has been administratively | |||
in use."; | disabled."; | |||
} | } | |||
enum "In Test" { | enum "ready to be deployed" { | |||
description | description | |||
"This signifies that this particular policy | "This SUPAPolicyClause has been properly | |||
clause is not for use in operational policies."; | initialized, and is now ready to be deployed."; | |||
} | } | |||
enum "Disabled" { | enum "cannot be deployed" { | |||
description | description | |||
"This signifies that this particular policy | "This SUPAPolicyClause has been administratively | |||
clause is not available for use."; | disabled, and SHOULD NOT be used as part of | |||
an OAM&P policy."; | ||||
} | } | |||
} | } | |||
description "This describes whether this policy clause is in | mandatory true; | |||
use and if so whether it is working properly."; | description | |||
"This defines whether this SUPAPolicy has been | ||||
deployed and, if so, whether it is enabled and | ||||
ready to be used or not."; | ||||
} | } | |||
leaf-list supa-has-policy-clause-part { | leaf-list supa-has-policy-clause-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-CLAUSE-ASSOC)"; | SUPA-HAS-POLICY-CLAUSE-ASSOC)"; | |||
min-elements 1; | min-elements 1; | |||
description | description | |||
"The set of SUPAPolicyClause object instances that are | "This leaf-list holds instance-identifiers that | |||
aggregated by this SUPAPolicyStructure (i.e., this | reference a SUPAHasPolicyClause association [1], | |||
SUPA Policy Rule) object instance. This defines the | and is represented by the grouping | |||
object class that this instance-identifier points to."; | supa-has-policy-clause-detail. This association | |||
describes how each SUPAPolicyClause instance is | ||||
related to this particular SUPAPolicyStructure | ||||
instance. For example, this association may restrict | ||||
which concrete subclasses of the SUPAPolicyStructure | ||||
class can be associated with which contrete subclasses | ||||
of the SUPAPolicyClause class. The set of | ||||
SUPAPolicyClauses, identified by this leaf-list, | ||||
define the content of this SUPAPolicyStructure. | ||||
Since this association class contains attributes, the | ||||
instance-identifier MUST point to an instance using | ||||
the grouping supa-has-policy-clause-detail (which | ||||
includes subclasses of this association class)."; | ||||
} | } | |||
description "The parent class for all SUPA Policy Clauses."; | description | |||
"The parent class for all SUPA Policy Clauses. A | ||||
SUPAPolicyClause is a fundamental building block for | ||||
creating SUPA Policies. A SUPAPolicy is a set of | ||||
statements, and a SUPAPolicyClause can be thought of as all | ||||
or part of a statement. The Decorator pattern [1] is used, | ||||
which enables the contents of a SUPAPolicyClause to be | ||||
adjusted dynamically at runtime without affecting other | ||||
objects of either type."; | ||||
} | } | |||
identity POLICY-ENCODED-CLAUSE-TYPE { | identity POLICY-ENCODED-CLAUSE-TYPE { | |||
base POLICY-COMPONENT-CLAUSE-TYPE; | base POLICY-COMPONENT-CLAUSE-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyEncodedClause | "The identity corresponding to a SUPAEncodedClause | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-encoded-clause-type { | grouping supa-encoded-clause-type { | |||
uses supa-policy-clause-type { | uses supa-policy-clause-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-ENCODED-CLAUSE-TYPE; | default POLICY-ENCODED-CLAUSE-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-encoded-clause-content { | leaf supa-encoded-clause-content { | |||
type string; | type string; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"Either a reference to a source for this clause or the | "This defines the content of this SUPAEncodedClause; the | |||
string representation of the clause."; | language used to express this content is defined by the | |||
} | supa-encoded-clause-language attribute."; | |||
leaf supa-encoded-clause-encoding { | ||||
type policy-data-type-id-encoding-list; | ||||
mandatory true; | ||||
description | ||||
"The encoding for the encoding clause content."; | ||||
} | } | |||
leaf supa-encoded-clause-language { | leaf supa-encoded-clause-language { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | description | |||
"This may be used as an initialization and/or | "This signifies an error state. OAM&P Policies | |||
an error state."; | SHOULD NOT use this SUPAEncodedClause if the | |||
value of this attribute is error."; | ||||
} | } | |||
enum "CLI" { | enum "init" { | |||
description | description | |||
"This defines the language as a type of Command | "This signifies an initialization state."; | |||
Line Interface."; | } | |||
enum "YANG" { | ||||
description | ||||
"This defines the language used in this | ||||
SUPAEncodedClause as a type of YANG. | ||||
Additional details may be provided by | ||||
attaching a SUPAPolicyMetadata object to | ||||
this SUPAEncodedClause object instance."; | ||||
} | ||||
enum "XML" { | ||||
description | ||||
"This defines the language as a type of XML. | ||||
Additional details may be provided by | ||||
attaching a SUPAPolicyMetadata object to | ||||
this SUPAEncodedClause object instance."; | ||||
} | } | |||
enum "TL1" { | enum "TL1" { | |||
description | description | |||
"This defines the language as a type of | "This defines the language as a type of | |||
Transaction Language 1."; | Transaction Language 1. Additional details may | |||
be provided by attaching a SUPAPolicyMetadata | ||||
object to this SUPAEncodedClause object | ||||
instance."; | ||||
} | } | |||
enum "YANG" { | enum "Text" { | |||
description | description | |||
"This defines the language as a type of YANG."; | "This is a textual string that can be used to | |||
define a language choice that is not listed | ||||
by a specific enumerated value. This string | ||||
MUST be parsed by the policy system to | ||||
identify the language being used. A | ||||
SUPAPolicyMetadata object (represented as a | ||||
supa-policy-metadata-type leaf) can be used to | ||||
provide further details about the language"; | ||||
} | } | |||
} | } | |||
mandatory true; | mandatory true; | |||
description | description | |||
"Indicates the lanaguage used for this object instance."; | "Indicates the language used for this SUPAEncodedClause | |||
} | object instance. Prescriptive and/or descriptive | |||
leaf supa-encoded-clause-response { | information about the usage of this SUPAEncodedClause | |||
type boolean; | may be provided by one or more SUPAPolicyMetadata | |||
description | objects, which are each attached to the object | |||
"If present, this represents the success or failure | instance of this SUPAEncodedClause."; | |||
of the last invocation of this clause."; | ||||
} | } | |||
description | description | |||
"This class refines the behavior of the supa-policy-clause | "This class refines the behavior of the supa-policy-clause | |||
by encoding the contents of the clause into the attributes | by encoding the contents of the clause into the attributes | |||
of this object. This enables clauses that are not based on | of this object. This enables clauses that are not based on | |||
other SUPA objects to be modeled."; | other SUPA objects to be modeled. For example, a POLICY | |||
Application could define a CLI or YANG configuration | ||||
snippet and encode that snipped into a SUPAEncodedClause. | ||||
Note that a SUPAEncodedClause simply defines the content | ||||
of the clause. In particular, it does NOT provide a | ||||
response. The policy engine that is parsing and evaluating | ||||
the SUPAPolicy needs to assign a response to any | ||||
SUPAEncodedClause that it encounters."; | ||||
} | } | |||
container supa-encoding-clause-container { | container supa-encoding-clause-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAEncodedClause."; | type SUPAEncodedClause."; | |||
list supa-encoding-clause-list { | list supa-encoding-clause-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-encoded-clause-type; | uses supa-encoded-clause-type; | |||
description | description | |||
"List of all instances of supa-encoding-clause-type. | "A list of all instances of supa-encoding-clause-type. | |||
If a module defines subclasses of the encoding clause, | If a module defines subclasses of the encoding clause, | |||
those will be stored in a separate container."; | those will be stored in a separate container."; | |||
} | } | |||
} | } | |||
identity POLICY-COMPONENT-TERM-TYPE { | identity POLICY-COMPONENT-TERM-TYPE { | |||
base POLICY-COMPONENT-DECORATOR-TYPE; | base POLICY-COMPONENT-DECORATOR-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a SUPAPolicyTerm object | |||
SUPAPolicyComponentDecorator object instance."; | instance."; | |||
} | } | |||
grouping supa-policy-term-type { | grouping supa-policy-term-type { | |||
uses supa-policy-component-decorator-type { | uses supa-policy-component-decorator-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-COMPONENT-TERM-TYPE; | default POLICY-COMPONENT-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-term-is-negated { | leaf supa-policy-term-is-negated { | |||
type boolean; | type boolean; | |||
description | description | |||
"If the value of this attribute is true, then | "If the value of this attribute is true, then | |||
this particular term is negated."; | this particular term is negated."; | |||
} | } | |||
description | description | |||
"This is the superclass of all SUPA policy objects that are | "This is the superclass of all SUPA policy objects that are | |||
used to test or set the value of a variable."; | used to test or set the value of a variable. It does this | |||
by defining a {variable-operator-value} three-tuple, where | ||||
each element of the three-tuple is defined by a concrete | ||||
subclass of the appropriate type (e.g., SUPAPolicyVariable, | ||||
SUPAPolicyOperator, or SUPAPolicyVariable)."; | ||||
} | } | |||
identity POLICY-COMPONENT-VARIABLE-TYPE { | identity POLICY-COMPONENT-VARIABLE-TYPE { | |||
base POLICY-COMPONENT-TERM-TYPE; | base POLICY-COMPONENT-TERM-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyVariable | "The identity corresponding to a SUPAPolicyVariable | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-variable-type { | grouping supa-policy-variable-type { | |||
uses supa-policy-term-type { | uses supa-policy-term-type { | |||
refine entity-class { | refine entity-class { | |||
skipping to change at page 15, line 38 ¶ | skipping to change at page 26, line 14 ¶ | |||
identity POLICY-COMPONENT-VARIABLE-TYPE { | identity POLICY-COMPONENT-VARIABLE-TYPE { | |||
base POLICY-COMPONENT-TERM-TYPE; | base POLICY-COMPONENT-TERM-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyVariable | "The identity corresponding to a SUPAPolicyVariable | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-variable-type { | grouping supa-policy-variable-type { | |||
uses supa-policy-term-type { | uses supa-policy-term-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-COMPONENT-VARIABLE-TYPE; | default POLICY-COMPONENT-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-variable-name { | leaf supa-policy-variable-name { | |||
type string; | type string; | |||
description | description | |||
"A human-readable name for this policy variable."; | "A human-readable name for this policy variable."; | |||
} | } | |||
description | description | |||
"This is one formulation of a SUPA Policy Clause. It uses | "This is one formulation of a SUPA Policy Clause. It uses | |||
an object, defined in the SUPA hierarchy, to represent the | the canonical form of an expression, which is a three-tuple | |||
variable portion of a SUPA Policy Clause. The attribute | in the form {variable, operator, value}. In this approach, | |||
defined by the supa-policy-variable-name specifies an | each of the three terms can either be a subclass of the | |||
attribute whose content should be compared to a value, | appropriate SUPAPolicyTerm class, or another object that | |||
which is typically specified by supa-policy-value-type."; | plays the role (i.e., a variable) of that term. The | |||
attribute defined by the supa-policy-variable-name | ||||
specifies the name of an attribute whose content should be | ||||
compared to the value portion of a SUPAPolicyTerm, which is | ||||
typically specified by a SUPAPolicyValue object."; | ||||
} | } | |||
container supa-policy-variable-container { | container supa-policy-variable-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyVariable."; | type SUPAPolicyVariable."; | |||
list supa-policy-variable-list { | list supa-policy-variable-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-policy-variable-type; | uses supa-policy-variable-type; | |||
description | description | |||
"List of all instances of supa-policy-variable-type. | "List of all instances of supa-policy-variable-type. | |||
If a module defines subclasses of this class, | If a module defines subclasses of this class, | |||
skipping to change at page 16, line 24 ¶ | skipping to change at page 27, line 4 ¶ | |||
those will be stored in a separate container."; | those will be stored in a separate container."; | |||
} | } | |||
} | } | |||
identity POLICY-COMPONENT-OPERATOR-TYPE { | identity POLICY-COMPONENT-OPERATOR-TYPE { | |||
base POLICY-COMPONENT-TERM-TYPE; | base POLICY-COMPONENT-TERM-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyOperator | "The identity corresponding to a SUPAPolicyOperator | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-operator-type { | grouping supa-policy-operator-type { | |||
uses supa-policy-term-type { | uses supa-policy-term-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-COMPONENT-OPERATOR-TYPE; | default POLICY-COMPONENT-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-value-op-type { | leaf supa-policy-value-op-type { | |||
type enumeration { | type enumeration { | |||
enum "unknown" { | enum "error" { | |||
description | description | |||
"This may be used as an initialization and/or | "This signifies an error state. OAM&P Policies | |||
an error state."; | SHOULD NOT use this SUPAPolicyOperator if the | |||
value of this attribute is error."; | ||||
} | ||||
enum "init" { | ||||
description | ||||
"This signifies an initialization state."; | ||||
} | } | |||
enum "greater than" { | enum "greater than" { | |||
description | description | |||
"A greater-than operator."; | "A greater-than operator."; | |||
} | } | |||
enum "greater than or equal to" { | enum "greater than or equal to" { | |||
description | description | |||
"A greater-than-or-equal-to operator."; | "A greater-than-or-equal-to operator."; | |||
} | } | |||
enum "less than" { | enum "less than" { | |||
skipping to change at page 17, line 15 ¶ | skipping to change at page 27, line 49 ¶ | |||
description | description | |||
"An equal-to operator."; | "An equal-to operator."; | |||
} | } | |||
enum "not equal to"{ | enum "not equal to"{ | |||
description | description | |||
"A not-equal-to operator."; | "A not-equal-to operator."; | |||
} | } | |||
enum "IN" { | enum "IN" { | |||
description | description | |||
"An operator that determines whether a given | "An operator that determines whether a given | |||
value matches any of the specified values."; | value of a variable in a SUPAPolicyTerm | |||
matches a value in a SUPAPolicyTerm."; | ||||
} | } | |||
enum "NOT IN" { | enum "NOT IN" { | |||
description | description | |||
"An operator that determines whether a given | "An operator that determines whether a given | |||
value does not match any of the specified | variable in a SUPAPolicyTerm does not match | |||
values."; | any of the specified values in a | |||
SUPAPolicyTerm."; | ||||
} | } | |||
enum "SET" { | enum "SET" { | |||
description | description | |||
"An operator that makes the value of the | "An operator that makes the value of the | |||
result equal to the input value."; | result equal to the input value."; | |||
} | } | |||
enum "CLEAR"{ | enum "CLEAR"{ | |||
description | description | |||
"An operator that deletes the value of the | "An operator that sets the value of the | |||
specified object."; | specified object to a value that is 0 for | |||
integer datatypes, an empty string for | ||||
textual datatypes, and FALSE for Boolean | ||||
datatypes. This value MUST NOT be NULL."; | ||||
} | } | |||
enum "BETWEEN" { | enum "BETWEEN" { | |||
description | description | |||
"An operator that determines whether a given | "An operator that determines whether a given | |||
value is within a specified range of values."; | value is within a specified range of values. | |||
Note that this is an inclusive operator."; | ||||
} | } | |||
} | } | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The type of operator used to compare the variable | "The type of operator used to compare the variable | |||
and value portions of this SUPA Policy Clause."; | and value portions of this SUPAPolicyTerm."; | |||
} | } | |||
description | description | |||
"This is one formulation of a SUPA Policy Clause. It uses | "This is one formulation of a SUPA Policy Clause. It uses | |||
an object, defined in the SUPA hierarchy, to represent the | the canonical form of an expression, which is a three-tuple | |||
operator portion of a SUPA Policy Clause. The attribute | in the form {variable, operator, value}. In this approach, | |||
defined by the supa-policy-op-type specifies an attribute | each of the three terms can either be a subclass of the | |||
whose content defines the type of operator used to compare | appropriate SUPAPolicyTerm class, or another object that | |||
the variable and value portions of this policy clause."; | plays the role (i.e., an operator) of that term. | |||
The value of the supa-policy-value-op-type attribute | ||||
specifies an operator that SHOULD be used to compare the | ||||
variable and value portions of a SUPAPolicyTerm. This is | ||||
typically specified by a SUPAPolicyOperator object."; | ||||
} | } | |||
container supa-policy-operator-container { | container supa-policy-operator-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyOperator."; | type SUPAPolicyOperator."; | |||
list supa-policy-operator-list { | list supa-policy-operator-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-policy-operator-type; | uses supa-policy-operator-type; | |||
description | description | |||
"List of all instances of supa-policy-operator-type. | "List of all instances of supa-policy-operator-type. | |||
skipping to change at page 18, line 28 ¶ | skipping to change at page 29, line 28 ¶ | |||
identity POLICY-COMPONENT-VALUE-TYPE { | identity POLICY-COMPONENT-VALUE-TYPE { | |||
base POLICY-COMPONENT-TERM-TYPE; | base POLICY-COMPONENT-TERM-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyValue | "The identity corresponding to a SUPAPolicyValue | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-value-type { | grouping supa-policy-value-type { | |||
uses supa-policy-term-type { | uses supa-policy-term-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-COMPONENT-VALUE-TYPE; | default POLICY-COMPONENT-TYPE; | |||
} | } | |||
} | } | |||
leaf-list supa-policy-value-content { | leaf-list supa-policy-value-content { | |||
type string; | type string; | |||
description | description | |||
"The content of the value portion of this SUPA Policy | "The content of the value portion of this SUPA Policy | |||
Clause. The data type of the content is specified in | Clause. The data type of the content is specified in | |||
the supa-policy-value-encoding."; | the supa-policy-value-encoding attribute."; | |||
} | } | |||
leaf supa-policy-value-encoding { | leaf supa-policy-value-encoding { | |||
type policy-data-type-encoding-list; | type policy-data-type-encoding-list; | |||
description | description | |||
"The data type of the supa-policy-value-content."; | "The data type of the supa-policy-value-content | |||
attribute."; | ||||
} | } | |||
description | description | |||
"This is one formulation of a SUPA Policy Clause. It uses | "This is one formulation of a SUPA Policy Clause. It uses | |||
an object, defined in the SUPA hierarchy, to represent the | the canonical form of an expression, which is a three-tuple | |||
value portion of a SUPA Policy Clause. The attribute | in the form {variable, operator, value}. In this approach, | |||
defined by the supa-policy-value-content specifies an | each of the three terms can either be a subclass of the | |||
attribute whose content should be compared to a variable, | appropriate SUPAPolicyTerm class, or another object that | |||
which is typically specified by supa-policy-variable-type."; | plays the role (i.e., a value) of that term. The | |||
attribute defined by supa-policy-value-content specifies a | ||||
a value (which is typically specified by a subclass of | ||||
SUPAPolicyVariable) that should be compared to a value in | ||||
the variable portion of the SUPAPolicyTerm."; | ||||
} | } | |||
container supa-policy-value-container { | container supa-policy-value-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyValue."; | type SUPAPolicyValue."; | |||
list supa-policy-value-list { | list supa-policy-value-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-policy-value-type; | uses supa-policy-value-type; | |||
description | description | |||
"List of all instances of supa-policy-value-type. | "List of all instances of supa-policy-value-type. | |||
skipping to change at page 19, line 28 ¶ | skipping to change at page 30, line 28 ¶ | |||
identity POLICY-GENERIC-DECORATED-TYPE { | identity POLICY-GENERIC-DECORATED-TYPE { | |||
base POLICY-COMPONENT-DECORATOR-TYPE; | base POLICY-COMPONENT-DECORATOR-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAGenericDecoratedComponent object instance."; | SUPAGenericDecoratedComponent object instance."; | |||
} | } | |||
grouping supa-policy-generic-decorated-type { | grouping supa-policy-generic-decorated-type { | |||
uses supa-policy-component-decorator-type { | uses supa-policy-component-decorator-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-GENERIC-DECORATED-TYPE; | default POLICY-COMPONENT-TYPE; | |||
} | } | |||
} | } | |||
leaf-list supa-policy-generic-decorated-content { | leaf-list supa-policy-generic-decorated-content { | |||
type string; | type string; | |||
description | description | |||
"The content of this SUPA Policy Clause. The data type | "The content of this SUPAGenericDecoratedComponent | |||
of this attribute is specified in the | object instance. The data type of this attribute is | |||
specified in the leaf | ||||
supa-policy-generic-decorated-encoding."; | supa-policy-generic-decorated-encoding."; | |||
} | } | |||
leaf supa-policy-generic-decorated-encoding { | leaf supa-policy-generic-decorated-encoding { | |||
type policy-data-type-encoding-list; | type policy-data-type-encoding-list; | |||
description | description | |||
"The data type of the | "The datatype of the | |||
supa-policy-generic-decorated-content attribute."; | supa-policy-generic-decorated-content attribute."; | |||
} | } | |||
description | description | |||
"This object enables a generic object to be defined and | "This class enables a generic object to be defined and | |||
used as a decorator in a SUPA Policy Clause. | used as a decorator in a SUPA Policy Clause. This class | |||
This should not be confused with the SUPAEncodedClause | should not be confused with the SUPAEncodedClause class. | |||
class. This class represents a single, atomic, | A SUPAGenericDecoratedComponent object represents a single, | |||
vendor-specific object that defines a portion of a SUPA | atomic object that defines a portion of the contents of a | |||
Policy Clause, whereas a SUPA Policy Encoded Clause | SUPAPolicyClause, whereas a SUPAPolicyEncodedClause | |||
represents the entire policy clause."; | represents the entire contents of a SUPAPolicyClause."; | |||
} | } | |||
container supa-policy-generic-decorated-container { | container supa-policy-generic-decorated-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAGenericDecoratedComponent."; | type SUPAGenericDecoratedComponent."; | |||
list supa-encoding-clause-list { | list supa-encoding-clause-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-policy-generic-decorated-type; | uses supa-policy-generic-decorated-type; | |||
description | description | |||
"List of all instances of | "List of all instances of | |||
supa-policy-generic-decorated-type. If a module | supa-policy-generic-decorated-type. If a module | |||
defines subclasses of this class, those will be | defines subclasses of this class, those will be | |||
stored in a separate container."; | stored in a separate container."; | |||
} | } | |||
} | } | |||
identity POLICY-COLLECTION { | ||||
base POLICY-COMPONENT-DECORATOR-TYPE; | ||||
description | ||||
"The identity corresponding to a SUPAPolicyCollection | ||||
object instance."; | ||||
} | ||||
grouping supa-policy-collection { | ||||
uses supa-policy-component-decorator-type { | ||||
refine entity-class { default POLICY-COLLECTION; | ||||
} | ||||
} | ||||
leaf-list supa-policy-collection-content { | ||||
type string; | ||||
description | ||||
"The content of this collection object. The data type | ||||
is specified in supa-policy-collection-encoding."; | ||||
} | ||||
leaf supa-policy-collection-encoding { | ||||
type enumeration { | ||||
enum "undefined" { | ||||
description | ||||
"This may be used as an initialization and/or | ||||
an error state."; | ||||
} | ||||
enum "by regex" { | ||||
description | ||||
"This defines the data type of the content of | ||||
this collection instance to be a regular | ||||
expression that contains all or part of a | ||||
string to match the class name of the object | ||||
that is to be collected by this instance of a | ||||
SUPAPolicyCollection class."; | ||||
} | ||||
enum "by URI" { | ||||
description | ||||
"This defines the data type of the content of | ||||
this collection instance to be a Uniform | ||||
Resource Identifier. It identifies the object | ||||
instance that is to be collected by this | ||||
instance of a SUPAPolicyCollection class."; | ||||
} | ||||
} | ||||
mandatory true; | ||||
description | ||||
"The data type of the supa-policy-collection-content."; | ||||
} | ||||
leaf supa-policy-collection-function { | ||||
type enumeration { | ||||
enum "undefined" { | ||||
description | ||||
"This may be used as an initialization and/or | ||||
an error state."; | ||||
} | ||||
enum "event collection" { | ||||
description | ||||
"This collection contains objects that are used | ||||
to populate the event clause of a | ||||
SUPA Policy."; | ||||
} | ||||
enum "condition collection" { | ||||
description | ||||
"This collection contains objects that are used | ||||
to populate the condition clause of a | ||||
SUPA Policy."; | ||||
} | ||||
enum "action collection" { | ||||
description | ||||
"This collection contains objects that are used | ||||
to populate the action clause of a | ||||
SUPA Policy."; | ||||
} | ||||
enum "logic collection" { | ||||
description | ||||
"This collection contains objects that define | ||||
logic for processing a SUPA Policy."; | ||||
} | ||||
} | ||||
description | ||||
"Defines how this collection instance is to be used."; | ||||
} | ||||
leaf supa-policy-collection-is-ordered { | ||||
type boolean; | ||||
description | ||||
"If the value of this leaf is true, then all elements | ||||
in this collection are ordered."; | ||||
} | ||||
leaf supa-policy-collection-type { | ||||
type enumeration { | ||||
enum "undefined" { | ||||
description | ||||
"This may be used as an initialization and/or | ||||
an error state."; | ||||
} | ||||
enum "set" { | ||||
description | ||||
"An unordered collection of elements that MUST | ||||
NOT have duplicates."; | ||||
} | ||||
enum "bag" { | ||||
description | ||||
"An unordered collection of elements that MAY | ||||
have duplicates."; | ||||
} | ||||
enum "dictionary" { | ||||
description | ||||
"A list of values that is interpreted as a set | ||||
of pairs, with the first entry of each pair | ||||
interpreted as a dictionary key, and the | ||||
second entry interpreted as a value for that | ||||
key. As a result, collections using this value | ||||
of supa-policy-collection-type MUST have | ||||
supa-policy-collection-is-ordered set to true."; | ||||
} | ||||
} | ||||
mandatory true; | ||||
description | ||||
"The type of the supa-policy-collection."; | ||||
} | ||||
description | ||||
"This enables a collection of arbitrary objects to be | ||||
defined and used in a SUPA Policy Clause. | ||||
This should not be confused with the SUPAEncodedClause | ||||
class. This class represents a single, atomic, object that | ||||
defines a portion of a SUPA Policy Clause, whereas a SUPA | ||||
Policy Encoded Clause represents the entire policy clause."; | ||||
} | ||||
container supa-policy-collection-container { | ||||
description | ||||
"This is a container to collect all object instances of | ||||
type SUPAPolicyCollection."; | ||||
list supa-policy-collection-list { | ||||
key supa-policy-ID; | ||||
uses supa-policy-collection; | ||||
description | ||||
"List of all instances of supa-policy-collection. | ||||
If a module defines subclasses of this class, | ||||
those will be stored in a separate container."; | ||||
} | ||||
} | ||||
identity POLICY-STRUCTURE-TYPE { | identity POLICY-STRUCTURE-TYPE { | |||
base POLICY-OBJECT-TYPE; | base POLICY-OBJECT-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyStructure | "The identity corresponding to a SUPAPolicyStructure | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-structure-type { | grouping supa-policy-structure-type { | |||
uses supa-policy-object-type { | uses supa-policy-object-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-STRUCTURE-TYPE; | default POLICY-STRUCTURE-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-admin-status { | leaf supa-policy-admin-status { | |||
type enumeration { | type enumeration { | |||
enum "unknown" { | enum "error" { | |||
description | description | |||
"This may be used as an initialization and/or | "This signifies an error state. OAM&P Policies | |||
an error state."; | SHOULD NOT use this SUPAPolicy if the value | |||
of this attribute is error."; | ||||
} | ||||
enum "init" { | ||||
description | ||||
"This signifies an initialization state."; | ||||
} | } | |||
enum "enabled" { | enum "enabled" { | |||
description | description | |||
"This SUPA Policy Rule has been | "This signifies that this SUPAPolicy has been | |||
administratively enabled."; | administratively enabled."; | |||
} | } | |||
enum "disabled" { | enum "disabled" { | |||
description | description | |||
"This SUPA Policy Rule has been | "This signifies that this SUPAPolicy has been | |||
administratively disabled."; | administratively disabled."; | |||
} | } | |||
enum "in test" { | enum "in test" { | |||
description | description | |||
"This SUPA Policy Rule has been | "This signifies that this SUPAPolicy has been | |||
administratively placed into test mode, and | administratively placed into test mode, and | |||
SHOULD NOT be used as part of an operational | SHOULD NOT be used as part of an operational | |||
policy rule."; | policy rule."; | |||
} | } | |||
} | } | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The current admnistrative status of this SUPA POLICY | "The current admnistrative status of this SUPAPolicy."; | |||
Rule."; | ||||
} | } | |||
leaf supa-policy-continuum-level { | leaf supa-policy-continuum-level { | |||
type uint32; | type uint32; | |||
description | description | |||
"This is the current level of abstraction of this | "This is the current level of abstraction of this | |||
particular SUPA Policy Rule."; | particular SUPAPolicyRule. By convention, the | |||
values 0 and 1 should be used for error and | ||||
initialization states; a value of 2 is the most | ||||
abstract level, and higher values denote more | ||||
concrete levels."; | ||||
} | } | |||
leaf supa-policy-deploy-status { | leaf supa-policy-deploy-status { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | ||||
"This may be used as an initialization and/or | ||||
an error state."; | ||||
} | ||||
enum "deployed and enabled" { | ||||
description | ||||
"This SUPA Policy Rule has been deployed and | ||||
enabled."; | ||||
} | ||||
enum "disabled" { | ||||
description | ||||
"This SUPA Policy Rule has been | ||||
administratively disabled."; | ||||
} | ||||
enum "in test" { | ||||
description | ||||
"This SUPA Policy Rule has been | ||||
administratively placed into test mode, and | ||||
SHOULD NOT be used as part of an operational | ||||
policy rule."; | ||||
} | ||||
} | ||||
mandatory true; | ||||
description | ||||
"This is the current level of abstraction of this | ||||
particular SUPA Policy Rule."; | ||||
} | ||||
leaf supa-policy-exec-status { | ||||
type enumeration { | ||||
enum "undefined" { | ||||
description | ||||
"This may be used as an initialization and/or | ||||
an error state."; | ||||
} | ||||
enum "operational success" { | ||||
description | description | |||
"This SUPA Policy Rule has been executed in | "This signifies an error state. OAM&P Policies | |||
operational mode, and produced no errors."; | SHOULD NOT use this SUPAPolicy if the value | |||
of this attribute is error."; | ||||
} | } | |||
enum "operational failure" { | enum "init" { | |||
description | description | |||
"This SUPA Policy Rule has been executed in | "This signifies an initialization state."; | |||
operational mode, but has produced at least | ||||
one error."; | ||||
} | } | |||
enum "currently in operation" { | enum "deployed and enabled" { | |||
description | description | |||
"This SUPA Policy Rule is currently still | "This SUPAPolicy has been deployed in the | |||
executing in operational mode."; | system and is currently enabled."; | |||
} | } | |||
enum "ready" { | enum "deployed and in test" { | |||
description | description | |||
"This SUPA Policy Rule is ready to be | "This SUPAPolicy has been deployed in the | |||
executed in operational mode."; | system, but is currently in test and SHOULD | |||
NOT be used in OAM&P policies."; | ||||
} | } | |||
enum "test success" { | enum "deployed but not enabled" { | |||
description | description | |||
"This SUPA Policy Rule has been executed in | "This SUPAPolicy has been deployed in the | |||
test mode, and produced no errors."; | system, but has been administratively | |||
disabled."; | ||||
} | } | |||
enum "test failure" { | enum "ready to be deployed" { | |||
description | description | |||
"This SUPA Policy Rule has been executed in | "This SUPAPolicy has been properly initialized, | |||
test mode, but has produced at least | and is now ready to be deployed."; | |||
one error."; | ||||
} | } | |||
enum "currently in test" { | enum "cannot be deployed" { | |||
description | description | |||
"This SUPA Policy Rule is currently still | "This SUPAPolicy has been administratively | |||
executing in test mode."; | disabled, and SHOULD NOT be used as part of | |||
an OAM&P policy."; | ||||
} | } | |||
} | } | |||
mandatory true; | mandatory true; | |||
description | description | |||
"This is the current level of abstraction of this | "This attribute defines whether this SUPAPolicy has | |||
particular SUPA Policy Rule."; | been deployed and, if so, whether it is enabled and | |||
ready to be used or not."; | ||||
} | } | |||
leaf supa-policy-exec-fail-strategy { | leaf supa-policy-exec-fail-strategy { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | description | |||
"This may be used as an initialization and/or | "This signifies an error state. OAM&P Policies | |||
an error state."; | SHOULD NOT use this SUPAPolicy if the value | |||
of this attribute is error."; | ||||
} | ||||
enum "init" { | ||||
description | ||||
"This signifies an initialization state."; | ||||
} | } | |||
enum "rollback all" { | enum "rollback all" { | |||
description | description | |||
"This means that execution of this SUPA | "This means that execution of this SUPAPolicy | |||
Policy Rule is stopped, rollback of all | SHOULD be stopped, and rollback of all | |||
actions (whether successful or not) is | SUPAPolicyActions (whether they were | |||
attempted, and all SUPA Policy Rules that | successfully executed or not) performed by | |||
otherwise would have executed are ignored."; | this particular SUPAPolicy is attempted. Also, | |||
all SUPAPolicies that otherwise would have | ||||
been executed as a result of this SUPAPolicy | ||||
are NOT executed."; | ||||
} | } | |||
enum "rollback failure" { | enum "rollback single" { | |||
description | description | |||
"This means that execution of this SUPA | "This means that execution of this SUPAPolicy | |||
Policy Rule is stopped, and rollback is | SHOULD be stopped, and rollback is attempted | |||
attempted for only the SUPA Policy Rule that | for ONLY the SUPAPolicyAction (belonging to | |||
failed to execute correctly."; | this particular SUPAPolicy) that failed to | |||
execute correctly. All remaining actions | ||||
including SUPAPolicyActions and SUPAPolicies | ||||
that otherwise would have been executed as a | ||||
result of this SUPAPolicy, are NOT executed."; | ||||
} | } | |||
enum "stop execution" { | enum "stop execution" { | |||
description | description | |||
"This means that execution of this SUPA Policy | "This means that execution of this SUPAPolicy | |||
Rule SHOULD be stopped."; | SHOULD be stopped without any other action | |||
being performed; this includes corrective | ||||
actions, such as rollback, as well as any | ||||
SUPAPolicyActions or SUPAPolicies that | ||||
otherwise would have been executed."; | ||||
} | } | |||
enum "ignore" { | enum "ignore" { | |||
description | description | |||
"This means that any failures produced by this | "This means that any failures produced by this | |||
SUPA Policy Rule SHOULD be ignored."; | SUPAPolicy SHOULD be ignored, and hence, no | |||
corrective actions, such as rollback, will | ||||
be performed at this time. Hence, any other | ||||
SUPAPolicyActions or SUPAPolicies SHOULD | ||||
continue to be executed."; | ||||
} | } | |||
} | } | |||
mandatory true; | mandatory true; | |||
description | description | |||
"This defines what actions, if any, should be taken by | "This defines what actions, if any, should be taken by | |||
this particular SUPA Policy Rule if it fails to | this particular SUPA Policy Rule if it fails to | |||
execute correctly. Some implementations may not be | execute correctly. Some implementations may not be | |||
able to accommodate the rollback failure option; | able to accommodate the rollback failure option; | |||
hence, this option may be skipped."; | hence, this option may be skipped."; | |||
} | } | |||
leaf-list supa-has-policy-source-agg { | leaf-list supa-has-policy-source-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-SOURCE-ASSOC)"; | SUPA-HAS-POLICY-SOURCE-ASSOC)"; | |||
description | description | |||
"The SUPAPolicyStructure (i.e., the type of SUPA | "This leaf-list holds instance-identifiers that | |||
Policy Rule) object instance that aggregates this set | reference SUPAHasPolicySource associations [1]. | |||
set of SUPAPolicySource object instances. This | This association is represented by the grouping | |||
defines the object class that this instance-identifier | supa-has-policy-source-detail, and describes how | |||
points to."; | this SUPAPolicyStructure instance is related to a | |||
set of SUPAPolicySource instances. Each | ||||
SUPAPolicySource instance defines a set of | ||||
unambiguous sources of this SUPAPolicy. Since | ||||
this association class contains attributes, the | ||||
instance-identifier MUST point to an instance using | ||||
the grouping supa-has-policy-source-detail (which | ||||
includes subclasses of this association class)."; | ||||
} | } | |||
leaf-list supa-has-policy-target-agg { | leaf-list supa-has-policy-target-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-TARGET-ASSOC)"; | SUPA-HAS-POLICY-TARGET-ASSOC)"; | |||
description | description | |||
"This represents the aggregation of Policy Target | "This leaf-list holds instance-identifiers that | |||
objects by this particular SUPA Policy Rule. It is | reference SUPAHasPolicyTarget associations [1]. | |||
the SUPAPolicyStructure object instance that | This association is represented by the grouping | |||
aggregates this set of SUPAPolicyTarget object | supa-has-policy-target-detail, and describes how | |||
instances. This defines the object class that | this SUPAPolicyStructure instance is related to a | |||
this instance-identifier points to."; | set of SUPAPolicyTarget instances. Each | |||
SUPAPolicyTarget instance defines a set of | ||||
unambiguous managed entities to which this | ||||
SUPAPolicy will be applied to. Since this association | ||||
class contains attributes, the instance-identifier | ||||
MUST point to an instance using the grouping | ||||
supa-has-policy-target-detail (which includes | ||||
subclasses of this association class)."; | ||||
} | } | |||
leaf-list supa-has-policy-clause-agg { | leaf-list supa-has-policy-clause-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-CLAUSE-ASSOC)"; | SUPA-HAS-POLICY-CLAUSE-ASSOC)"; | |||
description | description | |||
"The SUPAPolicyStructure object instance that | "This leaf-list holds instance-identifiers that | |||
aggregates this set of SUPAPolicyClause object | reference SUPAHasPolicyClause associations [1]. This | |||
instances. This defines the object class that | association is represented by the grouping | |||
this instance-identifier points to."; | supa-has-policy-clause-detail. This association | |||
describes how this particular SUPAPolicyStructure | ||||
instance is related to this set of SUPAPolicyClause | ||||
instances. Since this association class contains | ||||
attributes, the instance-identifier MUST point to an | ||||
instance using the supa-has-policy-clause-detail | ||||
(which includes subclasses of this association | ||||
class)."; | ||||
} | } | |||
leaf-list supa-has-policy-exec-action-assoc-src-ptr { | leaf-list supa-has-policy-exec-fail-action-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; | SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; | |||
description | description | |||
"This associates a SUPAPolicyStructure (i.e., a SUPA | "This leaf-list holds instance-identifiers that | |||
Policy Rule) object instance to zero or more SUPA | reference a SUPAHasPolExecFailtActionToTake | |||
Policy Actions to be used to correct errors caused if | association [1]. This association is represented by | |||
this SUPA Policy Rule does not execute correctly."; | the supa-has-policy-exec-action-detail grouping. This | |||
association relates this SUPAPolicyStructure instance | ||||
(the parent) to one or more SUPAPolicyStructure | ||||
instances (the children), where each child | ||||
SUPAPolicyStructure contains one or more | ||||
SUPAPolicyActions to be executed if the parent | ||||
SUPAPolicyStructure instance generates an error while | ||||
it is executing. Since this association class contains | ||||
attributes, the instance-identifier MUST point to an | ||||
instance using the grouping | ||||
supa-has-policy-exec-action-detail (which includes | ||||
subclasses of this association class)."; | ||||
} | } | |||
leaf-list supa-has-policy-exec-action-assoc-dst-ptr { | leaf-list supa-has-policy-exec-fail-action-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; | SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; | |||
min-elements 1; | min-elements 1; | |||
description | description | |||
"The set of zero or more SUPA Policy Actions to be used | "This leaf-list holds instance-identifiers that | |||
by this particular SUPAPolicyStructure (i.e., SUPA | reference a SUPAHasPolExecFailtActionToTake | |||
Policy Rule to correct errors caused if this SUPA | association [1]. This association is represented by | |||
Policy Rule does not execute correctly."; | the supa-has-policy-exec-action-detail grouping. This | |||
association relates this SUPAPolicyStructure instance | ||||
(the child) to another SUPAPolicyStructure instance | ||||
(the parent). The child SUPAPolicyStructure contains | ||||
one or more SUPAPolicyActions to be executed if the | ||||
parent SUPAPolicyStructure instance generates an error | ||||
while it is executing; the parent SUPAPolicyStructure | ||||
contains one or more child SUPAPolicyStructure | ||||
instances to enable it to choose how to handle each | ||||
type of failure. Since this association class contains | ||||
attributes, the instance-identifier MUST point to an | ||||
instance using the grouping | ||||
supa-has-policy-exec-action-detail (which includes | ||||
subclasses of this association class)."; | ||||
} | } | |||
description | description | |||
"A superclass for all objects that represent different types | "A superclass for all objects that represent different types | |||
of Policy Rules. Currently, this is limited to a single | of SUPAPolicies. Currently, this is limited to a single | |||
type - the event-condition-action (ECA) policy rule. | type, which is the event-condition-action (ECA) Policy | |||
A SUPA Policy may be an individual policy, or a set of | Rule. A SUPA Policy may be an individual policy, or a set | |||
policies. This is supported by applying the composite | of policies. Subclasses MAY support this feature by | |||
pattern to this class."; | implementing the composite pattern."; | |||
} | } | |||
identity POLICY-SOURCE-TYPE { | identity POLICY-SOURCE-TYPE { | |||
base POLICY-OBJECT-TYPE; | base POLICY-OBJECT-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicySource | "The identity corresponding to a SUPAPolicySource | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-source-type { | grouping supa-policy-source-type { | |||
uses supa-policy-object-type { | uses supa-policy-object-type { | |||
refine entity-class { | refine entity-class { | |||
skipping to change at page 28, line 17 ¶ | skipping to change at page 37, line 4 ¶ | |||
"The identity corresponding to a SUPAPolicySource | "The identity corresponding to a SUPAPolicySource | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-source-type { | grouping supa-policy-source-type { | |||
uses supa-policy-object-type { | uses supa-policy-object-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-SOURCE-TYPE; | default POLICY-SOURCE-TYPE; | |||
} | } | |||
} | } | |||
leaf-list supa-has-policy-source-part { | leaf-list supa-has-policy-source-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-SOURCE-ASSOC)"; | SUPA-HAS-POLICY-SOURCE-ASSOC)"; | |||
description | description | |||
"This represents the aggregation of one or more SUPA | "This leaf-list holds the instance-identifiers that | |||
Policy Source objects to this particular SUPA Policy | reference a SUPAHasPolicySource association [1], which | |||
Rule object. In other words, it is the set of | is represented by the supa-has-policy-source-detail | |||
SUPAPolicySource object instances that are aggregated | grouping. This association describes how each | |||
by this SUPAPolicyStructure (i.e., this SUPA Policy | SUPAPolicySource instance is related to this | |||
Rule). This defines the object class that this | particular SUPAPolicyStructure instance. Since | |||
instance-identifier points to."; | this association class contains attributes, the | |||
instance-identifier MUST point to an instance using | ||||
the grouping supa-has-policy-source-detail (which | ||||
includes subclasses of this association class)."; | ||||
} | } | |||
description | description | |||
"This object defines a set of managed entities that | "This object defines a set of managed entities that | |||
authored, or are otherwise responsible for, this SUPA | authored, or are otherwise responsible for, this | |||
Policy Rule. Note that a SUPA Policy Source does not | SUPAPolicy. Note that a SUPAPolicySource does not evaluate | |||
evaluate or execute SUPAPolicies. Its primary use is for | or execute SUPAPolicies. Its primary use is for | |||
auditability and the implementation of deontic and/or | auditability and the implementation of deontic and/or | |||
alethic logic."; | alethic logic. It is expected that this grouping will be | |||
extended (i.e., subclassed) when used, so that the system | ||||
can add specific information appropriate to sources of | ||||
policy of that particular system."; | ||||
} | } | |||
identity POLICY-TARGET-TYPE { | identity POLICY-TARGET-TYPE { | |||
base POLICY-OBJECT-TYPE; | base POLICY-OBJECT-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyTarget | "The identity corresponding to a SUPAPolicyTarget | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-target-type { | grouping supa-policy-target-type { | |||
uses supa-policy-object-type { | uses supa-policy-object-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-TARGET-TYPE; | default POLICY-TARGET-TYPE; | |||
} | } | |||
} | } | |||
leaf-list supa-has-policy-target-part { | leaf-list supa-has-policy-target-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-TARGET-ASSOC)"; | SUPA-HAS-POLICY-TARGET-ASSOC)"; | |||
description | description | |||
"This represents the aggregation of one or more SUPA | "This leaf-list holds instance-identifiers that | |||
Policy Target objects to this particular SUPA Policy | reference a SUPAHasPolicyTarget association. This is | |||
Rule object. In other words, it is the set of | represented by the supa-has-policy-target-detail | |||
SUPAPolicyTarget object instances that are aggregated | grouping. This association describes how each | |||
by this SUPAPolicyStructure (i.e., this SUPA Policy | SUPAPolicyTarget instance is related to a particular | |||
Rule). This defines the object class that this | SUPAPolicyStructure instance. For example, this | |||
instance-identifier points to."; | association may restrict which SUPAPolicyTarget | |||
instances can be used by which SUPAPolicyStructure | ||||
instances. The SUPAPolicyTarget defines a | ||||
set of managed entities that this SUPAPolicyStructure | ||||
will be applied to. Since this association class | ||||
contains attributes, the instance-identifier MUST | ||||
point to an instance using the grouping | ||||
supa-has-policy-target-detail (which | ||||
includes subclasses of this association class)."; | ||||
} | } | |||
description | description | |||
"This object defines a set of managed entities that a | "This object defines a set of managed entities that a | |||
SUPA Policy Rule is applied to."; | SUPAPolicy is applied to. It is expected that this | |||
grouping will be extended (i.e., subclassed) when used, | ||||
so that the system can add specific information | ||||
appropriate to policy targets of that particular system."; | ||||
} | } | |||
identity POLICY-METADATA-TYPE { | identity POLICY-METADATA-TYPE { | |||
description | description | |||
"The identity corresponding to a SUPAPolicyMetadata | "The identity corresponding to a SUPAPolicyMetadata | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-metadata-type { | grouping supa-policy-metadata-type { | |||
leaf supa-policy-metadata-id { | leaf supa-policy-metadata-id { | |||
type string; | type string; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"This represents part of the object identifier of an | "This represents the object identifier of an instance | |||
instance of this class. It defines the content of the | of this class. This attribute is named | |||
object identifier."; | supaPolMetadataIDContent in [1], and is used with | |||
another attribute (supaPolMetadataIDEncoding); since | ||||
the YANG data model does not need this genericity, the | ||||
supaPolMetadataIDContent attribute was renamed, and | ||||
the supaPolMetadataIDEncoding attribute was | ||||
not mapped."; | ||||
} | } | |||
leaf entity-class { | leaf entity-class { | |||
type identityref { | type identityref { | |||
base POLICY-METADATA-TYPE; | base POLICY-METADATA-TYPE; | |||
} | } | |||
default POLICY-METADATA-TYPE; | default POLICY-METADATA-TYPE; | |||
description | description | |||
"The identifier of the class of this grouping."; | "The identifier of the class of this grouping."; | |||
} | } | |||
leaf supa-policy-metadata-id-encoding { | ||||
type policy-data-type-id-encoding-list; | ||||
mandatory true; | ||||
description | ||||
"This represents part of the object identifier of an | ||||
instance of this class. It defines the format of the | ||||
object identifier."; | ||||
} | ||||
leaf supa-policy-metadata-description { | leaf supa-policy-metadata-description { | |||
type string; | type string; | |||
description | description | |||
"This contains a free-form textual description of this | "This contains a free-form textual description of this | |||
metadata object."; | metadata object (e.g., what it may be used for)."; | |||
} | } | |||
leaf supa-policy-metadata-name { | leaf supa-policy-metadata-name { | |||
type string; | type string; | |||
description | description | |||
"This contains a human-readable name for this | "This contains a human-readable name for this | |||
metadata object."; | metadata object."; | |||
} | } | |||
leaf-list supa-has-policy-metadata-part { | leaf-list supa-has-policy-metadata-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-METADATA-ASSOC)"; | SUPA-HAS-POLICY-METADATA-ASSOC)"; | |||
description | description | |||
"This represents the set of SUPAPolicyMetadata object | "This leaf-list holds instance-identifiers that | |||
instances that are aggregated by this SUPAPolicyObject | reference a SUPAHasPolicyMetadata association [1], | |||
object instance (i.e., this is the set of policy | which is represented by the grouping | |||
metadata aggregated by this SUPAPolicyObject). As | supa-has-policy-metadata-detail. Each instance- | |||
there are attributes on this association, the | identifier defines a unique set of information that | |||
instance-identifier MUST point to an instance using | describe and/or prescribe additional information, | |||
the grouping supa-has-policy-metadata-detail (which | provided by this SUPAPolicyMetadata instance, that can | |||
includes the subclasses of the association class)."; | be associated with this SUPAPolicyObject instance. | |||
Multiple SUPAPolicyMetadata objects may be attached to | ||||
a concrete subclass of the SUPAPolicyObject class that | ||||
is referenced in this association by using the | ||||
Decorator pattern [1]. For example, a | ||||
SUPAPolicyVersionMetadataDef instance could wrap a | ||||
SUPAECAPolicyRuleAtomic instance; this would define | ||||
the version of this particular SUPAECAPolicyRuleAtomic | ||||
instance. Since this association class contains | ||||
attributes, the instance-identifier MUST point to an | ||||
instance using the grouping | ||||
supa-has-policy-metadata-detail (which includes | ||||
subclasses of this association class)."; | ||||
} | } | |||
leaf supa-policy-metadata-decorator-part { | leaf-list supa-has-policy-metadata-dec-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; | SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)"; | |||
mandatory true; | min-elements 1; | |||
description | description | |||
"This object implements the decorator pattern, which is | "This leaf-list holds instance-identifiers that | |||
applied to SUPA metadata objects. This enables all or | reference a SUPAHasMetadaDecorator association [1]. | |||
part of one or more metadata objects to wrap another | This association is represented by the grouping | |||
concrete metadata object."; | supa-has-policy-metadata-dec-detail. This association | |||
describes how a SUPAPolicyMetadataDecorator instance | ||||
wraps a given SUPAPolicyMetadata instance using the | ||||
Decorator pattern [1]. Multiple concrete subclasses | ||||
of SUPAPolicyMetadataDecorator may be used to wrap | ||||
the same SUPAPolicyMetadata instance. Since this | ||||
association class contains attributes, the | ||||
instance-identifier MUST point to an instance using | ||||
the grouping supa-has-policy-metadata-dec-detail (which | ||||
includes subclasses of this association class)."; | ||||
} | } | |||
description | description | |||
"This is the superclass of all metadata classes. Metadata | "This is the superclass of all metadata classes. Metadata | |||
is information that describes and/or prescribes the | is information that describes and/or prescribes the | |||
characteristics and behavior of another object that is | characteristics and behavior of another object that is | |||
not an inherent, distinguishing characteristics or | not an inherent, distinguishing characteristics or | |||
behavior of that object."; | behavior of that object."; | |||
} | } | |||
identity POLICY-METADATA-CONCRETE-TYPE { | identity POLICY-METADATA-CONCRETE-TYPE { | |||
skipping to change at page 31, line 4 ¶ | skipping to change at page 40, line 25 ¶ | |||
not an inherent, distinguishing characteristics or | not an inherent, distinguishing characteristics or | |||
behavior of that object."; | behavior of that object."; | |||
} | } | |||
identity POLICY-METADATA-CONCRETE-TYPE { | identity POLICY-METADATA-CONCRETE-TYPE { | |||
base POLICY-METADATA-TYPE; | base POLICY-METADATA-TYPE; | |||
description | description | |||
"The identity corresponding to a SUPAPolicyConcreteMetadata | "The identity corresponding to a SUPAPolicyConcreteMetadata | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-policy-concrete-metadata-type { | grouping supa-policy-concrete-metadata-type { | |||
uses supa-policy-metadata-type { | uses supa-policy-metadata-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-METADATA-TYPE; | default POLICY-METADATA-CONCRETE-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-metadata-valid-period-end { | leaf supa-policy-metadata-valid-period-end { | |||
type yang:date-and-time; | type yang:date-and-time; | |||
description | description | |||
"This defines the ending date and time that this | "This defines the ending date and time that this | |||
metadata object is valid for."; | metadata object is valid for."; | |||
} | } | |||
leaf supa-policy-metadata-valid-period-start { | leaf supa-policy-metadata-valid-period-start { | |||
type yang:date-and-time; | type yang:date-and-time; | |||
skipping to change at page 32, line 4 ¶ | skipping to change at page 41, line 23 ¶ | |||
system."; | system."; | |||
} | } | |||
} | } | |||
identity POLICY-METADATA-DECORATOR-TYPE { | identity POLICY-METADATA-DECORATOR-TYPE { | |||
base POLICY-METADATA-TYPE; | base POLICY-METADATA-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAPolicyMetadataDecorator object instance."; | SUPAPolicyMetadataDecorator object instance."; | |||
} | } | |||
grouping supa-policy-metadata-decorator-type { | grouping supa-policy-metadata-decorator-type { | |||
uses supa-policy-metadata-type { | uses supa-policy-metadata-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-METADATA-DECORATOR-TYPE; | default POLICY-METADATA-DECORATOR-TYPE; | |||
} | } | |||
} | } | |||
leaf-list supa-policy-metadata-decorator-agg { | leaf supa-has-policy-metadata-dec-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; | SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)"; | |||
max-elements 1; | ||||
description | description | |||
"This represents the decorator pattern being applied to | "This leaf-list holds instance-identifiers that | |||
metadata. This is the aggregate part (i.e., the | reference a SUPAHasMetadaDecorator association [1]. | |||
concrete subclass of the SUPAPolicyMetadataDecorator | This association is represented by the grouping | |||
class that wraps a concrete subclass of | supa-has-policy-metadata-dec-detail. This association | |||
SUPAPolicyMetadata; currently, the only such class is | describes how a SUPAPolicyMetadataDecorator instance | |||
SUPAPolicyConcreteMetadata)."; | wraps a given SUPAPolicyMetadata instance | |||
using the Decorator pattern [1]. Multiple concrete | ||||
subclasses of SUPAPolicyMetadataDecorator may be used | ||||
to wrap the same SUPAPolicyMetadata instance. Since | ||||
this association class contains attributes, the | ||||
instance-identifier MUST point to an instance using | ||||
the grouping supa-has-policy-metadata-dec-detail (which | ||||
includes subclasses of this association class)."; | ||||
} | } | |||
description | description | |||
"This object implements the decorator pattern, which is | "This object implements the Decorator pattern [1] for SUPA, | |||
applied to SUPA metadata objects. This enables all or part | which is applied to SUPA metadata objects. This enables all | |||
of one or more metadata objects to wrap another concrete | or part of one or more metadata objects to wrap another | |||
metadata object."; | concrete metadata object. The only concrete subclass of | |||
SUPAPolicyMetadata in this document is the | ||||
SUPAPolicyConcreteMetadata class."; | ||||
} | } | |||
identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { | identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { | |||
base POLICY-METADATA-DECORATOR-TYPE; | base POLICY-METADATA-DECORATOR-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAPolicyAccessMetadataDef object instance."; | SUPAPolicyAccessMetadataDef object instance."; | |||
} | } | |||
grouping supa-policy-metadata-decorator-access-type { | grouping supa-policy-metadata-decorator-access-type { | |||
uses supa-policy-metadata-decorator-type { | uses supa-policy-metadata-decorator-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-METADATA-DECORATOR-ACCESS-TYPE; | default POLICY-METADATA-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-metadata-access-priv-def { | leaf supa-policy-metadata-access-priv-def { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | description | |||
"This may be used as an initialization and/or | "This signifies an error state. OAM&P Policies | |||
an error state."; | SHOULD NOT use this SUPAPolicyAccessMetadataDef | |||
if the value of this attribute is error."; | ||||
} | ||||
enum "init" { | ||||
description | ||||
"This signifies an initialization state."; | ||||
} | } | |||
enum "read only" { | enum "read only" { | |||
description | description | |||
"This defines access as read only for ALL SUPA | "This defines access as read only for ALL | |||
Policy object instances that are adorned with | SUPAPolicyObject objects that are adorned | |||
this metadata object."; | with this SUPAPolicyAccessMetadataDef object. | |||
As such, an explicit access control model, | ||||
such as RBAC [7], is NOT present."; | ||||
} | } | |||
enum "read write" { | enum "read write" { | |||
description | description | |||
"This defines access as read and/or write for | "This defines access as read and/or write for | |||
ALL SUPA Policy object instances that are | ALL SUPAPolicyObject objects that are adorned | |||
adorned with this metadata object."; | with this SUPAPolicyAccessMetadataDef object. | |||
As such, an explicit access control model, | ||||
such as RBAC [7], is NOT present."; | ||||
} | } | |||
enum "specified by MAC" { | enum "specified by MAC" { | |||
description | description | |||
"This defines access as defined by an external | "This uses an external Mandatory Access Control | |||
Mandatory Access Control model. The name and | (MAC) [7] model to define access control for | |||
location of this model are specified in the | ALL SUPAPolicyObject objects that are adorned | |||
with this SUPAPolicyAccessMetadataDef object. | ||||
The name and location of this access control | ||||
model are specified, respectively, in the | ||||
supa-policy-metadata-access-priv-model-name | supa-policy-metadata-access-priv-model-name | |||
and supa-policy-metadata-access-priv-model-ref | and supa-policy-metadata-access-priv-model-ref | |||
attributes of this metadata object."; | attributes of this SUPAPolicyAccessMetadataDef | |||
object."; | ||||
} | } | |||
enum "specified by DAC" { | enum "specified by DAC" { | |||
description | description | |||
"This defines access as defined by an external | "This uses an external Discretionary Access | |||
Discretionary Access Control model. The name | Control (DAC) [7] model to define access | |||
and location of this model are specified in the | control for ALL SUPAPolicyObject objects that | |||
are adorned with this | ||||
SUPAPolicyAccessMetadataDef object. The name | ||||
and location of this access control model are | ||||
specified, respectively, in the | ||||
supa-policy-metadata-access-priv-model-name | supa-policy-metadata-access-priv-model-name | |||
and supa-policy-metadata-access-priv-model-ref | and supa-policy-metadata-access-priv-model-ref | |||
attributes of this metadata object."; | attributes of this SUPAPolicyAccessMetadataDef | |||
object."; | ||||
} | } | |||
enum "specified by RBAC" { | enum "specified by RBAC" { | |||
description | description | |||
"This defines access as defined by an external | "This uses an external Role-Based Access Control | |||
Role Based Access Control model. The name | (RBAC) [7] model to define access control for | |||
and location of this model are specified in the | ALL SUPAPolicyObject objects that are adorned | |||
with this SUPAPolicyAccessMetadataDef object. | ||||
The name and location of this access control | ||||
model are specified, respectively, in the | ||||
supa-policy-metadata-access-priv-model-name | supa-policy-metadata-access-priv-model-name | |||
and supa-policy-metadata-access-priv-model-ref | and supa-policy-metadata-access-priv-model-ref | |||
attributes of this metadata object."; | attributes of this SUPAPolicyAccessMetadataDef | |||
object."; | ||||
} | } | |||
enum "specified by ABAC" { | enum "specified by ABAC" { | |||
description | description | |||
"This defines access as defined by an external | "This uses an external Attribute-Based Access | |||
Attribute Based Access Control model. The name | Control (ABAC) [8] model to define access | |||
and location of this model are specified in the | control for ALL SUPAPolicyObject objects that | |||
are adorned with this | ||||
SUPAPolicyAccessMetadataDef object. The name | ||||
and location of this access control model are | ||||
specified, respectively, in the | ||||
supa-policy-metadata-access-priv-model-name | supa-policy-metadata-access-priv-model-name | |||
and supa-policy-metadata-access-priv-model-ref | and supa-policy-metadata-access-priv-model-ref | |||
attributes of this metadata object."; | attributes of this SUPAPolicyAccessMetadataDef | |||
object."; | ||||
} | } | |||
enum "specified by custom" { | enum "specified by custom" { | |||
description | description | |||
"This defines access as defined by an external | "This uses an external Custom Access Control | |||
Custom Access Control model. The name and | model to define access control for ALL | |||
location of this model are specified in the | SUPAPolicyObject objects that are adorned | |||
with this SUPAPolicyAccessMetadataDef object. | ||||
The name and location of this access control | ||||
model are specified, respectively, in the | ||||
supa-policy-metadata-access-priv-model-name | supa-policy-metadata-access-priv-model-name | |||
and supa-policy-metadata-access-priv-model-ref | and supa-policy-metadata-access-priv-model-ref | |||
attributes of this metadata object."; | attributes of this SUPAPolicyAccessMetadataDef | |||
object."; | ||||
} | } | |||
} | } | |||
description | description | |||
"This defines the type of access control model that is | "This defines the type of access control model that is | |||
used by this object instance."; | used by this SUPAPolicyObject object instance."; | |||
} | } | |||
leaf supa-policy-metadata-access-priv-model-name { | leaf supa-policy-metadata-access-priv-model-name { | |||
type string; | type string; | |||
description | description | |||
"This contains the name of the access control model | "This contains the name of the access control model | |||
being used. If the value of the | being used. If the value of the | |||
supa-policy-metadata-access-priv-model-ref is 0-2, | supa-policy-metadata-access-priv-model-ref is | |||
then the value of this attribute is not applicable. | error, then this SUPAPolicyAccessMetadataDef object | |||
Otherwise, the text in this class attribute should be | MUST NOT be used. If the value of the | |||
interpreted according to the value of the | supa-policy-metadata-access-priv-model-ref is init, | |||
then this SUPAPolicyAccessMetadataDef object has been | ||||
properly initialized, and is ready to be used. If the | ||||
value of the supa-policy-metadata-access-priv-model-ref | ||||
is read only or read write, then the value of this | ||||
attribute is not applicable (because a type of model | ||||
is NOT being defined; instead, the access control for | ||||
all SUPAPolicyObjects is being defined). Otherwise, | ||||
the text in this class attribute SHOULD be interpreted | ||||
according to the value of the | ||||
supa-policy-metadata-access-priv-model-ref class | supa-policy-metadata-access-priv-model-ref class | |||
attribute."; | attribute."; | |||
} | } | |||
leaf supa-policy-metadata-access-priv-model-ref { | leaf supa-policy-metadata-access-priv-model-ref { | |||
type enumeration { | type enumeration { | |||
enum "undefined" { | enum "error" { | |||
description | description | |||
"This can be used for either initialization | "This signifies an error state. OAM&P Policies | |||
or for signifying an error."; | SHOULD NOT use this SUPAPolicyAccessMetadataDef | |||
object if the value of this attribute is | ||||
error."; | ||||
} | ||||
enum "init" { | ||||
description | ||||
"This signifies an initialization state."; | ||||
} | } | |||
enum "URI" { | enum "URI" { | |||
description | description | |||
"The clause is referenced by this URI."; | "The access control model is referenced by | |||
this URI."; | ||||
} | } | |||
enum "GUID" { | enum "GUID" { | |||
description | description | |||
"The clause is referenced by this GUID."; | "The access control model is referenced by | |||
this GUID."; | ||||
} | } | |||
enum "UUID" { | enum "UUID" { | |||
description | description | |||
"The clause is referenced by this UUID."; | "The access control model is referenced by | |||
this UUID."; | ||||
} | } | |||
enum "FQDN" { | enum "FQDN" { | |||
description | description | |||
"The clause is referenced by this FQDN."; | "The access control model is referenced by | |||
this FQDN."; | ||||
} | ||||
enum "FQPN" { | ||||
description | ||||
"The access control model is referenced by | ||||
this FQPN."; | ||||
} | ||||
enum "string_instance_id" { | ||||
description | ||||
"A string that is the canonical representation, | ||||
in ASCII, of an instance ID of this object."; | ||||
} | } | |||
} | } | |||
description | description | |||
"This defines the data type of the | "This defines the data type of the | |||
supa-policy-metadata-access-priv-model-name | supa-policy-metadata-access-priv-model-name | |||
attribute."; | attribute."; | |||
} | } | |||
description | description | |||
"This is a concrete class that defines metadata for access | "This is a concrete class that defines metadata for access | |||
control information that can be added to a SUPA Policy | control information that can be added to any | |||
object. This is done using the SUPAHasPolicyMetadata | SUPAPolicyObject object instance. | |||
aggregation."; | ||||
This is done using the SUPAHasPolicyMetadata association | ||||
in conjunction with the Decorator pattern [1]."; | ||||
} | } | |||
container supa-policy-metadata-decorator-access-container { | container supa-policy-metadata-decorator-access-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyAccessMetadataDef."; | type SUPAPolicyAccessMetadataDef."; | |||
list supa-policy-metadata-decorator-access-list { | list supa-policy-metadata-decorator-access-list { | |||
key supa-policy-metadata-id; | key supa-policy-metadata-id; | |||
uses supa-policy-metadata-decorator-type; | uses supa-policy-metadata-decorator-type; | |||
description | description | |||
"A list of all supa-policy-metadata-decorator-access | "A list of all supa-policy-metadata-decorator-access | |||
instances in the system. Instances of subclasses | instances in the system. Instances of subclasses | |||
skipping to change at page 35, line 34 ¶ | skipping to change at page 46, line 39 ¶ | |||
grouping supa-policy-metadata-decorator-version-type { | grouping supa-policy-metadata-decorator-version-type { | |||
uses supa-policy-metadata-decorator-type { | uses supa-policy-metadata-decorator-type { | |||
refine entity-class { | refine entity-class { | |||
default POLICY-METADATA-DECORATOR-VERSION-TYPE; | default POLICY-METADATA-DECORATOR-VERSION-TYPE; | |||
} | } | |||
} | } | |||
leaf supa-policy-metadata-version-major { | leaf supa-policy-metadata-version-major { | |||
type string; | type string; | |||
description | description | |||
"This contains a string (typically representing an | "This contains a string representation of an integer | |||
integer in the overall version format) that indicates | that is greater than or equal to zero. It indicates | |||
a significant increase in functionality is present in | that a significant increase in functionality is present | |||
this version."; | in this version. It MAY also indicate that this version | |||
has changes that are NOT backwards-compatible (the | ||||
supa-policy-metadata-version-build class attribute is | ||||
used to denote such changes). The string 0.1.0 | ||||
defines an initial version that MUST NOT be considered | ||||
stable. Improvements to this initial version are | ||||
denoted by incrementing the minor and patch class | ||||
attributes (supa-policy-metadata-version-major and | ||||
supa-policy-metadata-version-patch, respectively). The | ||||
major version X (i.e., X.y.z, where X > 0) MUST be | ||||
incremented if any backwards-incompatible changes are | ||||
introduced. It MAY include minor and patch level | ||||
changes. The minor and patch version numbers MUST be | ||||
reset to 0 when the major version number is | ||||
incremented."; | ||||
} | } | |||
leaf supa-policy-metadata-version-minor { | leaf supa-policy-metadata-version-minor { | |||
type string; | type string; | |||
description | description | |||
"This contains a string (typically representing an | "This contains a string representation of an integer | |||
integer in the overall version format) that indicates | that is greater than or equal to zero. It indicates | |||
that this release contains a set of features and/or bug | that this release contains a set of features and/or | |||
fixes that collectively do not warrant incrementing the | bug fixes that MUST be backwards-compatible. The | |||
supa-policy-metadata-version-major attribute."; | minor version Y (i.e., x.Y.z, where x > 0) MUST be | |||
incremented if new, backwards-compatible changes are | ||||
introduced. It MUST be incremented if any features are | ||||
marked as deprecated. It MAY be incremented if new | ||||
functionality or improvements are introduced, and MAY | ||||
include patch level changes. The patch version number | ||||
MUST be reset to 0 when the minor version number is | ||||
incremented."; | ||||
} | } | |||
leaf supa-policy-metadata-version-rel-type { | leaf supa-policy-metadata-version-patch { | |||
type enumeration { | type string; | |||
enum "undefined" { | ||||
description | ||||
"This can be used for either initialization | ||||
or for signifying an error."; | ||||
} | ||||
enum "internal" { | ||||
description | ||||
"This indicates that this version should only | ||||
be used for internal (development) purposes."; | ||||
} | ||||
enum "alpha" { | ||||
description | ||||
"This indicates that this version is considered | ||||
to be alpha quality."; | ||||
} | ||||
enum "beta" { | ||||
description | ||||
"This indicates that this version is considered | ||||
to be beta quality."; | ||||
} | ||||
enum "release candidate" { | ||||
description | ||||
"This indicates that this version is considered | ||||
to be a candidate for full production."; | ||||
} | ||||
enum "release production" { | ||||
description | ||||
"This indicates that this version is considered | ||||
to be ready for full production."; | ||||
} | ||||
enum "maintenance" { | ||||
description | ||||
"This indicates that this version is considered | ||||
to be for maintenance purposes."; | ||||
} | ||||
} | ||||
description | description | |||
"This defines the type of this version's release."; | "This contains a string representation of an integer | |||
that is greater than or equal to zero. It indicates | ||||
that this version contains ONLY bug fixes. The patch | ||||
version Z (i.e., x.y.Z, where x > 0) MUST be | ||||
incremented if new, backwards-compatible changes are | ||||
introduced. A bug fix is defined as an internal change | ||||
that fixes incorrect behavior."; | ||||
} | } | |||
leaf supa-policy-metadata-version-rel-type-num { | leaf supa-policy-metadata-version-prerelease { | |||
type string; | type string; | |||
description | description | |||
"This contains a string (typically representing an | "This contains a string that defines the pre-release | |||
integer in the overall version format) that indicates | version. A pre-release version MAY be denoted by | |||
a significant increase in functionality is present in | appending a hyphen and a series of dot-separated | |||
this version."; | identifiers immediately following the patch version. | |||
Identifiers MUST comprise only ASCII alphanumerics and | ||||
a hyphen. Identifiers MUST NOT be empty. Numeric | ||||
identifiers MUST NOT include leading zeroes. | ||||
Pre-release versions have a lower precedence than the | ||||
associated normal version. A pre-release version | ||||
indicates that the version is unstable and might not | ||||
satisfy the intended compatibility requirements as | ||||
denoted by its associated normal version. Examples | ||||
include: 1.0.0-alpha and 1.0.0-0.3.7."; | ||||
} | ||||
leaf supa-policy-metadata-version-build { | ||||
type string; | ||||
description | ||||
"This contains a string that defines the metadata of | ||||
this build. Build metadata is optional. If present, | ||||
build metadata MAY be denoted by appending a plus | ||||
(+) sign to the version, followed by a series of | ||||
dot-separated identifiers. This may follow either | ||||
the patch or pre-release portions of the version. | ||||
If build metadata is present, then any identifiers | ||||
that it uses MUST be made up of only ASCII | ||||
alphanumerics and a hyphen. The identifier portion of | ||||
the build metadata MUST NOT be empty. Build metadata | ||||
SHOULD be ignored when determining version precedence. | ||||
Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1, | ||||
1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85."; | ||||
} | } | |||
description | description | |||
"This is a concrete class that defines metadata for version | "This is a concrete class that defines metadata for version | |||
control information that can be added to a SUPA Policy | control information that can be added to any | |||
object. This is done using the SUPAHasPolicyMetadata | SUPAPolicyObject. This is done using the | |||
aggregation."; | SUPAHasPolicyMetadata association. This class uses the | |||
Semantic Versioning Specification [6] as follows: | ||||
<major>.<minor>.<patch>[<pre-release>][<build-metadata>] | ||||
where the first three components (major, minor, and patch) | ||||
MUST be present, and the latter two components (pre-release | ||||
and build-metadata) MAY be present. A version number MUST | ||||
take the form <major>.<minor>.<patch>, where <major>, | ||||
<minor>, and <patch> are each non-negative integers that | ||||
MUST NOT contain leading zeros. In addition, the value of | ||||
each of these three elements MUST increase numerically. | ||||
In this approach, supaVersionMajor denotes a new release; | ||||
supaVersionMinor denotes a minor release; supaVersionPatch | ||||
denotes a version that consists ONLY of bug fixes. Version | ||||
precedence MUST be calculated by separating the version | ||||
into major, minor, patch, and pre-release identifiers, in | ||||
that order. See [1] for more information."; | ||||
} | } | |||
container supa-policy-metadata-decorator-version-container { | container supa-policy-metadata-decorator-version-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyVersionMetadataDef."; | type SUPAPolicyVersionMetadataDef."; | |||
list supa-policy-metadata-decorator-version-list { | list supa-policy-metadata-decorator-version-list { | |||
key supa-policy-metadata-id; | key supa-policy-metadata-id; | |||
uses supa-policy-metadata-decorator-type; | uses supa-policy-metadata-decorator-type; | |||
description | description | |||
"A list of all supa-policy-metadata-decorator-version | "A list of all supa-policy-metadata-decorator-version | |||
instances in the system. Instances of subclasses | instances in the system. Instances of subclasses | |||
skipping to change at page 37, line 17 ¶ | skipping to change at page 49, line 4 ¶ | |||
type SUPAPolicyVersionMetadataDef."; | type SUPAPolicyVersionMetadataDef."; | |||
list supa-policy-metadata-decorator-version-list { | list supa-policy-metadata-decorator-version-list { | |||
key supa-policy-metadata-id; | key supa-policy-metadata-id; | |||
uses supa-policy-metadata-decorator-type; | uses supa-policy-metadata-decorator-type; | |||
description | description | |||
"A list of all supa-policy-metadata-decorator-version | "A list of all supa-policy-metadata-decorator-version | |||
instances in the system. Instances of subclasses | instances in the system. Instances of subclasses | |||
will be in a separate list."; | will be in a separate list."; | |||
} | } | |||
} | } | |||
identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE { | ||||
identity SUPA-HAS-POLICY-METADATA-ASSOC { | base POLICY-COMPONENT-TYPE; | |||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAHasPolicyMetadataDetail association class | SUPAHasPolicyMetadataDetail association class | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-has-policy-metadata-detail { | grouping supa-has-policy-metadata-detail { | |||
leaf supa-policy-ID { | uses supa-policy-object-type { | |||
type string; | refine entity-class { | |||
description | default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE; | |||
"This is a globally unique ID for this association | ||||
instance in the overall policy system."; | ||||
} | ||||
leaf entity-class { | ||||
type identityref { | ||||
base SUPA-HAS-POLICY-METADATA-ASSOC; | ||||
} | } | |||
default SUPA-HAS-POLICY-METADATA-ASSOC; | ||||
description | ||||
"The identifier of the class of this assocation."; | ||||
} | } | |||
leaf supa-has-policy-metadata-object-ptr { | leaf supa-has-policy-metadata-detail-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
POLICY-OBJECT-TYPE)"; | POLICY-OBJECT-TYPE)"; | |||
description | description | |||
"This is a reference from the SUPAPolicyObject object | "This leaf is an instance-identifier that references | |||
instance that is aggregating SUPAPolicyMetadata object | the SUPAPolicyObject instance end point of the | |||
instances using the SUPAHasPolicyMetadata aggregation. | association represented by this instance of the | |||
This SUPAPolicyMetadataDetail association class is | SUPAHasPolicyMetadata association [1]. The groupings | |||
used to define part of the semantics of the | supa-policy-object-type and supa-policy-metadata-type | |||
SUPAHasPolicyMetadata aggregation. For example, it can | represent the SUPAPolicyObject and SUPAPolicyMetadata | |||
define which SUPAPolicyMetadata object instances can | classes, respectively. Thus, the instance identified | |||
be aggregated by this particular SUPAPolicyObject | by this leaf is the SUPAPolicyObject instance that is | |||
object instance."; | associated by this association to the set of | |||
SUPAPolicyMetadata instances referenced by the | ||||
supa-has-policy-metadata-detail-part-ptr leaf of | ||||
this grouping."; | ||||
} | } | |||
leaf supa-has-policy-metadata-ptr { | leaf supa-has-policy-metadata-detail-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
POLICY-METADATA-TYPE)"; | POLICY-METADATA-TYPE)"; | |||
description | description | |||
"This is a reference from the SUPAPolicyMetadata object | "This leaf is an instance-identifier that references | |||
instance(s) that are being aggregated by this | the SUPAPolicyMetadata instance end point of the | |||
SUPAPolicyObject object instance using the | association represented by this instance of the | |||
SUPAHasPolicyMetadata aggregation. The class | SUPAHasPolicyMetadata association [1]. The groupings | |||
SUPAPolicyMetadataDetail association class is used to | supa-policy-object-type and supa-policy-metadata-type | |||
define part of the semantics of the | represents the SUPAPolicyObject and SUPAPolicyMetadata | |||
SUPAHasPolicyMetadata aggregation. For example, it can | classes, respectively. Thus, the instance | |||
define which SUPAPolicyMetadata object instances can | identified by this leaf is the SUPAPolicyMetadata | |||
be aggregated by this particular SUPAPolicyObject | instance that is associated by this association to | |||
object instance."; | the set of SUPAPolicyObject instances referenced by | |||
the supa-has-policy-metadata-detail-agg-ptr leaf of | ||||
this grouping."; | ||||
} | } | |||
leaf supa-policy-metadata-detail-is-applicable { | leaf supa-policy-metadata-detail-is-applicable { | |||
type boolean; | type boolean; | |||
description | description | |||
"This attributes controls whether the associated | "This attribute controls whether the associated | |||
metadata is currently considered applciable to this | metadata is currently considered applicable to this | |||
policy object; this enables metadata to be turned on | SUPAPolicyObject; this enables metadata to be turned | |||
and off when needed without disturbing the structure | on and off when needed without disturbing the | |||
of the object that the metadata applies to."; | structure of the object that the metadata applies to, | |||
or affecting other objects in the system."; | ||||
} | } | |||
leaf-list supa-policy-metadata-detail-constraint { | leaf-list supa-policy-metadata-detail-constraint { | |||
type string; | type string; | |||
description | description | |||
"A list of constraints, expressed as strings | "A list of constraints, expressed as strings, in | |||
in the language defined by the | the language defined by the | |||
supa-policy-metadata-detail-encoding."; | supa-policy-metadata-detail-encoding attribute. | |||
If there are no constraints on using this | ||||
SUPAPolicyMetadata object with this particular | ||||
SUPAPolicyObject object, then this leaf-list will | ||||
consist of a list of a single null string."; | ||||
} | } | |||
leaf supa-policy-metadata-detail-encoding { | leaf supa-policy-metadata-detail-constraint-encoding { | |||
type string; | type policy-constraint-language-list; | |||
description | description | |||
"The langauge used to encode the constraints | "The language used to encode the constraints relevant | |||
relevant to the relationship between the metadata | to the relationship between the SUPAPolicyMetadata | |||
and the underlying policy object."; | object and the underlying SUPAPolicyObject."; | |||
} | } | |||
description | description | |||
"This is a concrete association class that defines the | "This is a concrete association class that defines the | |||
semantics of the SUPAPolicyMetadata aggregation. This | semantics of the SUPAHasPolicyMetadata association. This | |||
enables the attributes and relationships of the | enables the attributes and relationships of the | |||
SUPAPolicyMetadataDetail class to be used to constrain | SUPAHasPolicyMetadataDetail class to be used to constrain | |||
which SUPAPolicyMetadata objects can be aggregated by | which SUPAPolicyMetadata objects can be associated by | |||
this particular SUPAPolicyObject instance."; | this particular SUPAPolicyObject instance."; | |||
} | } | |||
container supa-policy-metadata-detail-container { | container supa-policy-metadata-detail-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyMetadataDetail."; | type SUPAPolicyMetadataDetail."; | |||
list supa-policy-metadata-detail-list { | list supa-policy-metadata-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-policy-metadata-detail; | uses supa-has-policy-metadata-detail; | |||
description | description | |||
"This is a list of all supa-policy-metadata-detail | "This is a list of all supa-policy-metadata-detail | |||
instances in the system. Instances of subclasses | instances in the system. Instances of subclasses | |||
skipping to change at page 39, line 14 ¶ | skipping to change at page 50, line 51 ¶ | |||
container supa-policy-metadata-detail-container { | container supa-policy-metadata-detail-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyMetadataDetail."; | type SUPAPolicyMetadataDetail."; | |||
list supa-policy-metadata-detail-list { | list supa-policy-metadata-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-policy-metadata-detail; | uses supa-has-policy-metadata-detail; | |||
description | description | |||
"This is a list of all supa-policy-metadata-detail | "This is a list of all supa-policy-metadata-detail | |||
instances in the system. Instances of subclasses | instances in the system. Instances of subclasses | |||
will be in a separate list. | will be in a separate list. Note that this association | |||
Note that this policy is made concrete for exemplary | class is made concrete for exemplary purposes. To be | |||
purposes. To be useful, it almost certainly needs | useful, it almost certainly needs refinement."; | |||
refinement."; | ||||
} | } | |||
} | } | |||
identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { | identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { | |||
base POLICY-COMPONENT-TYPE; | ||||
description | description | |||
"The identity corresponding to a SUPAHasMetadataDecorator | "The identity corresponding to a | |||
association class object instance."; | SUPAHasDecoratedPolicyComponentDetail association class | |||
object instance."; | ||||
} | } | |||
grouping supa-has-decorator-policy-component-detail { | grouping supa-has-decorator-policy-component-detail { | |||
leaf supa-policy-ID { | uses supa-policy-object-type { | |||
type string; | refine entity-class { | |||
description | default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; | |||
"This is a globally unique ID for this association | ||||
instance in the overall policy system."; | ||||
} | ||||
leaf entity-class { | ||||
type identityref { | ||||
base SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; | ||||
} | } | |||
default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; | ||||
description | ||||
"The identifier of the class of this assocation."; | ||||
} | } | |||
leaf supa-policy-component-decorator-ptr { | leaf supa-has-policy-component-decorator-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-POLICY-COMPONENT-DECORATOR-TYPE)"; | POLICY-COMPONENT-DECORATOR-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyComponentStructure | "This leaf is an instance-identifier that references | |||
object instance participating in a | the SUPAPolicyComponentDecorator instance end point of | |||
SUPAHasDecoratedPolicyComponent aggregation to the | the association represented by this instance of the | |||
SUPAHasDecoratedPolicyComponentDetail association | SUPAHasDecoratedPolicyComponent association [1]. The | |||
class that provides the semantics of this aggregation. | groupings supa-policy-component-decorator-type and | |||
This defines the object class that this | supa-policy-component-structure-type represent the | |||
instance-identifier points to."; | SUPAPolicyComponentDecorator and | |||
SUPAPolicyComponentStructure classes, respectively. | ||||
Thus, the instance identified by this leaf is the | ||||
SUPAPolicyComponentDecorator instance that is | ||||
associated by this association to the set of | ||||
SUPAPolicyComponentStructure instances referenced by | ||||
the supa-has-policy-component-decorator-part-ptr leaf | ||||
of this grouping."; | ||||
} | } | |||
leaf supa-policy-component-ptr { | leaf supa-has-policy-component-decorator-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-POLICY-COMPONENT-TYPE)"; | POLICY-COMPONENT-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyComponentDecorator | "This leaf is an instance-identifier that references | |||
object instance participating in a | the SUPAPolicyComponentStructure instance end point of | |||
SUPAHasDecoratedPolicyComponent aggregation to the | the association represented by this instance of the | |||
SUPAHasDecoratedPolicyComponentDetail association | SUPAHasDecoratedPolicyComponent association [1]. The | |||
class that provides the semantics of this aggregation. | groupings supa-policy-component-decorator-type and | |||
This defines the object class that this | supa-policy-component-structure-type represent the | |||
instance-identifier points to."; | SUPAPolicyComponentDecorator and | |||
SUPAPolicyComponentStructure classes, respectively. | ||||
Thus, the instance identified by this leaf is the | ||||
SUPAPolicyComponentStructure instance that is | ||||
associated by this association to the set of | ||||
SUPAPolicyComponentStructure instances referenced by | ||||
the supa-has-policy-component-decorator-agg-ptr leaf | ||||
of this grouping."; | ||||
} | } | |||
leaf-list supa-has-decorator-constraint { | leaf-list supa-has-decorator-constraint { | |||
type string; | type string; | |||
description | description | |||
"A constraint expression applying to this association | "A constraint expression applying to this association | |||
between a policy component decorator and the | between a SUPAPolicyComponentDecorator and the | |||
decorated component."; | decorated component (which is a concrete subclass of | |||
the SUPAPolicyComponentStructure class, such as | ||||
SUPAEncodedClause or SUPABooleanClauseAtomic). The | ||||
supa-has-decorator-constraint-encoding attribute | ||||
specifies the language used to write the set of | ||||
constraint expressions."; | ||||
} | } | |||
leaf supa-has-decorator-constraint-encoding { | leaf supa-has-decorator-constraint-encoding { | |||
type string; | type policy-constraint-language-list; | |||
description | description | |||
"The language in which the constraints on the | "The language used to encode the constraints relevant | |||
policy component-decoration is expressed."; | to the relationship between the | |||
SUPAPolicyComponentDecorator and the | ||||
SUPAPolicyComponentStructure object instances."; | ||||
} | } | |||
description | description | |||
"This is a concrete association class that defines the | "This is a concrete association class that defines the | |||
semantics of the SUPAHasDecoratedPolicyComponent | semantics of the SUPAHasDecoratedPolicyComponent | |||
aggregation. The purpose of this class is to use the | association. The purpose of this class is to use the | |||
Decorator pattern to detemine which | Decorator pattern [1] to detemine which | |||
SUPAPolicyComponentDecorator object instances, if any, | SUPAPolicyComponentDecorator object instances, if any, | |||
are required to augment the functionality of the concrete | are required to augment the functionality of a concrete | |||
subclass of SUPAPolicyClause that is being used."; | subclass of SUPAPolicyClause that is being used."; | |||
} | } | |||
container supa-policy-component-decorator-detail-container { | container supa-policy-component-decorator-detail-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyComponentDecoratorDetail."; | type SUPAPolicyComponentDecoratorDetail."; | |||
list supa-policy-component-decorator-detail-list { | list supa-policy-component-decorator-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-decorator-policy-component-detail; | uses supa-has-decorator-policy-component-detail; | |||
description | description | |||
"This is a list of all | "This is a list of all | |||
supa-policy-component-decorator-details."; | supa-policy-component-decorator-details."; | |||
} | } | |||
} | } | |||
identity SUPA-HAS-POLICY-SOURCE-ASSOC { | identity SUPA-HAS-POLICY-SOURCE-ASSOC { | |||
base POLICY-OBJECT-TYPE; | ||||
description | description | |||
"The identity corresponding to a SUPAHasPolicySource | "The identity corresponding to a SUPAHasPolicySource | |||
association class object instance."; | association class object instance."; | |||
} | } | |||
grouping supa-has-policy-source-detail { | grouping supa-has-policy-source-detail { | |||
leaf supa-policy-ID { | uses supa-policy-object-type { | |||
type string; | refine entity-class { | |||
description | default SUPA-HAS-POLICY-SOURCE-ASSOC; | |||
"This is a globally unique ID for this association | ||||
instance in the overall policy system."; | ||||
} | ||||
leaf entity-class { | ||||
type identityref { | ||||
base SUPA-HAS-POLICY-SOURCE-ASSOC; | ||||
} | } | |||
default SUPA-HAS-POLICY-SOURCE-ASSOC; | ||||
description | ||||
"The identifier of the class of this assocation."; | ||||
} | } | |||
leaf supa-policy-source-structure-ptr { | leaf supa-has-policy-source-detail-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
POLICY-STRUCTURE-TYPE)"; | POLICY-STRUCTURE-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyStructure object | "This leaf is an instance-identifier that references | |||
instance participating in a SUPAHasPolicySource | a SUPAPolicyStructure instance end point of the | |||
aggregation to the SUPAHasPolicySourceDetail | association represented by this instance of the | |||
association class that provides the semantics of | SUPAHasPolicySource association [1]. The grouping | |||
this aggregation. This defines the object class | supa-has-policy-source-detail represents the | |||
that this instance-identifier points to."; | SUPAHasPolicySourceDetail class. Thus, the instance | |||
identified by this leaf is the SUPAPolicyStructure | ||||
instance that is associated by this association to the | ||||
SUPAPolicySource instance referenced by the | ||||
supa-has-policy-source-detail-part-ptr leaf of | ||||
this grouping."; | ||||
} | } | |||
leaf supa-policy-source-ptr { | leaf supa-has-policy-source-detail-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-POLICY-SOURCE-TYPE)"; | POLICY-SOURCE-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicySource object | "This leaf is an instance-identifier that references | |||
instance participating in a SUPAHasPolicySource | a SUPAPolicySource instance end point of the | |||
aggregation to the SUPAHasPolicySourceDetail | association represented by this instance of the | |||
association class that provides the semantics of | SUPAHasPolicySource association [1]. The grouping | |||
this aggregation. This defines the object class | supa-has-policy-source-detail represents the | |||
that this instance-identifier points to."; | SUPAHasPolicySourceDetail class. Thus, the instance | |||
identified by this leaf is the SUPAPolicySource | ||||
instance that is associated by this association to the | ||||
SUPAPolicyStructure instance referenced by the | ||||
supa-has-policy-source-detail-agg-ptr leaf of | ||||
this grouping."; | ||||
} | } | |||
leaf supa-policy-source-is-authenticated { | leaf supa-policy-source-is-authenticated { | |||
type boolean; | type boolean; | |||
description | description | |||
"If the value of this attribute is true, then this | "If the value of this attribute is true, then this | |||
SUPAPolicySource object has been authenticated by | SUPAPolicySource object has been authenticated by | |||
this particular SUPAPolicyStructure object."; | a policy engine or application that is executing this | |||
particular SUPAPolicyStructure object."; | ||||
} | } | |||
leaf supa-policy-source-is-trusted { | leaf supa-policy-source-is-trusted { | |||
type boolean; | type boolean; | |||
description | description | |||
"If the value of this attribute is true, then this | "If the value of this attribute is true, then this | |||
SUPAPolicySource object has been verified to be | SUPAPolicySource object has been verified to be | |||
trusted by this particular SUPAPolicyStructure | trusted by a policy engine or application that is | |||
object."; | executing this particular SUPAPolicyStructure object."; | |||
} | } | |||
description | description | |||
"This is an association class, and defines the semantics of | "This is an association class, and defines the semantics of | |||
the SUPAHasPolicySource aggregation. The attributes and | the SUPAHasPolicySource association. The attributes and | |||
relationships of this class can be used to define which | relationships of this class can be used to define which | |||
SUPAPolicySource objects can be attached to which | SUPAPolicySource objects can be attached to which | |||
particular set of SUPAPolicyStructure objects."; | particular set of SUPAPolicyStructure objects. Note that a | |||
SUPAPolicySource object is NOT responsible for evaluating | ||||
or executing SUPAPolicies; rather, it identifies the set | ||||
of entities that are responsible for managing this | ||||
SUPAPolicySource object. Its primary uses are for | ||||
auditability, as well as processing deontic logic. This | ||||
object represents the semantics of associating a | ||||
SUPAPolicySource to a SUPAPolicyTarget."; | ||||
} | } | |||
container supa-policy-source-detail-container { | container supa-policy-source-detail-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicySourceDetail."; | type SUPAPolicySourceDetail."; | |||
list supa-policy-source-detail-list { | list supa-policy-source-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-policy-source-detail; | uses supa-has-policy-source-detail; | |||
description | description | |||
"This is a list of all supa-policy-source-detail | "This is a list of all supa-policy-source-detail | |||
objects."; | objects."; | |||
} | } | |||
} | } | |||
identity SUPA-HAS-POLICY-TARGET-ASSOC { | identity SUPA-HAS-POLICY-TARGET-ASSOC { | |||
base POLICY-OBJECT-TYPE; | ||||
description | description | |||
"The identity corresponding to a SUPAHasPolicyTarget | "The identity corresponding to a SUPAHasPolicyTarget | |||
association class object instance."; | association class object instance."; | |||
} | } | |||
grouping supa-has-policy-target-detail { | grouping supa-has-policy-target-detail { | |||
leaf supa-policy-ID { | uses supa-policy-object-type { | |||
type string; | refine entity-class { | |||
description | default SUPA-HAS-POLICY-TARGET-ASSOC; | |||
"This is a globally unique ID for this association | ||||
instance in the overall policy system."; | ||||
} | ||||
leaf entity-class { | ||||
type identityref { | ||||
base SUPA-HAS-POLICY-TARGET-ASSOC; | ||||
} | } | |||
default SUPA-HAS-POLICY-TARGET-ASSOC; | ||||
description | ||||
"The identifier of the class of this assocation."; | ||||
} | } | |||
leaf supa-policy-target-structure-ptr { | leaf supa-has-policy-target-detail-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
POLICY-STRUCTURE-TYPE)"; | POLICY-STRUCTURE-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyStructure object | "This leaf is an instance-identifier that references | |||
instance participating in a SUPAHasPolicyTarget | a SUPAPolicyStructure instance end point of the | |||
aggregation to the SUPAHasPolicyTargetDetail | association represented by this instance of the | |||
association class that provides the semantics of | SUPAHasPolicyTarget association [1]. The grouping | |||
this aggregation. This defines the object class | supa-has-policy-target-detail represents the | |||
that this instance-identifier points to."; | SUPAHasPolicyTargetDetail class. Thus, the instance | |||
identified by this leaf is the SUPAPolicyStructure | ||||
instance that is associated by this association to the | ||||
SUPAPolicyTarget instance referenced by the | ||||
supa-has-policy-target-detail-part-ptr leaf of | ||||
this grouping."; | ||||
} | } | |||
leaf supa-policy-target-ptr { | leaf supa-has-policy-target-detail-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-POLICY-TARGET-TYPE)"; | POLICY-TARGET-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyTarget object | "This leaf is an instance-identifier that references | |||
instance participating in a SUPAHasPolicyTarget | a SUPAPolicyTarget instance end point of the | |||
aggregation to the SUPAHasPolicyTargetDetail | association represented by this instance of the | |||
association class that provides the semantics of | SUPAHasPolicyTarget association [1]. The grouping | |||
this aggregation. This defines the object class | supa-has-policy-target-detail represents the | |||
that this instance-identifier points to."; | SUPAHasPolicyTargetDetail class. Thus, the instance | |||
identified by this leaf is the SUPAPolicyTarget | ||||
instance that is associated by this association to the | ||||
SUPAPolicyStructure instance referenced by the | ||||
supa-has-policy-source-detail-agg-ptr leaf of | ||||
this grouping."; | ||||
} | } | |||
leaf supa-policy-source-is-authenticated { | leaf supa-policy-target-is-authenticated { | |||
type boolean; | type boolean; | |||
description | description | |||
"If the value of this attribute is true, then this | "If the value of this attribute is true, then this | |||
SUPAPolicyTarget object has been authenticated by | SUPAPolicyTarget object has been authenticated by | |||
this particular SUPAPolicyStructure object."; | a policy engine or application that is executing this | |||
particular SUPAPolicyStructure object."; | ||||
} | } | |||
leaf supa-policy-source-is-enabled { | leaf supa-policy-target-is-enabled { | |||
type boolean; | type boolean; | |||
description | description | |||
"If the value of this attribute is true, then this | "If the value of this attribute is true, then each | |||
SUPAPolicyTarget object is able to be used as a | SUPAPolicyTarget object that is referenced by this | |||
SUPAPolicyTarget. This means that it has agreed to | SUPAHasPolicyTarget aggregation is able to be used as | |||
play the role of a SUPAPolicyTarget, and that it is | a SUPAPolicyTarget by the SUPAPolicyStructure object | |||
able to either process (directly or with the aid of a | that is referenced by this SUPAHasPolicyTarget | |||
proxy) SUPAPolicies, or receive the results of a | aggregation. This means that this SUPAPolicyTarget has | |||
agreed to: 1) have SUPAPolicies applied to it, and 2) | ||||
process (directly or with the aid of a proxy) one or | ||||
more SUPAPolicies, or receive the results of a | ||||
processed SUPAPolicy and apply those results to | processed SUPAPolicy and apply those results to | |||
itself."; | itself."; | |||
} | } | |||
description | description | |||
"This is an association class, and defines the semantics of | "This is an association class, and defines the semantics of | |||
the SUPAHasPolicyTarget aggregation. The attributes and | the SUPAHasPolicyTarget association. The attributes and | |||
relationships of this class can be used to define which | relationships of this class can be used to define which | |||
SUPAPolicyTarget objects can be attached to which | SUPAPolicyTarget objects can be attached to which | |||
particular set of SUPAPolicyStructure objects."; | particular set of SUPAPolicyStructure objects. Note that a | |||
SUPAPolicyTarget is used to identify a set of managed | ||||
entities to which a SUPAPolicy should be applied; this | ||||
object represents the semantics of applying a SUPAPolicy | ||||
to a SUPAPolicyTarget."; | ||||
} | } | |||
container supa-policy-target-detail-container { | container supa-policy-target-detail-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyTargetDetail."; | type SUPAPolicyTargetDetail."; | |||
list supa-policy-target-detail-list { | list supa-policy-target-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-policy-target-detail; | uses supa-has-policy-target-detail; | |||
description | description | |||
"This is a list of all supa-policy-target-detail | "This is a list of all supa-policy-target-detail | |||
objects."; | objects."; | |||
skipping to change at page 44, line 18 ¶ | skipping to change at page 56, line 45 ¶ | |||
list supa-policy-target-detail-list { | list supa-policy-target-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-policy-target-detail; | uses supa-has-policy-target-detail; | |||
description | description | |||
"This is a list of all supa-policy-target-detail | "This is a list of all supa-policy-target-detail | |||
objects."; | objects."; | |||
} | } | |||
} | } | |||
identity SUPA-HAS-POLICY-CLAUSE-ASSOC { | identity SUPA-HAS-POLICY-CLAUSE-ASSOC { | |||
base POLICY-STRUCTURE-TYPE; | ||||
description | description | |||
"The identity corresponding to a SUPAHasPolicyClause | "The identity corresponding to a SUPAHasPolicyClause | |||
association class object instance."; | association class object instance."; | |||
} | } | |||
grouping supa-has-policy-clause-detail { | grouping supa-has-policy-clause-detail { | |||
leaf supa-policy-ID { | uses supa-policy-structure-type { | |||
type string; | refine entity-class { | |||
description | default SUPA-HAS-POLICY-CLAUSE-ASSOC; | |||
"This is a globally unique ID for this association | ||||
instance in the overall policy system."; | ||||
} | ||||
leaf entity-class { | ||||
type identityref { | ||||
base SUPA-HAS-POLICY-CLAUSE-ASSOC; | ||||
} | } | |||
default SUPA-HAS-POLICY-CLAUSE-ASSOC; | ||||
description | ||||
"The identifier of the class of this assocation."; | ||||
} | } | |||
leaf supa-policy-clause-structure-ptr { | leaf supa-has-policy-clause-detail-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
POLICY-STRUCTURE-TYPE)"; | POLICY-STRUCTURE-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyStructure object | "This leaf is an instance-identifier that references | |||
instance participating in a SUPAHasPolicyClause | a concrete subclass of the SUPAPolicyStructure class | |||
aggregation to the SUPAHasPolicyClauseDetail | end point of the association represented by this | |||
association class that provides the semantics of | instance of the SUPAHasPolicyClause association [1]. | |||
this aggregation. This defines the object class | The grouping supa-has-policy-clause-detail represents | |||
that this instance-identifier points to."; | the SUPAHasPolicyClauseDetail association class. Thus, | |||
the instance identified by this leaf is the | ||||
SUPAPolicyStructure instance that is associated by | ||||
this association to the set of SUPAPolicyClause | ||||
instances referenced by the | ||||
supa-has-policy-clause-detail-part-ptr leaf of this | ||||
grouping."; | ||||
} | } | |||
leaf supa-policy-clause-ptr { | leaf supa-has-policy-clause-detail-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
SUPA-POLICY-CLAUSE-TYPE)"; | POLICY-CLAUSE-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyClause object | "This leaf is an instance-identifier that references | |||
instance participating in a SUPAHasPolicyClause | a concrete subclass of the SUPAPolicyClause class | |||
aggregation to the SUPAHasPolicyClauseDetail | end point of the association represented by this | |||
association class that provides the semantics of | instance of the SUPAHasPolicyClause association [1]. | |||
this aggregation. This defines the object class | The grouping supa-has-policy-clause-detail represents | |||
that this instance-identifier points to."; | the SUPAHasPolicyClauseDetail association class. Thus, | |||
the instance identified by this leaf is the | ||||
SUPAPolicyClause instance that is associated by this | ||||
association to the set of SUPAPolicyStructure | ||||
instances referenced by the | ||||
supa-has-policy-clause-detail-agg-ptr leaf of this | ||||
grouping."; | ||||
} | } | |||
description | description | |||
"This is an association class, and defines the semantics of | "This is an association class, and defines the semantics of | |||
the SUPAHasPolicyClause aggregation. The attributes and | the SUPAHasPolicyClause association. The attributes and | |||
relationships of this class can be used to define which | relationships of this class can be used to define which | |||
SUPAPolicyTarget objects can be attached to which | SUPAPolicyTarget objects can be used by which particular | |||
particular set of SUPAPolicyStructure objects. | set of SUPAPolicyStructure objects. Every | |||
Every SUPAPolicyStructure object instance MUST aggregate | SUPAPolicyStructure instance MUST aggregate at | |||
at least one SUPAPolicyClause object instance. However, | least one SUPAPolicyClause instance. However, the | |||
the converse is NOT true. For example, a SUPAPolicyClause | converse is NOT true. For example, a SUPAPolicyStructure | |||
could be instantiated and then stored for later use in a | instance MUST aggregate at least one SUPAPolicyClause | |||
policy repository."; | instance. However, a SUPAPolicyClause object could be | |||
instantiated and then stored for later use in a policy | ||||
repository."; | ||||
} | } | |||
container supa-policy-clause-detail-container { | container supa-policy-clause-detail-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolicyClauseDetail."; | type SUPAPolicyClauseDetail."; | |||
list supa-policy-clause-detail-list { | list supa-policy-clause-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-policy-clause-detail; | uses supa-has-policy-clause-detail; | |||
description | description | |||
"This is a list of all supa-policy-clause-detail | "This is a list of all supa-policy-clause-detail | |||
objects."; | objects."; | |||
} | } | |||
} | } | |||
identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { | identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { | |||
base POLICY-STRUCTURE-TYPE; | ||||
description | description | |||
"The identity corresponding to a | "The identity corresponding to a | |||
SUPAHasPolExecFailActionToTake association class | SUPAHasPolExecFailActionToTake association class | |||
object instance."; | object instance."; | |||
} | } | |||
grouping supa-has-policy-exec-action-detail { | grouping supa-has-policy-exec-action-detail { | |||
leaf supa-policy-ID { | uses supa-policy-structure-type { | |||
type string; | refine entity-class { | |||
description | default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; | |||
"This is a globally unique ID for this association | ||||
instance in the overall policy system."; | ||||
} | ||||
leaf entity-class { | ||||
type identityref { | ||||
base SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; | ||||
} | } | |||
default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; | ||||
description | ||||
"The identifier of the class of this assocation."; | ||||
} | } | |||
leaf supa-policy-structure-action-src-ptr { | leaf supa-has-exec-fail-action-detail-agg-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
POLICY-STRUCTURE-TYPE)"; | POLICY-STRUCTURE-TYPE)"; | |||
description | description | |||
"This associates the SUPAPolicyStructure object | "This leaf is an instance-identifier that references | |||
instance participating in a | a SUPAPolicyStructure instance end point of the | |||
SUPAHasPolExecFailActionToTake association to the | association represented by this instance of the | |||
SUPAHasPolExecFailActionToTakeDetail association | SUPAHasPolExecFailActionToTake association [1] that | |||
class that provides the semantics of this | was executing a SUPAPolicy. This SUPAPolicyStructure | |||
aggregation. This defines the object class that | is referred to as the 'parent' SUPAPolicyStructure | |||
this instance-identifier points to."; | instance, while the other instance end point of this | |||
association is called the 'child' SUPAPolicyStructure. | ||||
The grouping supa-policy-structure-type represents the | ||||
SUPAPolicyStructure class. Thus, the instance | ||||
identified by this leaf is the parent | ||||
SUPAPolicyStructure instance that is associated by this | ||||
association to the child SUPAPolicyStructure instance | ||||
referenced by the | ||||
supa-has-exec-fail-action-detail-part-ptr leaf of this | ||||
grouping."; | ||||
} | } | |||
leaf supa-policy-structure-action-dst-ptr { | leaf supa-has-exec-fail-action-detail-part-ptr { | |||
type instance-identifier; | type instance-identifier; | |||
must "derived-from-or-self (deref(.)/entity-class, | must "derived-from-or-self (deref(.)/entity-class, | |||
POLICY-STRUCTURE-TYPE)"; | POLICY-STRUCTURE-TYPE)"; | |||
description | description | |||
"This associates a SUPAPolicyAction object | "This leaf is an instance-identifier that references | |||
instance participating in a | a SUPAPolicyStructure instance end point of the | |||
SUPAHasPolExecFailActionToTake association to the | association represented by this instance of the | |||
SUPAHasPolExecFailActionToTakeDetail association | SUPAHasPolExecFailActionToTake association [1] that | |||
class that provides the semantics of this | was NOT currently executing a SUPAPolicy. This | |||
aggregation. This defines the object class that | SUPAPolicyStructure is referred to as the 'child' | |||
this instance-identifier points to."; | SUPAPolicyStructure instance, while the other instance | |||
} | end point of this association is called the 'parent' | |||
leaf supa-policy-exec-fail-take-action-encoding { | SUPAPolicyStructure. The grouping | |||
type policy-data-type-id-encoding-list; | supa-policy-structure-type represents the | |||
description | SUPAPolicyStructure class. Thus, the instance | |||
"This defines how to find the set of SUPA Policy | identified by this leaf is the child | |||
Action objects contained in each element of the | SUPAPolicyStructure instance that is associated by | |||
supa-policy-exec-fail-take-action-name attribute | this association to the child SUPAPolicyStructure | |||
object."; | instance referenced by the | |||
supa-has-exec-fail-action-detail-part-ptr leaf of | ||||
this grouping."; | ||||
} | } | |||
leaf-list supa-policy-exec-fail-take-action-name { | leaf-list supa-policy-exec-fail-take-action-name { | |||
type string; | type string; | |||
description | description | |||
"This identifies the set of SUPA Policy Actions to take | "This is a list that contains the set of names for | |||
if the SUPAPolicyStructure object that owns this | SUPAPolicyActions to use if the SUPAPolicyStructure | |||
association failed to execute properly. The | object that owns this association failed to execute | |||
interpretation of this string attribute is defined by | properly. This association defines a set of child | |||
the supa-policy-exec-fail-take-action-encoding class | SUPAPolicyStructure objects to use if this (the parent) | |||
attribute."; | SUPAPolicyStructure object fails to execute correctly. | |||
Each child SUPAPolicyStructure object has one or more | ||||
SUPAPolicyActions; this attribute defines the name(s) | ||||
of each SUPAPolicyAction in each child | ||||
SUPAPolicyStructure that should be used to try and | ||||
remediate the failure."; | ||||
} | } | |||
description | description | |||
"This is an association class, and defines the semantics of | "This is an association class, and defines the semantics of | |||
the SUPAHasPolExecFailTakeAction association. The | the SUPAHasPolExecFailTakeAction association. The | |||
attributes and relationships of this class can be used to | attributes and relationships of this class can be used to | |||
determine which SUPA Policy Action objects are executed in | determine which SUPAPolicyAction objects are executed in | |||
response to a failure of the SUPAPolicyStructure object | response to a failure of the SUPAPolicyStructure object | |||
instance that owns this association."; | instance that owns this association."; | |||
} | } | |||
container supa-policy-exec-fail-take-action-detail-container { | container supa-policy-exec-fail-take-action-detail-container { | |||
description | description | |||
"This is a container to collect all object instances of | "This is a container to collect all object instances of | |||
type SUPAPolExecFailActionToTakeDetail."; | type SUPAPolExecFailActionToTakeDetail."; | |||
list supa-policy-exec-fail-take-action-detail-list { | list supa-policy-exec-fail-take-action-detail-list { | |||
key supa-policy-ID; | key supa-policy-ID; | |||
uses supa-has-policy-exec-action-detail; | uses supa-has-policy-exec-action-detail; | |||
description | description | |||
"This is a list of all | "This is a list of all | |||
supa-has-policy-exec-action-detail objects."; | supa-has-policy-exec-action-detail objects."; | |||
} | } | |||
} | } | |||
identity SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC { | ||||
base POLICY-METADATA-TYPE; | ||||
description | ||||
"The identity corresponding to a | ||||
SUPAHasMetadataDecoratorDetail association class | ||||
object instance."; | ||||
} | ||||
grouping supa-has-policy-metadata-dec-detail { | ||||
uses supa-policy-metadata-type { | ||||
refine entity-class { | ||||
default SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC; | ||||
} | ||||
} | ||||
leaf supa-has-policy-metadata-detail-dec-agg-ptr { | ||||
type instance-identifier; | ||||
must "derived-from-or-self (deref(.)/entity-class, | ||||
POLICY-METADATA-TYPE)"; | ||||
description | ||||
"This leaf is an instance-identifier that references | ||||
a SUPAPolicyMetadataDecorator instance end point of | ||||
the association represented by this instance of the | ||||
SUPAHasMetadataDecorator association [1]. The | ||||
grouping supa-has-policy-metadata-detail represents | ||||
the SUPAHasMetadataDecoratorDetail association class. | ||||
Thus, the instance identified by this leaf is the | ||||
SUPAPolicyMetadataDecorator instance that is | ||||
associated by this association to the set of | ||||
SUPAPolicyMetadata instances referenced by the | ||||
supa-has-policy-metadata-detail-dec-part-ptr leaf of | ||||
this grouping."; | ||||
} | ||||
leaf supa-has-policy-metadata-detail-dec-part-ptr { | ||||
type instance-identifier; | ||||
must "derived-from-or-self (deref(.)/entity-class, | ||||
POLICY-METADATA-TYPE)"; | ||||
description | ||||
"This leaf is an instance-identifier that references | ||||
a SUPAPolicyMetadata instance end point of the | ||||
association represented by this instance of the | ||||
SUPAHasMetadataDecorator association [1]. The | ||||
grouping supa-has-policy-metadata-detail represents | ||||
the SUPAHasMetadataDecoratorDetail association class. | ||||
Thus, the instance identified by this leaf is the | ||||
SUPAPolicyMetadata instance that is associated by | ||||
this association to the set of | ||||
SUPAPolicyMetadataDecorator instances referenced by | ||||
the supa-has-policy-metadata-detail-dec-agg-ptr leaf | ||||
of this grouping."; | ||||
} | ||||
description | ||||
"This is an association class, and defines the semantics of | ||||
the SUPAHasMetadataDecorator association. The attributes | ||||
and relationships of this class can be used to define which | ||||
concrete subclasses of the SUPAPolicyMetadataDecorator | ||||
class can be used to wrap which concrete subclasses of the | ||||
SUPAPolicyMetadata class."; | ||||
} | ||||
container supa-policy-metadata-decorator-detail-container { | ||||
description | ||||
"This is a container to collect all object instances of | ||||
type SUPAHasMetadaDecoratorDetail."; | ||||
list supa-policy-metadata-decorator-detail-list { | ||||
key supa-policy-metadata-id; | ||||
uses supa-has-policy-metadata-dec-detail; | ||||
description | ||||
"This is a list of all supa-policy-metadata-detail | ||||
objects."; | ||||
} | ||||
} | ||||
} | } | |||
<CODE ENDS> | <CODE ENDS> | |||
6. IANA Considerations | 6. IANA Considerations | |||
No IANA considerations exist for this document. | No IANA considerations exist for this document. | |||
7. Security Considerations | 7. Security Considerations | |||
TBD | TBD | |||
8. Acknowledgments | 8. Acknowledgments | |||
skipping to change at page 47, line 41 ¶ | skipping to change at page 62, line 16 ¶ | |||
No IANA considerations exist for this document. | No IANA considerations exist for this document. | |||
7. Security Considerations | 7. Security Considerations | |||
TBD | TBD | |||
8. Acknowledgments | 8. Acknowledgments | |||
This document has benefited from reviews, suggestions, comments | This document has benefited from reviews, suggestions, comments | |||
and proposed text provided by the following members, listed in | and proposed text provided by the following members, listed in | |||
alphabetical order: Qin Wu. | alphabetical order: | |||
Qin Wu | ||||
9. References | 9. References | |||
This section defines normative and informative references for this | This section defines normative and informative references for this | |||
document. | document. | |||
9.1. Normative References | 9.1. Normative References | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
skipping to change at page 48, line 21 ¶ | skipping to change at page 62, line 41 ¶ | |||
the Network Configuration Protocol (NETCONF)", | the Network Configuration Protocol (NETCONF)", | |||
RFC 6020, October 2010. | RFC 6020, October 2010. | |||
[RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, | [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, | |||
July 2013. | July 2013. | |||
9.2. Informative References | 9.2. Informative References | |||
[1] Strassner, J., Halpern, J., Coleman, J., "Generic | [1] Strassner, J., Halpern, J., Coleman, J., "Generic | |||
Policy Information Model for Simplified Use of Policy | Policy Information Model for Simplified Use of Policy | |||
Abstractions (SUPA)", | Abstractions (SUPA)", March 21, 2016, | |||
draft-strassner-supa-generic-policy-info-model-05 | draft-ietf-supa-generic-policy-info-model-01 | |||
March 21, 2016 | [2] http://www.omg.org/spec/OCL/ | |||
[3] http://doc.omg.org/formal/2002-04-03.pdf | ||||
[4] http://alloy.mit.edu/alloy/ | ||||
[5] http://www.omg.org/spec/QVT/ | ||||
[6] http://semver.org/ | ||||
[7] Definitions of DAC, MAC, and RBAC may be found here: | ||||
http://csrc.nist.gov/groups/SNS/rbac/faq.html#03 | ||||
[8] ABAC is described here: | ||||
http://csrc.nist.gov/groups/SNS/rbac/index.html | ||||
Authors' Addresses | Authors' Addresses | |||
Joel Halpern | Joel Halpern | |||
Ericsson | Ericsson | |||
P. O. Box 6049 | P. O. Box 6049 | |||
Leesburg, VA 20178 | Leesburg, VA 20178 | |||
Email: joel.halpern@ericsson.com | Email: joel.halpern@ericsson.com | |||
John Strassner | John Strassner | |||
Huawei Technologies | Huawei Technologies | |||
2330 Central Expressway | 2330 Central Expressway | |||
Santa Clara, CA 95138 USA | Santa Clara, CA 95138 USA | |||
Email: john.sc.strassner@huawei.com | Email: john.sc.strassner@huawei.com | |||
Sven van der Meer | ||||
LM Ericsson Ltd. | ||||
Ericsson Software Campus | ||||
Garrycastle | ||||
Athlone | ||||
N37 PV44 | ||||
Ireland | ||||
Email: sven.van.der.meer@ericsson.com | ||||
End of changes. 316 change blocks. | ||||
935 lines changed or deleted | 1616 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |