Network Working Group                                        J. Halpern
Internet-Draft                                                 Ericsson
Intended status: Informational                             J. Strassner
Expires: January 20, April 3, 2017                              Huawei Technologies
                                                          July 20,
                                                        S. Van der Meer
                                                               Ericsson
                                                        October 1, 2016

                     Generic Policy Data Model for
              Simplified Use of Policy Abstractions (SUPA)
              draft-ietf-supa-generic-policy-data-model-00
              draft-ietf-supa-generic-policy-data-model-01

Abstract

   This document defines two YANG policy data models. modules. The first is a
   generic policy model that is meant to be extended on an application-
   specific basis. The second is an exemplary extension of the first
   generic policy model, and defines rules as event-condition-action
   policies. Both models are independent of the level of abstraction of
   the content and meaning of a policy.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current
   Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-Drafts
   as reference material or to cite them other than as "work in
   progress."

   This Internet-Draft will expire on January 20, April 3, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided
   without warranty as described in the Simplified BSD License.

Table of Contents

1.  Overview ....................................................... 2
2.  Conventions Used in This Document .............................. 2
3.  Terminology .................................................... 3
    3.1.  Acronyms .................................................. ................................................. 3
    3.2.  Definitions ............................................... .............................................. 3
    3.3.  Symbology ................................................. 4 ................................................ 5
4.  Design of the SUPA Policy Data Models .......................... 4  ......................... 5
    4.1.  Objectives ............................................... 5
    4.2 Yang Data Model Maintenance ................................ 5
    4.3 YANG Data Model Overview ................................... 6
    4.4.  YANG Tree Diagram ........................................ 7
5.  SUPA Policy Data Model YANG Module ............................. 5 ............................ 11
6.  IANA Considerations ............................................ ........................................... 47
7.  Security Considerations ........................................ ....................................... 47
8.  Acknowledgments ................................................ ............................................... 47
9.  References ..................................................... .................................................... 47
    9.1. Normative References ...................................... ..................................... 48
    9.2. Informative References .................................... ................................... 48
Authors' Addresses ................................................ 48

1.  Overview

   This document defines two YANG [RFC6020] [RFC6991] policy data
   models. The first is a generic policy model that is meant to be
   extended on an application-specific basis. It is derived from the
   Generic Policy Information Model (GPIM) defined in [1]. The second
   is an exemplary extension of the first (generic policy) model, and
   defines policy rules as event-condition-action tuples. Both models
   are independent of the level of abstraction of the content and
   meaning of a policy.

   The GPIM defines a common framework as a set of model elements
   (e.g., classes, attributes, and relationships) that specify a
   common set of policy management concepts that are independent of the
   type of policy (e.g., imperative, procedural, declarative, or
   otherwise). The first YANG data model is a translation of the GPIM
   to a YANG module. The Eca ECA Policy Rule Information Model (EPRIM),
   also defined in [1], extends the GPIM to represent policy rules that
   use the Event-Condition-Action (ECA) paradigm. The second YANG data
   model maps the EPRIM to YANG. The second YANG data model MAY be
   used to augment the functionality of the first YANG data model.

2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
   this document are to be interpreted as described in [RFC2119]. In
   this document, these words will appear with that interpretation
   only when in ALL CAPS. Lower case uses of these words are not to
   be interpreted as carrying [RFC2119] significance.

3.  Terminology

   This section defines acronyms, terms, and symbology used in the
   rest of this document.

3.1.  Acronyms

   CNF        Conjunctive Normal Form
   DNF        Disjunctive Normal Form
   ECA        Event-Condition-Action
   EPRIM      (SUPA) ECA Policy Rule Information Model [1]
   FQDN       Fully Qualified Domain Name
   FQPN       Fully Qualified Path Name
   GPIM       (SUPA) Generic Policy Information Model [1]
   GUID       Globally Unique IDentifier
   NETCONF    Network Configuration protocol
   OAM&P      Operations, Administration, Management, and Provisioning
   OCL        Object Constraint Language {2] [3]
   OID        Object IDentifier
   SUPA       Simplified Use of Policy Abstractions
   UML        Unified Modeling Language
   URI        Uniform Resource Identifier
   UUID       Universally Unique IDentifier

3.2.  Definitions

   Action:  a set of purposeful activities that have a set of associated behavior.

   Boolean Clause:  a logical statement that evaluates to either TRUE
      or FALSE.  Also called Boolean Expression.

   Condition:  a set of attributes, features, and/or values that are to
      be compared with a set of known attributes, features, and/or
      values in order to make a decision.  A Condition, when used in
      the context of a Policy Rule, is used to determine whether or not
      the set of Actions in that Policy Rul Rule can be executed or not.

   Constraint:    A constraint is a limitation or restriction.
      Constraints may be added to any type of object (e.g., events,
      conditions, and actions in Policy Rules).

   Constraint Programming:  a type of programming that uses constraints
      to define relations between variables in order to find
      a feasible (and not necessarily optimal) solution.

   Data Model:  a data model is a representation of concepts of
      interest to an environment in a form that is dependent on data
      repository, data definition language, query language,
      implementation language, and protocol (typically one or more of
      these). This definition is taken from [1].

   ECA:    Event - Condition - Action policy. (a type of policy).

   Event:  an Event is defined as any important occurrence in time of
      a change in
      the system being managed, and/or in the environment of the system
      being managed. An Event may represent the changing or maintaining
      of the state of a managed object. An Event, when used in the
      context of a Policy Rule, is used to determine whether the condition
      Condition clause of an imperative (i.e., ECA) Policy Rule can be
      evaluated or not.

   FQPN (FUlly Qualified Path Name)
      The specification of a path to a file in a system that
      unambiguously resolves to only that specific file. In this
      sense, "fully qualified" is independent of context. However,
      in a distributed system, it may be dependent on the specific
      format of an operating system. Hence, implementations should
      consider such issues before allowing the use of FQPNs.

   Information Model:  an information model is a representation of
      concepts of interest to an environment in a form that is
      independent of data repository, data definition language, query
      language, implementation language, and protocol. This definition
      is taken from [1].

   Metadata:  metadata is data that provides descriptive and/or
      prescriptive information about the object(s) to which it is attached.

   Policy Rule:
      associated. This enables structure and content of the object(s)
      to which it applies, as well as usage and other information, to
      be represented in an extensible manner. It avoids "burying"
      common information in specific classes, and increases reuse.

  SUPAPolicy: A SUPAPolicy is, in this version of this document, an ECA
      policy rule that MUST contain an ECA policy rule, SHOULD contain
      one or more SUPAPolicyMetadata objects, and MAY contain other
      elements that define the semantics of the policy rule. An ECA
      Policy Rule is MUST contain an event clause, a set of rules that condition clause, and
      an action clause. Policies are used generically defined as a means to
      manage
      monitor and control the changing or and/or maintaining of the state
      of one or more managed objects. This definition is based on the
      definition of SUPAPolicy in [1].

3.3.  Symbology

   The following representation is used to describe YANG data modules
   defined in this draft.

   o  Brackets "[" and "]" enclose list keys.

   o  Abbreviations before data node names: "rw" means configuration
      data (read-write), and "ro" means state data (read-only).

   o  Symbols after data node names: "?" means an optional node, "!"
      means a presence container, and "*" denotes a list and leaf-list.

   o  Parentheses enclose choice and case nodes, and case nodes are also
      marked with a colon (":").

   o  Ellipsis ("...") stands for contents of subtrees that are not
      shown.

4.  Design of the SUPA Policy Data Models

   This section describes the design philosophy of the YANG data model,
   and how they will be completed in maintained.

4.1.  Objectives

   These Data Models are derived from the next version of this draft. Three
   important points are:

   - different policy models SUPA Generic Policy
   Information Model [1]. The overall objective is to faithfully
   transform that information model into a YANG data model that can
   be used for communicating policy. The policy scope to be covered is
   that defined by [1]; please refer to it for more details and
   background information.

   This model is an extensible framework that is independent of the
   implementation approach for storing polices, as well as being
   independent of the content and meaning of specific policies.  These
   models can be extended (generally by using the groupings here and
   defining additional containers for concrete classes) to represent
   domain- and/or application-specific policies.  The ECA model in this
   document is an example of extending the general policy model towards
   specific policies.

   By using this approach, different policy models will use common
   semantics, enabling them to be more easily integrated.

   One of the important goals of this work is for the semantics of
   these models to align with those of the generic policy information
   model.  Thus, most of this model was generate by a quasi-algorithmic
   transformation of the information model.  This was done by hand.
   Certain changes were made to reflect the fact that this is a YANG
   data model, and therefore, does not need to generically allow for
   all data modelling languages.  Details of the process are described
   below in section 4.3.

4.2 Yang Data Model maintenance

   All model changes should be done to both the information model and
   the data model in parallel.  Care is being taken during development
   of this model to ensure that is the case.

   In general, structural changes will be applied to both the
   information model and the data model, and then any necessary YANG
   repairs taken to preserve the validity of the YANG data model.

4.3 YANG Data Model Overview

   This YANG data model is generated by applying suitable YANG
   constructs to represent the information in the information model.

   There are three key information modeling concepts that this data
   model needs to represent consistently.  These are classes, class
   inheritance (also known as subclassing) and associations.  The
   SUPA generic policy information model [1] makes extensive use of
   these concepts.

   Each class in the model is represented by a YANG identity and by a
   YANG grouping.  The use of groupings enables us to define these
   classes abstractly.  Each grouping begins with two leaves (either
   defined in the grouping or inherited via a using clause), which
   provide common functionality.  One leaf is used for the system-wide
   unique identifier for this instance.  This is either named
   supa-policy-ID (for the SUPAPolicyObject tree, which contains
   everything EXCEPT metadata objects) or supa-policy-metadata-id (for
   the SUPAPolicyMetadata tree, which ONLY contains metadata). All
   associations use supa-policy-IDs.  The second leaf is always called
   the entity-class.  It is an identityref which is set to the identity
   of the instance.  The default value for this leaf is always
   correctly defined by the grouping.  It is read-write in the YANG
   formalism due to restrictions on the use of MUST clauses.

   Class inheritance (or subclassing) is done by defining an identity
   and a grouping for the new class.  The identity is based on the
   parent identity, and is given a new name to represent this class.
   The new grouping uses the parent grouping.  It refines the
   entity-class of the parent, replacing the default value of the
   entity-class with the correct value for this class.

   Associations are represented by the use of instance-identifiers and
   association classes.  Association classes are classes, using the
   above construction, which contain leaves representing the set of
   instance-identifiers for each end of the association, along with
   any other properties the information model assigns to the
   association.  The two associated classes each have common semantics
   - capture those semantics within a common framework (GPIM)
   - extend these semantics leaf with an
   instance-identifier that points to the association class instance.
   Each instance-identifier leaf is defined with a must clause. That
   must clause references the entity-class of the target of the
   instance-identifier, and specifies that the entity class type must
   be the same as, or subclassed from, a specific ECA example (EPRIM) named class.  Thus,
   associations can point to any instance of a selected class, or any
   instance of any subclass of that target.

   While not mandated by the YANG, it is expected that the xpath for
   the instance-identifier will end with an array selection specifying
   the supa-policy-ID or supa-policy-metadata-id of the target. This
   enables us to construct the abstract class tree, with inheritance
   and associations.  It is noted and accepted that this process does
   lose the distinction between containment, association, and
   aggregation used by the information model.

   The concrete class tree is constructed as follows.  The YANG model
   defines a container for each class that is defined as concrete by
   the information model.  That container contains a single list,
   keyed by either the supa-policy-id or the supa-policy-metadata-id.
   The content of the list is defined by a uses clause referencing the
   grouping that defines the class. After this was done, certain
   additional modifications were made. Specifically, any information
   model constructs intended to represent lists of possible values
   were recast as YANG enumerations.  Where these lists are used more
   than once, they are factored out into reusable enumerations.

   Certain attributes that are not needed in the YANG (e.g., to
   represent the range of choices different data models might use for
   policy identification) were removed for simplicity and clarity.

4.4.  YANG Tree Diagram

   The YANG Tree Diagram starts on the next page. It uses the following
   abbreviations for datatypes:

      - B:    Boolean
      - E:    enumeration
      - II:   instance-identifier
      - IR:   identityref
      - PC:   policy-constraint-language-list
      - PD:   policy-data-type-encoding-list
      - S:    string
      - YD:   yang:date-and-time
      - UI:   uint32

module:  ietf-supa-policydatamodel
   +--rw supa-encoding-clause-container
   |  +--rw supa-encoding-clause-list* [supa-policy-ID]
   |     +--rw supa-policy-ID                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-has-policy-component-decorator-part-ptr          II
   |     +--rw supa-policy-clause-deploy-status                      E
   |     +--rw supa-has-policy-clause-part-ptr*                      II
   I     +--rw supa-encoded-clause-content                           S
   I     +--rw supa-encoded-clause-language                          E
   +--rw supa-policy-variable-container
   |  +--rw supa-policy-variable-list* [supa-policy-ID]
   |     +--rw supa-policy-ID                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-has-policy-component-decorator-part-ptr          II
   |     +--rw supa-has-policy-component-decorator-agg-ptr*          II
   |     +--rw supa-decorator-constraints*                           S
   |     +--rw supa-has-decorator-constraint-encoding?               PC
   |     +--rw supa-policy-term-is-negated?                          B
   |     +-rw supa-policy-variable-name?                             S
   +--rw supa-policy-operator-container
   |  +--rw supa-policy-operator-list* [supa-policy-ID]
   |     +--rw supa-policy-ID                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-has-policy-component-decorator-part-ptr          II
   |     +--rw supa-has-policy-component-decorator-agg-ptr*          II
   |     +--rw supa-decorator-constraints*                           S
   |     +--rw supa-has-decorator-constraint-encoding?               PC
   |     +--rw supa-policy-term-is-negated?                          B
   |     +--rw supa-policy-value-op-type                             E
   +--rw supa-policy-value-container
   |  +--rw supa-policy-value-list* [supa-policy-ID]
   |     +--rw supa-policy-ID                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-has-policy-component-decorator-part-ptr          II
   |     +--rw supa-has-policy-component-decorator-agg-ptr*          II
   |     +--rw supa-decorator-constraints*                           S
   |     +--rw supa-has-decorator-constraint-encoding?               PC
   |     +--rw supa-policy-term-is-negated?                          B
   |     +--rw supa-policy-value-content*                            S
   |     +--rw supa-policy-value-encoding?                           PD
   +--rw supa-policy-generic-decorated-container
   |  +--rw supa-encoding-clause-list* [supa-policy-ID]
   |     +--rw supa-policy-ID                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-has-policy-component-decorator-part-ptr          II
   |     +--rw supa-has-policy-component-decorator-agg-ptr*          II
   |     +--rw supa-decorator-constraints*                           S
   |     +--rw supa-has-decorator-constraint-encoding?               PC
   |     +--rw supa-policy-generic-decorated-content*                S
   |     +--rw supa-policy-generic-decorated-encoding?               PD
   +--rw supa-policy-concrete-metadata-container
   |  +--rw supa-policy-concrete-metadata-list*
                                        [supa-policy-metadata-ID]
   |     +--rw supa-policy-metadata-id                               S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-metadata-description?                     S
   |     +--rw supa-policy-metadata-name?                            S
   |     +--rw supa-has-policy-metadata-part-ptr*                    II
   |     +--rw supa-has-policy-metadata-dec-part-ptr*                II
   |     +--rw supa-policy-metadata-valid-period-end?                YD
   |     +--rw supa-policy-metadata-valid-period-start?              YD
   +--rw supa-policy-metadata-decorator-access-container
   |  +--rw supa-policy-metadata-decorator-access-list*
                                        [supa-policy-metadata-ID]
   |     +--rw supa-policy-metadata-id                               S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-metadata-description?                     S
   |     +--rw supa-policy-metadata-name?                            S
   |     +--rw supa-has-policy-metadata-part-ptr*                    II
   |     +--rw supa-has-policy-metadata-dec-part-ptr*                II
   |     +--rw supa-has-policy-metadata-dec-agg-ptr?                 II
   +--rw supa-policy-metadata-decorator-version-container
   |  +--rw supa-policy-metadata-decorator-version-list*
                                        [supa-policy-metadata-ID]
   |     +--rw supa-policy-metadata-ID                               S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-metadata-description?                     S
   |     +--rw supa-policy-metadata-name?                            S
   |     +--rw supa-has-policy-metadata-part-ptr*                    II
   |     +--rw supa-has-policy-metadata-dec-part-ptr*                II
   |     +--rw supa-has-policy-metadata-dec-agg-ptr?                 II
   +--rw supa-policy-metadata-detail-container
   |  +--rw supa-policy-metadata-detail-list [supa-policy-ID]
   |     +--rw supa-policy-id                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-has-policy-metadata-detail-agg-ptr?              II
   |     +--rw supa-has-policy-metadata-detail-part-ptr?             II
   |     +--rw supa-policy-metadata-detail-is-applicable?            B
   |     +--rw supa-policy-metadata-detail-constraint*               S
   |     +--rw supa-policy-metadata-detail-constraint-encoding?      PC
   +--rw supa-policy-component-decorator-detail-container
   |  +--rw supa-policy-component-decorator-detail-list*
                                                  [supa-policy-ID]
   |     +--rw supa-policy-id                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-has-policy-component-decorator-agg-ptr?          II
   |     +--rw supa-has-policy-component-decorator-part-ptr?         II
   |     +--rw supa-has-decorator-constraint*                        S
   |     +--rw supa-has-decorator-constraint-encoding                PC
   +--rw supa-policy-source-detail-container
   |  +--rw supa-policy-source-detail-list* [supa-policy-ID]
   |     +--rw supa-policy-id                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   I     +--rw supa-has-policy-source-detail-agg-ptr?                II
   I     +--rw supa-has-policy-source-detail-part-ptr?               II
   I     +--rw supa-policy-source-is-authenticated?                  B
   I     +--rw supa-policy-source-is-trusted?                        B
   +--rw supa-policy-target-detail-container
   |  +--rw supa-policy-target-detail-list* [supa-policy-ID]
   |     +--rw supa-policy-id                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   I     +--rw supa-has-policy-target-detail-agg-ptr?                II
   I     +--rw supa-has-policy-target-detail-part-ptr?               II
   I     +--rw supa-policy-target-is-authenticated?                  B
   I     +--rw supa-policy-target-is-enabled?                        B
   +--rw supa-policy-clause-detail-container
   |  +--rw supa-policy-clause-detail-list* [supa-policy-ID]
   |     +--rw supa-policy-id                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-policy-admin-status                              E
   |     +--rw supa-policy-continuum-level?                          UI
   |     +--rw supa-policy-deploy-status                             E
   |     +--rw supa-policy-exec-fail-strategy                        E
   |     +--rw supa-has-policy-source-agg-ptr*                       II
   |     +--rw supa-has-policy-target-agg-ptr*                       II
   |     +--rw supa-has-policy-clause-agg-ptr*                       II
   |     +--rw supa-has-policy-exec-fail-action-agg-ptr*             II
   |     +--rw supa-has-policy-exec-fail-action-part-ptr*            II
   |     +--rw supa-has-policy-clause-detail-agg-ptr?                II
   |     +--rw supa-has-policy-clause-detail-part-ptr?               II
   +--rw supa-policy-exec-fail-take-action-detail-container
   |  +--rw supa-policy-exec-fail-take-action-detail-list*
                                               [supa-policy-ID]
   |     +--rw supa-policy-id                                        S
   |     +--rw entity-class?                                         IR
   |     +--rw supa-policy-name?                                     S
   |     +--rw supa-policy-object-description?                       S
   |     +--rw supa-has-policy-metadata-agg-ptr*                     II
   |     +--rw supa-policy-admin-status                              E
   |     +--rw supa-policy-continuum-level?                          UI
   |     +--rw supa-policy-deploy-status                             E
   |     +--rw supa-policy-exec-fail-strategy                        E
   |     +--rw supa-has-policy-source-agg-ptr*                       II
   |     +--rw supa-has-policy-target-agg-ptr*                       II
   |     +--rw supa-has-policy-clause-agg-ptr*                       II
   |     +--rw supa-has-policy-exec-fail-action-agg-ptr*             II
   |     +--rw supa-has-policy-exec-fail-action-part-ptr*            II
   |     +--rw supa-has-exec-fail-action-detail-agg-ptr?             II
   |     +--rw supa-has-exec-fail-action-detail-part-ptr?            II
   |     +--rw supa-policy-exec-fail-take-action-name*               S
   +--rw supa-policy-metadata-decorator-detail-container
      +--rw supa-policy-metadata-decorator-detail-list*
                                     [supa-policy-metadata-ID]
         +--rw supa-policy-metadata-id                               S
         +--rw entity-class?                                         IR
         +--rw supa-policy-metadata-description?                     S
         +--rw supa-policy-metadata-name?                            S
         +--rw supa-has-policy-metadata-part-ptr*                    II
         +--rw supa-has-policy-metadata-dec-part-ptr*                II
         +--rw supa-has-policy-metadata-detail-dec-agg-ptr?          II
         +--rw supa-has-policy-metadata-detail-dec-part-ptr?         II

5.  SUPA Policy Data Model YANG Module

   The SUPA YANG data model module is divided into two main parts:

      1) a set of containers that represent the objects that make
         updated a Policy Rule and its Policy Rule Components
      2) a set of containers that represent the objects that define and
         apply metadata to Policy Rules and/or Policy Rule Components

[Editor's note]   < This will be finished in version 02 >
<CODE BEGINS> file "ietf-supa-policydatamodel@2016-03-21.yang" "ietf-supa-policydatamodel@2016-10-01.yang"

module ietf-supa-policydatamodel {

    yang-version 1.1;
    namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel";
    prefix supa-pdm;

    import ietf-yang-types {
        prefix yang;
    }

    organization "IETF";
        contact
            "Editor: Joel Halpern
             email: jmh@joelhalpern.com;
             Editor: John Strassner
             email: strazpdj@gmail.com;";

    description
        "This module defines a data model for generic high level
         definition of policies to be applied to a network.
         This module is derived from and aligns with
         draft-strassner-supa-generic-policy-info-model-04.
         draft-ietf-supa-generic-policy-info-model-01.
         Details on all classes, associations, and attributes
         can be found there.
         Copyright (c) 2015 IETF Trust and the persons identified
         as the document authors.  All rights reserved.
         Redistribution and use in source and binary forms, with or
         without modification, is permitted pursuant to, and
         subject to the license terms contained in, the Simplified
         BSD License set forth in Section 4.c of the IETF Trust's
         Legal Provisions Relating to IETF Documents
         (http://trustee.ietf.org/license-info).";

    revision 2016-07-20 "2016-10-01" {
        description
            "Conversion
            "20161001:  Minor edits in association definitions.
             20160928:  Generated yang tree.
             20160924:  Rewrote association documentation; rebuilt
             how all classes are named for consistency.
             20160904:  Optimization of module by eliminating leaves
             that are not needed; rewrote section 4.
             20160824:  Edits to sync data model to info model.
             20160720:  Conversion to WG draft, 20160720. draft. Fixed pyang 1.1
             compilation errors. Fixed must clause derefencing
             used in grouping statements. Reformatted and expanded
             descriptions. Fixed various typos.
             20160321:  Initial version, 20160321"; version.";
        reference
            "draft-ietf-supa-policy-data-model-00";
    }
    typedef policy-constraint-language-list {
        type enumeration {
            enum "undefined" "error" {
                description
                    "This may be used as an initialization and/or signifies an error state."; state. OAM&P Policies
                     SHOULD NOT use this SUPAPolicy if the value of
                     this attribute is error.";
            }
            enum "init" {
                description
                    "This signifies a generic initialization state. A
                     suitable Policy Constraint Language (e.g., OCL [2]
                     or Alloy[4]) may now be defined.";
            }
            enum "OCL2.4" {
                description
                    "Object Constraint Language v2.4. v2.4 [2]. This is a
                     declarative language for describing rules for
                     defining constraints and query expressions.";
            }
            enum "OCL2.x" {
                description
                    "Object Constraint Language, v2.0 through 2.3.1."; 2.3.1
                     [2].";
            }
            enum "OCL1.x" {
                description
                    "Object Constraint Language, any version prior
                     to v2.0."; v2.0 [3].";
            }
            enum "QVT1.2R" {
                description
                    "QVT Relational Language."; Language [5].";
            }
            enum "QVT1.2O" {
                description
                    "QVT Operational language."; language [5].";
            }
            enum "Alloy" {
                description
                    "A language for defining structures and
                     and relations using constraints."; constraints [4].";
            }
        }
        description
            "The language used to encode the constraints
             relevant to the relationship between the metadata
             and the underlying policy object.";
    }
    typedef policy-data-type-id-encoding-list {
        type enumeration {
            enum "undefined" "error" {
                description
                    "This can be used for either initialization
                     or for signifying signifies an error state. OAM&P Policies
                     SHOULD NOT use this SUPAPolicy if the value of
                     this attribute is error.";
            }
            enum "String" "init" {
                description
                    "The clause is directly present
                    "This signifies an initialization state.";
            }
            enum "primary_key" {
                description
                    "This represents the primary key of a table, which
                     uniquely identifies each record in that table.
                     It MUST NOT be NULL. It MAY consist of a single
                     or multiple fields. Note that a YANG data model
                     implementation does NOT have to implement this
                     enumeration.";
            }
            enum "foreign_key" {
                description
                    "This represents the content."; foreign key, which is a set
                     or more fields in one table that uniquely
                     identify a row in another table. It MAY be
                     NULL. Note that a YANG data model implementation
                     does NOT have to implement this enumeration.";
            }
            enum "GUID" {
                description
                    "The clause object is referenced by this GUID.";
            }
            enum "UUID" {
                description
                    "The clause object is referenced by this UUID.";
            }
            enum "URI" {
                description
                    "The clause object is referenced by this URI.";
            }
            enum "FQDN" {
                description
                    "The clause object is referenced by this FQDN.";
            }
            enum "FQPN" {
                description
                    "The object is referenced by this FQPN. Note that
                     FQPNs assume that all components can access a
                     single logical file repostory.";
            }
            enum "string_instance_id" {
                description
                    "A string that is the canonical representation,
                     in ASCII, of an instance ID of this object.";
            }
        }
        description
            "The list of possible data types used to represent object
             IDs in the SUPA policy hierarchy."; SUPA policy hierarchy.";
    }

    typedef policy-data-type-encoding-list {
        type enumeration {
            enum "error" {
                description
                    "This signifies an error state. OAM&P Policies
                     SHOULD NOT use this SUPAPolicy if the value of
                     this attribute is error.";
            }

    typedef policy-data-type-encoding-list {
        type enumeration {
            enum "undefined" "init" {
                description
                    "This can be used for either initialization
                     or for signifying signifies an error."; initialization state.";
            }
            enum "string" {
                description
                    "This represents a string data type.";
            }
            enum "integer" {
                description
                    "This represents an integer data type.";
            }
            enum "boolean" {
                description
                    "This represents a Boolean data type.";
            }
            enum "floating point" {
                description
                    "This represents a floating point data type.";
            }
            enum "date-and-time" {
                description
                    "This represents a data type that can specify
                     date and/or time.";
            }
            enum "GUID" {
                description
                    "This represents a GUID data type.";
            }
            enum "UUID" {
                description
                    "This represents a UUID data type.";
            }
            enum "URI" {
                description
                    "This represents a Uniform Resource Identifier
                     (URI) URI data type.";
            }
            enum "DN" {
                description
                    "This represents a Distinguished Name (DN) DN data type.";
            }
            enum "FQDN" {
                description
                    "The object is referenced by this FQDN.";
            }
            enum "FQPN" {
                description
                    "The object is referenced by this FQPN. Note that
                     FQPNs assume that all components can access a
                     single logical file repostory.";
            }
            enum "NULL" {
                description
                    "This represents a NULL data type. NULL means the
                     absence of an actual value. NULL is frequently
                     used to represent a missing or invalid value.";
            }
            enum "string_instance_id" {
                description
                    "A string that is the canonical representation,
                     in ASCII, of an instance ID of this object.";
            }
        }
        description
            "The set of allowable data types used to encode
             multi-valued SUPA Policy attributes.";
    }

// identities Identities are used in this model as a means to provide simple
// reflection introspection to allow an instance-identifier to be tested as to what
// what class it represents. In turn, this This allows must clauses to specify
// that the target of a particular instance-identifier leaf must be a
// specific class, or within a certain branch of the inheritance tree.
// This depends upon the ability to refine the entity class default
// value. The entity class should be read-only. Howeverm However, as this is
// the target of a MUST condition, it cannot be config-false. Also,
// it appears that we cannot put a MUST condition on its definition,
// as the default (actual) value changes at for each inheritance. inherited object.

    identity POLICY-OBJECT-TYPE {
        description
            "The identity corresponding to a SUPAPolicyObject
             object instance.";
    }
    grouping supa-policy-object-type {
        leaf supa-policy-ID {
            type string;
            mandatory true;
            description
                "The string identifier of this policy object.
                 It must object, which
                 functions as the unique object identifier of this
                 object instance. This attribute MUST be unique within
                 the policy system."; system. This attribute is named
                 supaObjectIDContent in [1], and is used with another
                 attribute (supaObjectIDEncoding); since the YANG data
                 model does not need this genericity, the
                 supaObjectIDContent attribute was renamed, and the
                 supaObjectIDEncoding attribute was not mapped.";
        }
        leaf entity-class {
            type identityref {
                base POLICY-OBJECT-TYPE;
            }
            default POLICY-OBJECT-TYPE;
            description
                "The identifier of the class of this grouping.";
        }
        leaf supa-policy-object-ID-encoding supa-policy-name {
            type policy-data-type-id-encoding-list;
            mandatory true; string;
            description
                "The encoding used by
                "A human-readable name for this policy object. Note
                 that this is NOT the supa-object-ID."; object ID.";
        }
        leaf supa-policy-object-description {
            type string;
            description
                "Human readable
                "A human-readable description of the characteristics
                 and behavior of this policy object.";
        }
        leaf supa-policy-name {
            type string;
            description
                "A human-readable name for this policy.";
        }
        leaf-list supa-has-policy-metadata-agg supa-has-policy-metadata-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-METADATA-ASSOC)";
            description
                "The SUPAPolicyObject object instance
                "This leaf-list holds instance-identifiers that aggregates
                 this set of
                 reference a SUPAHasPolicyMetadata association [1].
                 This association is represented by the grouping
                 supa-has-policy-metadata-detail. This association
                 describes how each SUPAPolicyMetadata object instances. As
                 there are attributes on instance is
                 related to a given SUPAPolicyObject instance. Since
                 this association, association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-metadata-detail (which
                 includes subclasses of this association class).";
        }
        description
            "This represents the SUPAPolicyObject [1] class. It is the
             superclass for all SUPA objects. It Policy objects (i.e., all objects
             that are either Policies or components of Policies). Note
             that SUPA Policy Metadata objects are NOT subclassed from
             this class; they are instead subclassed from the
             SUPAPolicyMetadata (i.e., supa-policy-metadata-type)
             object. This class (supa-policy-object-type) is used to
             define common attributes and relationships that all SUPA
             Policy subclasses inherit."; inherit. It MAY be augmented with a set
             of zero or more SUPAPolicyMetadata objects using the
             SUPAHasPolicyMetadata association, which is represented
             by the supa-has-policy-metadata-agg leaf-list.";
    }

    identity POLICY-COMPONENT-TYPE {
        base POLICY-OBJECT-TYPE;
        description
            "The identity corresponding to a
             SUPAPolicyComponentStructure object instance.";
    }

    grouping supa-policy-component-structure-type {
        uses supa-policy-object-type {
            refine entity-class {
                default POLICY-COMPONENT-TYPE; POLICY-OBJECT-TYPE;
            }
        }
        leaf supa-has-policy-component-decorator-part supa-has-policy-component-decorator-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)";
            mandatory true;
            description
                "A
                "This leaf holds instance-identifiers that
                 reference to the a SUPAHasDecoratedPolicyComponent
                 association class for relating
                 policy component decorators to the policy components
                 they decorate. This [1], and is represented by the set of grouping
                 supa-has-decorator-policy-component-detail. This
                 association describes how each
                 SUPAPolicyComponentStructure object instances that are
                 aggregated by instance is related to a
                 given SUPAPolicyComponentDecorator object instance. As there are attributes on Multiple
                 SUPAPolicyComponentDecorator instances may be attached
                 to a SUPAPolicyComponentStructure instance that is
                 referenced in this association, association by using the Decorator
                 pattern [1]. Since this association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the specified grouping. This defines the object
                 class that grouping
                 supa-has-decorator-policy-component-detail (which
                 includes subclasses of this instance-identifier points to."; association class).";
        }
        description
          "A
          "This represents the SUPAPolicyComponent class [1], which is
           the superclass for all objects that represent different types
           of
           components of a Policy Rule. Policy. Important subclasses include the
           SUPAPolicyClause and the SUPAPolicyComponentDecorator.
           This object is the root of the decorator pattern; Decorator pattern [1]; as
           such, it enables all of its concrete subclasses to be decorated.";
           wrapped with other concrete subclasses of the
           SUPAPolicyComponentDecorator class.";
    }

    identity POLICY-COMPONENT-DECORATOR-TYPE {
        base POLICY-COMPONENT-TYPE;
        description
            "The identity corresponding to a
             SUPAPolicyComponentDecorator object instance.";
    }

    grouping supa-policy-component-decorator-type {
        uses supa-policy-component-structure-type {
            refine entity-class {
                default POLICY-COMPONENT-DECORATOR-TYPE; POLICY-COMPONENT-TYPE;
            }
        }
        leaf-list supa-has-policy-component-decorator-agg supa-has-policy-component-decorator-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)";
            max-elements
            min-elements 1;
            description
                "The SUPAPolicyComponentDecorator object instance
                "This leaf-list holds instance-identifiers that aggregates this set of
                 SUPAPolicyComponentStructure object instances.
                 reference a SUPAHasDecoratedPolicyComponent
                 association [1]. This association is a list represented by the
                 grouping supa-has-decorator-policy-component-detail.
                 This leaf-list helps implement the Decorator pattern
                 [1], which enables all or part of associations one or more object
                 instances to the SUPA policy components
                 that this decorator decorates. As there are attributes
                 on wrap another object instance. For
                 example, any concrete subclass of SUPAPolicyClause,
                 such as SUPAEncodedClause, may be wrapped by any
                 concrete subclass of SUPAPolicyComponentDecorator
                 (e.g., SUPAPolicyEvent). Since this association, association class
                 contains attributes, the instance-identifier MUST
                 point to an instance using the specified grouping.
                 This defines the object class that grouping
                 supa-has-decorator-policy-component-detail (which
                 includes subclasses of this
                 instance-identifier points to."; association class).";
        }
        leaf-list supa-decorator-constraints {
            type string;
            description
               "A
               "This is a set of constraint expression applying expressions that are
                applied to this decorator, allowing the specification
                of details not captured in its subclasses, using an
                appropriate constraint language."; language that is specified in
                the supa-has-decorator-constraint-encoding leaf.";
        }
        leaf supa-has-decorator-constraint-encoding {
            type policy-constraint-language-list;
            description
               "The language in which the constraints on the
                policy component decorator is expressed."; expressed. Examples
                include OCL 2.4 [2], Alloy [3], and English text.";
        }
        description
           "This object implements the decorator pattern, Decorator pattern [1], which
            enables all or part of one or more concrete objects to
            wrap another concrete object.";
    }

    identity POLICY-COMPONENT-CLAUSE-TYPE {
        base POLICY-COMPONENT-TYPE; POLICY-OBJECT-TYPE;
        description
            "The identity corresponding to a SUPAPolicyClause
             object instance.";
    }

    grouping supa-policy-clause-type {
        uses supa-policy-component-structure-type {
            refine entity-class {
               default POLICY-COMPONENT-CLAUSE-TYPE;
            }
        }
        leaf supa-policy-clause-exec-status supa-policy-clause-deploy-status {
            type enumeration {
                enum "Unknown" "error" {
                    description
                        "This may be used as an initialization and/or signifies an error state."; state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicyClause if the
                         value of this attribute is error.";
                }
                enum "Completed" "init" {
                    description
                        "This signifies that this particular policy
                        clause has run successfully, and is now idle."; an initialization state.";
                }
                enum "Working" "deployed and enabled" {
                    description
                        "This signifies that this particular policy
                        clause is currently SUPAPolicyClause has been deployed in use,
                         the system and no errors have
                        been reported."; is currently enabled.";
                }
                enum "Not Working" "deployed and in test" {
                    description
                        "This signifies that this particular policy
                        clause SUPAPolicyClause has been deployed in the
                         system, but is currently in use, but one or more
                        errors have been reported."; test and SHOULD
                         NOT be used in OAM&P policies.";
                }
                enum "Available" "deployed but not enabled" {
                    description
                        "This signifies that this particular policy
                        clause could be used, but currently is not SUPAPolicyClause has been deployed in use."; the
                         system, but has been administratively
                         disabled.";
                }
                enum "In Test" "ready to be deployed" {
                    description
                        "This signifies that this particular policy
                        clause SUPAPolicyClause has been properly
                         initialized, and is not for use in operational policies."; now ready to be deployed.";
                }
                enum "Disabled" "cannot be deployed" {
                    description
                        "This signifies that this particular policy
                        clause is not available for use."; SUPAPolicyClause has been administratively
                         disabled, and SHOULD NOT be used as part of
                         an OAM&P policy.";
                }
            }
            mandatory true;
            description
                "This describes defines whether this policy clause is in
                use and SUPAPolicy has been
                 deployed and, if so so, whether it is working properly."; enabled and
                 ready to be used or not.";
        }
        leaf-list supa-has-policy-clause-part supa-has-policy-clause-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-CLAUSE-ASSOC)";
            min-elements 1;
            description
                "The set
                "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolicyClause association [1],
                 and is represented by the grouping
                 supa-has-policy-clause-detail. This association
                 describes how each SUPAPolicyClause instance is
                 related to this particular SUPAPolicyStructure
                 instance. For example, this association may restrict
                 which concrete subclasses of the SUPAPolicyStructure
                 class can be associated with which contrete subclasses
                 of the SUPAPolicyClause object instances that are
                 aggregated class. The set of
                 SUPAPolicyClauses, identified by this SUPAPolicyStructure (i.e., this
                 SUPA Policy Rule) object instance. This defines leaf-list,
                 define the
                 object class that content of this SUPAPolicyStructure.

                 Since this association class contains attributes, the
                 instance-identifier points to."; MUST point to an instance using
                 the grouping supa-has-policy-clause-detail (which
                 includes subclasses of this association class).";
        }
        description
           "The parent class for all SUPA Policy Clauses."; Clauses. A
            SUPAPolicyClause is a fundamental building block for
            creating SUPA Policies. A SUPAPolicy is a set of
            statements, and a SUPAPolicyClause can be thought of as all
            or part of a statement. The Decorator pattern [1] is used,
            which enables the contents of a SUPAPolicyClause to be
            adjusted dynamically at runtime without affecting other
            objects of either type.";
    }

    identity POLICY-ENCODED-CLAUSE-TYPE {
        base POLICY-COMPONENT-CLAUSE-TYPE;
        description
            "The identity corresponding to a SUPAPolicyEncodedClause SUPAEncodedClause
             object instance.";
    }

    grouping supa-encoded-clause-type {
        uses supa-policy-clause-type {
            refine entity-class {
                default POLICY-ENCODED-CLAUSE-TYPE;
            }
        }
        leaf supa-encoded-clause-content {
            type string;
            mandatory true;
            description
               "Either a reference to a source for this clause or
               "This defines the
                string representation content of this SUPAEncodedClause; the clause.";
        }
        leaf supa-encoded-clause-encoding {
            type policy-data-type-id-encoding-list;
            mandatory true;
            description
               "The encoding for
                language used to express this content is defined by the encoding clause content.";
                supa-encoded-clause-language attribute.";
        }
        leaf supa-encoded-clause-language {
            type enumeration {
                enum "undefined" "error" {
                    description
                        "This may be used as an initialization and/or signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAEncodedClause if the
                         value of this attribute is error.";
                }
                enum "init" {
                    description
                        "This signifies an initialization state.";
                }
                enum "CLI" "YANG" {
                    description
                        "This defines the language used in this
                         SUPAEncodedClause as a type of YANG.
                         Additional details may be provided by
                         attaching a SUPAPolicyMetadata object to
                         this SUPAEncodedClause object instance.";
                }
                enum "XML" {
                    description
                        "This defines the language as a type of Command
                         Line Interface."; XML.
                         Additional details may be provided by
                         attaching a SUPAPolicyMetadata object to
                         this SUPAEncodedClause object instance.";
                }
                enum "TL1" {
                    description
                        "This defines the language as a type of
                         Transaction Language 1."; 1. Additional details may
                         be provided by attaching a SUPAPolicyMetadata
                         object to this SUPAEncodedClause object
                         instance.";
                }
                enum "YANG" "Text" {
                    description
                        "This defines is a textual string that can be used to
                         define a language choice that is not listed
                         by a specific enumerated value. This string
                         MUST be parsed by the policy system to
                         identify the language being used. A
                         SUPAPolicyMetadata object (represented as a
                         supa-policy-metadata-type leaf) can be used to
                         provide further details about the language as a type of YANG."; language";
                }
            }
            mandatory true;
            description
               "Indicates the lanaguage language used for this SUPAEncodedClause
                object instance.";
        }
        leaf supa-encoded-clause-response {
            type boolean;
            description
               "If present, this represents instance. Prescriptive and/or descriptive
                information about the success or failure usage of this SUPAEncodedClause
                may be provided by one or more SUPAPolicyMetadata
                objects, which are each attached to the last invocation object
                instance of this clause."; SUPAEncodedClause.";
        }
        description
           "This class refines the behavior of the supa-policy-clause
            by encoding the contents of the clause into the attributes
            of this object. This enables clauses that are not based on
            other SUPA objects to be modeled.";
    }

    container supa-encoding-clause-container {
        description
            "This is a container to collect all object instances of
             type SUPAEncodedClause.";
        list supa-encoding-clause-list {
            key supa-policy-ID;
            uses supa-encoded-clause-type;
            description
                "List of all instances of supa-encoding-clause-type.
                 If a module defines subclasses of the encoding clause,
                 those will be stored in modeled. For example, a separate container.";
        }
    }
    identity POLICY-COMPONENT-TERM-TYPE {
        base POLICY-COMPONENT-DECORATOR-TYPE;
        description
            "The identity corresponding to POLICY
            Application could define a
             SUPAPolicyComponentDecorator object instance.";
    }

    grouping supa-policy-term-type {
        uses supa-policy-component-decorator-type {
            refine entity-class {
               default POLICY-COMPONENT-TERM-TYPE;
            }
        }
        leaf supa-policy-term-is-negated {
            type boolean;
            description
               "If the value of this attribute is true, then
                this particular term is negated.";
        }
        description
           "This is the superclass of all SUPA policy objects that are
            used to test CLI or set the value of a variable.";
    }

    identity POLICY-COMPONENT-VARIABLE-TYPE {
        base POLICY-COMPONENT-TERM-TYPE;
        description
            "The identity corresponding to YANG configuration
            snippet and encode that snipped into a SUPAPolicyVariable
             object instance.";
    }

    grouping supa-policy-variable-type {
        uses supa-policy-term-type {
            refine entity-class {
               default POLICY-COMPONENT-VARIABLE-TYPE;
            }
        }
        leaf supa-policy-variable-name {
             type string;
             description
                "A human-readable name for this policy variable.";
         }
        description
           "This is one formulation of SUPAEncodedClause.

            Note that a SUPA Policy Clause. It uses
            an object, defined in the SUPA hierarchy, to represent SUPAEncodedClause simply defines the
            variable portion content
            of the clause. In particular, it does NOT provide a SUPA Policy Clause.
            response. The attribute
            defined by policy engine that is parsing and evaluating
            the supa-policy-variable-name specifies an
            attribute whose content should be compared SUPAPolicy needs to assign a value,
            which is typically specified by supa-policy-value-type."; response to any
            SUPAEncodedClause that it encounters.";
    }

    container supa-policy-variable-container supa-encoding-clause-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyVariable."; SUPAEncodedClause.";
       list supa-policy-variable-list supa-encoding-clause-list {
            key supa-policy-ID;
            uses supa-policy-variable-type; supa-encoded-clause-type;
            description
                "List
                "A list of all instances of supa-policy-variable-type. supa-encoding-clause-type.
                 If a module defines subclasses of this class, the encoding clause,
                 those will be stored in a separate container.";
        }
    }

    identity POLICY-COMPONENT-OPERATOR-TYPE POLICY-COMPONENT-TERM-TYPE {
        base POLICY-COMPONENT-TERM-TYPE; POLICY-COMPONENT-DECORATOR-TYPE;
        description
            "The identity corresponding to a SUPAPolicyOperator SUPAPolicyTerm object
             instance.";
    }

    grouping supa-policy-operator-type supa-policy-term-type {
        uses supa-policy-term-type supa-policy-component-decorator-type {
            refine entity-class {
               default POLICY-COMPONENT-OPERATOR-TYPE; POLICY-COMPONENT-TYPE;
            }
        }
        leaf supa-policy-value-op-type supa-policy-term-is-negated {
            type enumeration {
                enum "unknown" {
                    description
                        "This may be used as an initialization and/or
                         an error state.";
                }
                enum "greater than" {
                    description
                        "A greater-than operator.";
                }
                enum "greater than or equal to" {
                    description
                        "A greater-than-or-equal-to operator.";
                }
                enum "less than" {
                    description
                        "A less-than operator.";
                }
                enum "less than or equal to" {
                    description
                        "A less-than-or-equal-to operator.";
                }
                enum "equal to" {
                    description
                        "An equal-to operator.";
                }
                enum "not equal to"{
                    description
                        "A not-equal-to operator.";
                }
                enum "IN" { boolean;
            description
                        "An operator that determines whether a given
                         value matches any of
               "If the specified values.";
                }
                enum "NOT IN" {
                    description
                        "An operator that determines whether a given value does not match any of the specified
                         values."; this attribute is true, then
                this particular term is negated.";
        }
                enum "SET" {
        description
                        "An operator that makes
           "This is the value superclass of the
                         result equal to the input value.";
                }
                enum "CLEAR"{
                    description
                        "An operator all SUPA policy objects that deletes are
            used to test or set the value of a variable. It does this
            by defining a {variable-operator-value} three-tuple, where
            each element of the
                         specified object."; three-tuple is defined by a concrete
            subclass of the appropriate type (e.g., SUPAPolicyVariable,
            SUPAPolicyOperator, or SUPAPolicyVariable).";
    }
                enum "BETWEEN"
    identity POLICY-COMPONENT-VARIABLE-TYPE {
        base POLICY-COMPONENT-TERM-TYPE;
        description
                        "An operator that determines whether a given
                         value is within
            "The identity corresponding to a specified range of values."; SUPAPolicyVariable
             object instance.";
    }

    grouping supa-policy-variable-type {
        uses supa-policy-term-type {
            refine entity-class {
               default POLICY-COMPONENT-TYPE;
            }
        }
            mandatory true;
            description
                "The

        leaf supa-policy-variable-name {
             type of operator used to compare the variable
                 and value portions of string;
             description
                "A human-readable name for this SUPA Policy Clause."; policy variable.";
         }
        description
           "This is one formulation of a SUPA Policy Clause. It uses
            the canonical form of an object, defined expression, which is a three-tuple
            in the SUPA hierarchy, to represent form {variable, operator, value}. In this approach,
            each of the
            operator portion three terms can either be a subclass of the
            appropriate SUPAPolicyTerm class, or another object that
            plays the role (i.e., a SUPA Policy Clause. variable) of that term. The
            attribute defined by the supa-policy-op-type supa-policy-variable-name
            specifies the name of an attribute whose content defines the type of operator used should be
            compared to compare the variable and value portions portion of this policy clause."; a SUPAPolicyTerm, which is
            typically specified by a SUPAPolicyValue object.";
    }

    container supa-policy-operator-container supa-policy-variable-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyOperator."; SUPAPolicyVariable.";
        list supa-policy-operator-list supa-policy-variable-list {
            key supa-policy-ID;
            uses supa-policy-operator-type; supa-policy-variable-type;
            description
                "List of all instances of supa-policy-operator-type. supa-policy-variable-type.
                 If a module defines subclasses of this class,
                 those will be stored in a separate container.";
        }
    }

    identity POLICY-COMPONENT-VALUE-TYPE POLICY-COMPONENT-OPERATOR-TYPE {
        base POLICY-COMPONENT-TERM-TYPE;
        description
            "The identity corresponding to a SUPAPolicyValue SUPAPolicyOperator
             object instance.";
    }
    grouping supa-policy-value-type supa-policy-operator-type {
        uses supa-policy-term-type {
            refine entity-class {
               default POLICY-COMPONENT-VALUE-TYPE; POLICY-COMPONENT-TYPE;
            }
        }
        leaf-list supa-policy-value-content
        leaf supa-policy-value-op-type {
            type string; enumeration {
                enum "error" {
                    description
               "The content of
                        "This signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicyOperator if the
                         value portion of this SUPA Policy
                Clause. The data type of the content attribute is specified error.";
                }
                enum "init" {
                    description
                        "This signifies an initialization state.";
                }
                enum "greater than" {
                    description
                        "A greater-than operator.";
                }
                enum "greater than or equal to" {
                    description
                        "A greater-than-or-equal-to operator.";
                }
                enum "less than" {
                    description
                        "A less-than operator.";
                }
                enum "less than or equal to" {
                    description
                        "A less-than-or-equal-to operator.";
                }
                enum "equal to" {
                    description
                        "An equal-to operator.";
                }
                enum "not equal to"{
                    description
                        "A not-equal-to operator.";
                }
                enum "IN" {
                    description
                        "An operator that determines whether a given
                         value of a variable in a SUPAPolicyTerm
                         matches a value in
                the supa-policy-value-encoding."; a SUPAPolicyTerm.";
                }
        leaf supa-policy-value-encoding
                enum "NOT IN" {
            type policy-data-type-encoding-list;
                    description
                "The data type
                        "An operator that determines whether a given
                         variable in a SUPAPolicyTerm does not match
                         any of the supa-policy-value-content."; specified values in a
                         SUPAPolicyTerm.";
                }
                enum "SET" {
                    description
           "This is one formulation
                        "An operator that makes the value of a SUPA Policy Clause. It uses
            an object, defined in the SUPA hierarchy,
                         result equal to represent the input value.";
                }

                enum "CLEAR"{
                    description
                        "An operator that sets the value portion of a SUPA Policy Clause. The attribute
            defined by the supa-policy-value-content specifies an
            attribute whose content should be compared
                         specified object to a variable,
            which value that is typically specified by supa-policy-variable-type."; 0 for
                         integer datatypes, an empty string for
                         textual datatypes, and FALSE for Boolean
                         datatypes. This value MUST NOT be NULL.";
                }
    container supa-policy-value-container
                enum "BETWEEN" {
                    description
            "This is
                        "An operator that determines whether a container to collect all object instances of
             type SUPAPolicyValue.";
        list supa-policy-value-list {
            key supa-policy-ID;
            uses supa-policy-value-type;
            description
                "List of all instances of supa-policy-value-type.
                 If given
                         value is within a module defines subclasses specified range of values.
                         Note that this class,
                 those will be stored in a separate container."; is an inclusive operator.";
                }
            }

    identity POLICY-GENERIC-DECORATED-TYPE {
        base POLICY-COMPONENT-DECORATOR-TYPE;
            mandatory true;
            description
                "The identity corresponding type of operator used to a
             SUPAGenericDecoratedComponent object instance.";
    }

    grouping supa-policy-generic-decorated-type {
        uses supa-policy-component-decorator-type {
            refine entity-class {
               default POLICY-GENERIC-DECORATED-TYPE;
            } compare the variable
                 and value portions of this SUPAPolicyTerm.";
        }
        leaf-list supa-policy-generic-decorated-content {
            type string;
        description
               "The content
           "This is one formulation of this a SUPA Policy Clause. The data type
                of this attribute is specified in It uses
            the
                supa-policy-generic-decorated-encoding.";
        }
        leaf supa-policy-generic-decorated-encoding {
            type policy-data-type-encoding-list;
            description
                "The data type canonical form of the
                 supa-policy-generic-decorated-content attribute.";
        }
        description
           "This object enables a generic object to be defined and
            used as an expression, which is a decorator three-tuple
            in a SUPA Policy Clause.
            This should not be confused with the SUPAEncodedClause
            class. This class represents form {variable, operator, value}. In this approach,
            each of the three terms can either be a single, atomic,
            vendor-specific subclass of the
            appropriate SUPAPolicyTerm class, or another object that defines a portion
            plays the role (i.e., an operator) of that term.
            The value of the supa-policy-value-op-type attribute
            specifies an operator that SHOULD be used to compare the
            variable and value portions of a SUPA
            Policy Clause, whereas SUPAPolicyTerm. This is
            typically specified by a SUPA Policy Encoded Clause
            represents the entire policy clause."; SUPAPolicyOperator object.";
    }
    container supa-policy-generic-decorated-container supa-policy-operator-container {
        description
            "This is a container to collect all object instances of
             type SUPAGenericDecoratedComponent."; SUPAPolicyOperator.";
        list supa-encoding-clause-list supa-policy-operator-list {
            key supa-policy-ID;
            uses supa-policy-generic-decorated-type; supa-policy-operator-type;
            description
                "List of all instances of
                 supa-policy-generic-decorated-type. supa-policy-operator-type.
                 If a module defines subclasses of this class,
                 those will be stored in a separate container.";
        }
    }

    identity POLICY-COLLECTION POLICY-COMPONENT-VALUE-TYPE {
        base POLICY-COMPONENT-DECORATOR-TYPE; POLICY-COMPONENT-TERM-TYPE;
        description
            "The identity corresponding to a SUPAPolicyCollection SUPAPolicyValue
             object instance.";
    }

    grouping supa-policy-collection supa-policy-value-type {
        uses supa-policy-component-decorator-type supa-policy-term-type {
            refine entity-class {
               default POLICY-COLLECTION; POLICY-COMPONENT-TYPE;
            }
        }
        leaf-list supa-policy-collection-content supa-policy-value-content {
            type string;
            description
               "The content of the value portion of this collection object. SUPA Policy
                Clause. The data type of the content is specified in supa-policy-collection-encoding.";
                the supa-policy-value-encoding attribute.";
        }
        leaf supa-policy-collection-encoding supa-policy-value-encoding {
            type enumeration {
                enum "undefined" {
                    description
                        "This may be used as an initialization and/or
                         an error state.";
                }
                enum "by regex" { policy-data-type-encoding-list;
            description
                        "This defines the
                "The data type of the content of
                         this collection instance to be a regular
                         expression that contains all or part of a
                         string to match the class name of the object
                         that is to be collected by this instance of a
                         SUPAPolicyCollection class."; supa-policy-value-content
                 attribute.";
        }
                enum "by URI" {
        description
           "This defines the data type of the content is one formulation of
                         this collection instance to be a Uniform
                         Resource Identifier. SUPA Policy Clause. It identifies uses
            the object
                         instance that is to be collected by this
                         instance canonical form of an expression, which is a SUPAPolicyCollection class.";
                }
            }
            mandatory true;
            description
                "The data type three-tuple
            in the form {variable, operator, value}. In this approach,
            each of the supa-policy-collection-content.";
        }
        leaf supa-policy-collection-function {
            type enumeration {
                enum "undefined" {
                    description
                        "This may three terms can either be used as an initialization and/or
                         an error state.";
                }
                enum "event collection" {
                    description
                        "This collection contains objects a subclass of the
            appropriate SUPAPolicyTerm class, or another object that are used
                         to populate
            plays the event clause role (i.e., a value) of that term. The
            attribute defined by supa-policy-value-content specifies a
                         SUPA Policy.";
                }
                enum "condition collection" {
                    description
                        "This collection contains objects
            a value (which is typically specified by a subclass of
            SUPAPolicyVariable) that are used should be compared to populate a value in
            the condition clause variable portion of a
                         SUPA Policy."; the SUPAPolicyTerm.";
    }
                enum "action collection"
    container supa-policy-value-container {
        description
            "This collection contains objects that are used is a container to populate the action clause collect all object instances of a
                         SUPA Policy.";
                }
               enum "logic collection"
             type SUPAPolicyValue.";
        list supa-policy-value-list {
            key supa-policy-ID;
            uses supa-policy-value-type;
            description
                        "This collection contains objects that define
                         logic for processing
                "List of all instances of supa-policy-value-type.
                 If a SUPA Policy.";
                }
            }
            description
                "Defines how module defines subclasses of this collection instance is to class,
                 those will be used."; stored in a separate container.";
        }
        leaf supa-policy-collection-is-ordered
    }

    identity POLICY-GENERIC-DECORATED-TYPE {
            type boolean;
        base POLICY-COMPONENT-DECORATOR-TYPE;
        description
                "If the value of this leaf is true, then all elements
                 in this collection are ordered.";
            "The identity corresponding to a
             SUPAGenericDecoratedComponent object instance.";
    }
        leaf supa-policy-collection-type

    grouping supa-policy-generic-decorated-type {
            type enumeration
        uses supa-policy-component-decorator-type {
                enum "undefined"
            refine entity-class {
                    description
                       "This may be used as an initialization and/or
                        an error state.";
               default POLICY-COMPONENT-TYPE;
            }
                enum "set" {
                    description
                       "An unordered collection of elements that MUST
                        NOT have duplicates.";
        }
                enum "bag"
        leaf-list supa-policy-generic-decorated-content {
            type string;
            description
                       "An unordered collection
               "The content of elements that MAY
                        have duplicates.";
                }
                enum "dictionary" {
                    description
                       "A list this SUPAGenericDecoratedComponent
                object instance. The data type of values that this attribute is interpreted as a set
                        of pairs, with the first entry of each pair
                        interpreted as a dictionary key, and
                specified in the
                        second entry interpreted as a value for that
                        key. As a result, collections using this value
                        of supa-policy-collection-type MUST have
                        supa-policy-collection-is-ordered set to true.";
                } leaf
                supa-policy-generic-decorated-encoding.";
        }
            mandatory true;
        leaf supa-policy-generic-decorated-encoding {
            type policy-data-type-encoding-list;
            description
                "The type datatype of the supa-policy-collection.";
                 supa-policy-generic-decorated-content attribute.";
        }
        description
           "This class enables a collection of arbitrary objects generic object to be defined and
            used as a decorator in a SUPA Policy Clause. This class
            should not be confused with the SUPAEncodedClause class. This class
            A SUPAGenericDecoratedComponent object represents a single, atomic,
            atomic object that defines a portion of the contents of a SUPA Policy Clause,
            SUPAPolicyClause, whereas a SUPA
            Policy Encoded Clause SUPAPolicyEncodedClause
            represents the entire policy clause."; contents of a SUPAPolicyClause.";
    }
    container supa-policy-collection-container supa-policy-generic-decorated-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyCollection."; SUPAGenericDecoratedComponent.";
        list supa-policy-collection-list supa-encoding-clause-list {
            key supa-policy-ID;
            uses supa-policy-collection; supa-policy-generic-decorated-type;
            description
                "List of all instances of supa-policy-collection.
                 supa-policy-generic-decorated-type. If a module
                 defines subclasses of this class, those will be
                 stored in a separate container.";
        }
    }

    identity POLICY-STRUCTURE-TYPE {
        base POLICY-OBJECT-TYPE;
        description
            "The identity corresponding to a SUPAPolicyStructure
             object instance.";
    }

    grouping supa-policy-structure-type {
        uses supa-policy-object-type {
            refine entity-class {
                default POLICY-STRUCTURE-TYPE;
            }
        }
        leaf supa-policy-admin-status {
            type enumeration {
                enum "unknown" "error" {
                    description
                        "This may be used as an initialization and/or signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicy if the value
                         of this attribute is error.";
                }
                enum "init" {
                    description
                        "This signifies an initialization state.";
                }
                enum "enabled" {
                    description
                        "This SUPA Policy Rule signifies that this SUPAPolicy has been
                         administratively enabled.";
                }
                enum "disabled" {
                    description
                        "This SUPA Policy Rule signifies that this SUPAPolicy has been
                         administratively disabled.";
                }
                enum "in test" {
                    description
                        "This SUPA Policy Rule signifies that this SUPAPolicy has been
                         administratively placed into test mode, and
                         SHOULD NOT be used as part of an operational
                         policy rule.";
                }
            }
            mandatory true;
            description
                "The current admnistrative status of this SUPA POLICY
                 Rule."; SUPAPolicy.";
        }
        leaf supa-policy-continuum-level {
            type uint32;
            description
                "This is the current level of abstraction of this
                 particular SUPA Policy Rule."; SUPAPolicyRule. By convention, the
                 values 0 and 1 should be used for error and
                 initialization states; a value of 2 is the most
                 abstract level, and higher values denote more
                 concrete levels.";
        }
        leaf supa-policy-deploy-status {
            type enumeration {
                enum "undefined" "error" {
                    description
                        "This may be used as an initialization and/or signifies an error state.";
                }
                enum "deployed and enabled" {
                    description
                        "This SUPA Policy Rule has been deployed and
                         enabled.";
                }
                enum "disabled" {
                    description
                        "This SUPA Policy Rule has been
                         administratively disabled.";
                }
                enum "in test" {
                    description
                        "This SUPA Policy Rule has been
                         administratively placed into test mode, and state. OAM&P Policies
                         SHOULD NOT be used as part of an operational
                         policy rule.";
                }
            }
            mandatory true;
            description
                "This is use this SUPAPolicy if the current level of abstraction value
                         of this
                 particular SUPA Policy Rule."; attribute is error.";
                }
        leaf supa-policy-exec-status {
            type enumeration {
                enum "undefined" "init" {
                    description
                        "This may be used as signifies an initialization and/or
                         an error state.";
                }
                enum "operational success" {
                    description
                        "This SUPA Policy Rule has been executed in
                         operational mode, "deployed and produced no errors.";
                }
                enum "operational failure" enabled" {
                    description
                        "This SUPA Policy Rule SUPAPolicy has been executed in
                         operational mode, but has produced at least
                         one error.";
                }
                enum "currently deployed in operation" {
                    description
                        "This SUPA Policy Rule the
                         system and is currently still
                         executing in operational mode."; enabled.";
                }
                enum "ready" "deployed and in test" {
                    description
                        "This SUPA Policy Rule SUPAPolicy has been deployed in the
                         system, but is ready to currently in test and SHOULD
                         NOT be
                         executed used in operational mode."; OAM&P policies.";
                }
                enum "test success" "deployed but not enabled" {
                    description
                        "This SUPA Policy Rule SUPAPolicy has been executed deployed in
                         test mode, and produced no errors."; the
                         system, but has been administratively
                         disabled.";
                }
                enum "test failure" "ready to be deployed" {
                    description
                        "This SUPA Policy Rule SUPAPolicy has been executed in
                         test mode, but has produced at least
                         one error."; properly initialized,
                         and is now ready to be deployed.";
                }
                enum "currently in test" "cannot be deployed" {
                    description
                        "This SUPA Policy Rule is currently still
                         executing in test mode."; SUPAPolicy has been administratively
                         disabled, and SHOULD NOT be used as part of
                         an OAM&P policy.";
                }
            }
            mandatory true;
            description
                "This is the current level of abstraction of attribute defines whether this
                 particular SUPA Policy Rule."; SUPAPolicy has
                 been deployed and, if so, whether it is enabled and
                 ready to be used or not.";
        }
        leaf supa-policy-exec-fail-strategy {
            type enumeration {
                enum "undefined" "error" {
                    description
                        "This may be used as an initialization and/or signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicy if the value
                         of this attribute is error.";
                }
                enum "init" {
                    description
                        "This signifies an initialization state.";
                }
                enum "rollback all" {
                    description
                        "This means that execution of this SUPA
                         Policy Rule is SUPAPolicy
                         SHOULD be stopped, and rollback of all
                         actions
                         SUPAPolicyActions (whether successful they were
                         successfully executed or not) performed by
                         this particular SUPAPolicy is
                         attempted, and attempted. Also,
                         all SUPA Policy Rules SUPAPolicies that otherwise would have
                         been executed as a result of this SUPAPolicy
                         are ignored."; NOT executed.";
                }
                enum "rollback failure" single" {
                    description
                        "This means that execution of this SUPA
                         Policy Rule is SUPAPolicy
                         SHOULD be stopped, and rollback is attempted
                         for only ONLY the SUPA Policy Rule SUPAPolicyAction (belonging to
                         this particular SUPAPolicy) that failed to
                         execute correctly."; correctly. All remaining actions
                         including SUPAPolicyActions and SUPAPolicies
                         that otherwise would have been executed as a
                         result of this SUPAPolicy, are NOT executed.";
                }
                enum "stop execution" {
                    description
                        "This means that execution of this SUPA Policy
                         Rule SUPAPolicy
                         SHOULD be stopped."; stopped without any other action
                         being performed; this includes corrective
                         actions, such as rollback, as well as any
                         SUPAPolicyActions or SUPAPolicies that
                         otherwise would have been executed.";
                }
                enum "ignore" {
                    description
                        "This means that any failures produced by this
                         SUPA Policy Rule
                         SUPAPolicy SHOULD be ignored, and hence, no
                         corrective actions, such as rollback, will
                         be performed at this time. Hence, any other
                         SUPAPolicyActions or SUPAPolicies SHOULD
                         continue to be ignored."; executed.";
                }
            }
            mandatory true;
            description
                "This defines what actions, if any, should be taken by
                 this particular SUPA Policy Rule if it fails to
                 execute correctly. Some implementations may not be
                 able to accommodate the rollback failure option;
                 hence, this option may be skipped.";
        }
        leaf-list supa-has-policy-source-agg supa-has-policy-source-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-SOURCE-ASSOC)";
            description
                "The SUPAPolicyStructure (i.e., the type of SUPA
                 Policy Rule) object instance
                "This leaf-list holds instance-identifiers that aggregates
                 reference SUPAHasPolicySource associations [1].
                 This association is represented by the grouping
                 supa-has-policy-source-detail, and describes how
                 this set SUPAPolicyStructure instance is related to a
                 set of SUPAPolicySource object instances. This Each
                 SUPAPolicySource instance defines the object class that a set of
                 unambiguous sources of this SUPAPolicy. Since
                 this association class contains attributes, the
                 instance-identifier
                 points to."; MUST point to an instance using
                 the grouping supa-has-policy-source-detail (which
                 includes subclasses of this association class).";
        }
        leaf-list supa-has-policy-target-agg supa-has-policy-target-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-TARGET-ASSOC)";

            description
                "This represents the aggregation of Policy Target
                 objects by this particular SUPA Policy Rule. It leaf-list holds instance-identifiers that
                 reference SUPAHasPolicyTarget associations [1].
                 This association is represented by the grouping
                 supa-has-policy-target-detail, and describes how
                 this SUPAPolicyStructure object instance that
                 aggregates this is related to a
                 set of SUPAPolicyTarget object instances. This Each
                 SUPAPolicyTarget instance defines the object class that a set of
                 unambiguous managed entities to which this
                 SUPAPolicy will be applied to. Since this association
                 class contains attributes, the instance-identifier points to.";
                 MUST point to an instance using the grouping
                 supa-has-policy-target-detail (which includes
                 subclasses of this association class).";
        }
        leaf-list supa-has-policy-clause-agg supa-has-policy-clause-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-CLAUSE-ASSOC)";
            description
                "The
                "This leaf-list holds instance-identifiers that
                 reference SUPAHasPolicyClause associations [1]. This
                 association is represented by the grouping
                 supa-has-policy-clause-detail. This association
                 describes how this particular SUPAPolicyStructure object
                 instance that
                 aggregates is related to this set of SUPAPolicyClause object
                 instances. Since this association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the supa-has-policy-clause-detail
                 (which includes subclasses of this association
                 class).";
        }
        leaf-list supa-has-policy-exec-fail-action-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)";
            description
                "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolExecFailtActionToTake
                 association [1]. This defines association is represented by
                 the supa-has-policy-exec-action-detail grouping. This
                 association relates this SUPAPolicyStructure instance
                 (the parent) to one or more SUPAPolicyStructure
                 instances (the children), where each child
                 SUPAPolicyStructure contains one or more
                 SUPAPolicyActions to be executed if the parent
                 SUPAPolicyStructure instance generates an error while
                 it is executing. Since this association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the object class that grouping
                 supa-has-policy-exec-action-detail (which includes
                 subclasses of this instance-identifier points to."; association class).";
        }
        leaf-list supa-has-policy-exec-action-assoc-src-ptr supa-has-policy-exec-fail-action-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)";
            min-elements 1;
            description
                "This associates leaf-list holds instance-identifiers that
                 reference a SUPAHasPolExecFailtActionToTake
                 association [1]. This association is represented by
                 the supa-has-policy-exec-action-detail grouping. This
                 association relates this SUPAPolicyStructure (i.e., a SUPA
                 Policy Rule) object instance
                 (the child) to zero another SUPAPolicyStructure instance
                 (the parent). The child SUPAPolicyStructure contains
                 one or more SUPA
                 Policy Actions SUPAPolicyActions to be used to correct errors caused executed if
                 this SUPA Policy Rule does not execute correctly.";
        }
        leaf-list supa-has-policy-exec-action-assoc-dst-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)";
            min-elements 1;
            description
                "The set of zero the
                 parent SUPAPolicyStructure instance generates an error
                 while it is executing; the parent SUPAPolicyStructure
                 contains one or more SUPA Policy Actions child SUPAPolicyStructure
                 instances to be used
                 by enable it to choose how to handle each
                 type of failure. Since this particular SUPAPolicyStructure (i.e., SUPA
                 Policy Rule association class contains
                 attributes, the instance-identifier MUST point to correct errors caused if an
                 instance using the grouping
                 supa-has-policy-exec-action-detail (which includes
                 subclasses of this SUPA
                 Policy Rule does not execute correctly."; association class).";
        }
        description
           "A superclass for all objects that represent different types
            of Policy Rules. SUPAPolicies. Currently, this is limited to a single
            type -
            type, which is the event-condition-action (ECA) policy rule. Policy
            Rule. A SUPA Policy may be an individual policy, or a set
            of policies. This is supported Subclasses MAY support this feature by applying
            implementing the composite
            pattern to this class."; pattern.";
    }

    identity POLICY-SOURCE-TYPE {
        base POLICY-OBJECT-TYPE;
        description
            "The identity corresponding to a SUPAPolicySource
             object instance.";
    }

    grouping supa-policy-source-type {
        uses supa-policy-object-type {
            refine entity-class {
                default POLICY-SOURCE-TYPE;
            }
        }
        leaf-list supa-has-policy-source-part supa-has-policy-source-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-SOURCE-ASSOC)";
            description
                "This represents leaf-list holds the aggregation of one or more SUPA
                 Policy Source objects to this particular SUPA Policy
                 Rule object. In other words, it instance-identifiers that
                 reference a SUPAHasPolicySource association [1], which
                 is represented by the set of supa-has-policy-source-detail
                 grouping. This association describes how each
                 SUPAPolicySource object instances that are aggregated
                 by instance is related to this
                 particular SUPAPolicyStructure (i.e., instance. Since
                 this SUPA Policy
                 Rule). This defines the object association class that this contains attributes, the
                 instance-identifier points to."; MUST point to an instance using
                 the grouping supa-has-policy-source-detail (which
                 includes subclasses of this association class).";
        }
        description
           "This object defines a set of managed entities that
            authored, or are otherwise responsible for, this SUPA
            Policy Rule.
            SUPAPolicy. Note that a SUPA Policy Source SUPAPolicySource does not evaluate
            or execute SUPAPolicies. Its primary use is for
            auditability and the implementation implementation of deontic and/or
            alethic logic. It is expected that this grouping will be
            extended (i.e., subclassed) when used, so that the system
            can add specific information appropriate to sources of deontic and/or
            alethic logic.";
            policy of that particular system.";
    }

    identity POLICY-TARGET-TYPE {
        base POLICY-OBJECT-TYPE;
        description
            "The identity corresponding to a SUPAPolicyTarget
             object instance.";
    }

    grouping supa-policy-target-type {
        uses supa-policy-object-type {
            refine entity-class {
                default POLICY-TARGET-TYPE;
            }
        }
        leaf-list supa-has-policy-target-part supa-has-policy-target-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-TARGET-ASSOC)";
            description
                "This represents leaf-list holds instance-identifiers that
                 reference a SUPAHasPolicyTarget association. This is
                 represented by the aggregation of one or more SUPA
                 Policy Target objects supa-has-policy-target-detail
                 grouping. This association describes how each
                 SUPAPolicyTarget instance is related to this a particular SUPA Policy
                 Rule object. In other words, it is the set of
                 SUPAPolicyStructure instance. For example, this
                 association may restrict which SUPAPolicyTarget object
                 instances that are aggregated can be used by this which SUPAPolicyStructure (i.e., this SUPA Policy
                 Rule). This
                 instances. The SUPAPolicyTarget defines the object class a
                 set of managed entities that this SUPAPolicyStructure
                 will be applied to. Since this association class
                 contains attributes, the instance-identifier points to."; MUST
                 point to an instance using the grouping
                 supa-has-policy-target-detail (which
                 includes subclasses of this association class).";
        }
        description
           "This object defines a set of managed entities that a
            SUPA Policy Rule
            SUPAPolicy is applied to."; to.  It is expected that this
            grouping will be extended (i.e., subclassed) when used,
            so that the system can add specific information
            appropriate to policy targets of that particular system.";
    }

    identity POLICY-METADATA-TYPE {
        description
            "The identity corresponding to a SUPAPolicyMetadata
             object instance.";
    }

    grouping supa-policy-metadata-type {
        leaf supa-policy-metadata-id {
            type string;
            mandatory true;
            description
                "This represents part of the object identifier of an instance
                 of this class. It defines This attribute is named
                 supaPolMetadataIDContent in [1], and is used with
                 another attribute (supaPolMetadataIDEncoding); since
                 the content of YANG data model does not need this genericity, the
                 object identifier.";
                 supaPolMetadataIDContent attribute was renamed, and
                 the supaPolMetadataIDEncoding attribute was
                 not mapped.";
        }
        leaf entity-class {
            type identityref {
                base POLICY-METADATA-TYPE;
            }
            default POLICY-METADATA-TYPE;
            description
               "The identifier of the class of this grouping.";
        }
        leaf supa-policy-metadata-id-encoding {
            type policy-data-type-id-encoding-list;
            mandatory true;
            description
                "This represents part of the object identifier of an
                 instance of this class. It defines the format of the
                 object identifier.";
        }
        leaf supa-policy-metadata-description {
            type string;
            description
                "This contains a free-form textual description of this
                 metadata object."; object (e.g., what it may be used for).";
        }
        leaf supa-policy-metadata-name {
            type string;
            description
                "This contains a human-readable name for this
                 metadata object.";
        }
        leaf-list supa-has-policy-metadata-part supa-has-policy-metadata-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-METADATA-ASSOC)";
            description
                "This represents leaf-list holds instance-identifiers that
                 reference a SUPAHasPolicyMetadata association [1],
                 which is represented by the grouping
                 supa-has-policy-metadata-detail. Each instance-
                 identifier defines a unique set of information that
                 describe and/or prescribe additional information,
                 provided by this SUPAPolicyMetadata object
                 instances instance, that can
                 be associated with this SUPAPolicyObject instance.
                 Multiple SUPAPolicyMetadata objects may be attached to
                 a concrete subclass of the SUPAPolicyObject class that are aggregated by
                 is referenced in this SUPAPolicyObject
                 object association by using the
                 Decorator pattern [1]. For example, a
                 SUPAPolicyVersionMetadataDef instance (i.e., could wrap a
                 SUPAECAPolicyRuleAtomic instance; this is would define
                 the set version of policy
                 metadata aggregated by this SUPAPolicyObject). As
                 there are attributes on particular SUPAECAPolicyRuleAtomic
                 instance. Since this association, association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the grouping
                 supa-has-policy-metadata-detail (which includes the
                 subclasses of the this association class).";
        }
        leaf supa-policy-metadata-decorator-part
        leaf-list supa-has-policy-metadata-dec-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)";
            mandatory true;
                   SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)";
            min-elements 1;
            description
                "This object implements the decorator pattern, which leaf-list holds instance-identifiers that
                 reference a SUPAHasMetadaDecorator association [1].
                 This association is
                applied to SUPA metadata objects. represented by the grouping
                 supa-has-policy-metadata-dec-detail. This enables all or
                part association
                 describes how a SUPAPolicyMetadataDecorator instance
                 wraps a given SUPAPolicyMetadata instance using the
                 Decorator pattern [1]. Multiple concrete subclasses
                 of one or more metadata objects SUPAPolicyMetadataDecorator may be used to wrap another
                concrete metadata object.";
                 the same SUPAPolicyMetadata instance. Since this
                 association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-metadata-dec-detail (which
                 includes subclasses of this association class).";
        }
        description
           "This is the superclass of all metadata classes. Metadata
            is information that describes and/or prescribes the
            characteristics and behavior of another object that is
            not an inherent, distinguishing characteristics or
            behavior of that object.";
    }

    identity POLICY-METADATA-CONCRETE-TYPE {
        base POLICY-METADATA-TYPE;
        description
            "The identity corresponding to a SUPAPolicyConcreteMetadata
             object instance.";
    }

    grouping supa-policy-concrete-metadata-type {
        uses supa-policy-metadata-type {
            refine entity-class {
                default POLICY-METADATA-TYPE; POLICY-METADATA-CONCRETE-TYPE;
            }
        }
        leaf supa-policy-metadata-valid-period-end {
            type yang:date-and-time;
            description
                "This defines the ending date and time that this
                 metadata object is valid for.";
        }
        leaf supa-policy-metadata-valid-period-start {
            type yang:date-and-time;
            description
                "This defines the starting date and time that this
                 metadata object is valid for.";
        }
        description
           "This is a concrete class that will be wrapped by concrete
            instances of the SUPA Policy Metadata Decorator class. It
            can be viewed as a container for metadata that will be
            attached to a subclass of SUPA Policy Object. It may
            contain all or part of one or more metadata subclasses.";
    }
    container supa-policy-concrete-metadata-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyConcreteMetadata.";
        list supa-policy-concrete-metadata-list {
            key supa-policy-metadata-id;
            uses supa-policy-concrete-metadata-type;
            description
                "A list of all supa-policy-metadata instances in the
                 system.";
        }
    }

    identity POLICY-METADATA-DECORATOR-TYPE {
        base POLICY-METADATA-TYPE;
        description
            "The identity corresponding to a
             SUPAPolicyMetadataDecorator object instance.";
    }

    grouping supa-policy-metadata-decorator-type {
        uses supa-policy-metadata-type {
            refine entity-class {
                default POLICY-METADATA-DECORATOR-TYPE;
            }
        }
        leaf-list supa-policy-metadata-decorator-agg
        leaf supa-has-policy-metadata-dec-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                   SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)";
            max-elements 1;
                   SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)";
            description
                "This represents the decorator pattern being applied to
                 metadata. leaf-list holds instance-identifiers that
                 reference a SUPAHasMetadaDecorator association [1].
                 This association is represented by the aggregate part (i.e., the
                 concrete subclass of the grouping
                 supa-has-policy-metadata-dec-detail. This association
                 describes how a SUPAPolicyMetadataDecorator
                 class that instance
                 wraps a given SUPAPolicyMetadata instance
                 using the Decorator pattern [1]. Multiple concrete subclass
                 subclasses of
                 SUPAPolicyMetadata; currently, SUPAPolicyMetadataDecorator may be used
                 to wrap the only such same SUPAPolicyMetadata instance. Since
                 this association class is
                 SUPAPolicyConcreteMetadata)."; contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-metadata-dec-detail (which
                 includes subclasses of this association class).";
        }
        description
            "This object implements the decorator pattern, Decorator pattern [1] for SUPA,
             which is applied to SUPA metadata objects. This enables all
             or part of one or more metadata objects to wrap another
             concrete metadata object."; object. The only concrete subclass of
             SUPAPolicyMetadata in this document is the
             SUPAPolicyConcreteMetadata class.";
    }

    identity POLICY-METADATA-DECORATOR-ACCESS-TYPE {
        base POLICY-METADATA-DECORATOR-TYPE;
        description
            "The identity corresponding to a
             SUPAPolicyAccessMetadataDef object instance.";
    }

    grouping supa-policy-metadata-decorator-access-type {
        uses supa-policy-metadata-decorator-type {
            refine entity-class {
                default POLICY-METADATA-DECORATOR-ACCESS-TYPE; POLICY-METADATA-TYPE;
            }
        }
        leaf supa-policy-metadata-access-priv-def {
            type enumeration {
                enum "error" {
                    description
                        "This signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicyAccessMetadataDef
                         if the value of this attribute is error.";
                }
        leaf supa-policy-metadata-access-priv-def {
            type enumeration {
                enum "undefined" "init" {
                    description
                        "This may be used as signifies an initialization and/or
                         an error state.";
                }
                enum "read only" {
                    description
                        "This defines access as read only for ALL SUPA
                         Policy object instances
                         SUPAPolicyObject objects that are adorned
                         with this metadata object."; SUPAPolicyAccessMetadataDef object.
                         As such, an explicit access control model,
                         such as RBAC [7], is NOT present.";
                }
                enum "read write" {
                    description
                        "This defines access as read and/or write for
                         ALL SUPA Policy object instances SUPAPolicyObject objects that are adorned
                         with this metadata object."; SUPAPolicyAccessMetadataDef object.
                         As such, an explicit access control model,
                         such as RBAC [7], is NOT present.";
                }
                enum "specified by MAC" {
                    description
                        "This defines access as defined by uses an external Mandatory Access Control model.
                         (MAC) [7] model to define access control for
                         ALL SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         The name and location of this access control
                         model are specified specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this metadata SUPAPolicyAccessMetadataDef
                         object.";
                }
                enum "specified by DAC" {
                    description
                        "This defines access as defined by uses an external Discretionary Access
                         Control model. (DAC) [7] model to define access
                         control for ALL SUPAPolicyObject objects that
                         are adorned with this
                         SUPAPolicyAccessMetadataDef object. The name
                         and location of this access control model are specified
                         specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this metadata SUPAPolicyAccessMetadataDef
                         object.";
                }
                enum "specified by RBAC" {
                    description
                        "This defines access as defined by uses an external
                         Role Based Role-Based Access Control model.
                         (RBAC) [7] model to define access control for
                         ALL SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         The name and location of this access control
                         model are specified specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this metadata SUPAPolicyAccessMetadataDef
                         object.";
                }
                enum "specified by ABAC" {
                    description
                        "This defines access as defined by uses an external
                         Attribute Based Attribute-Based Access
                         Control model. (ABAC) [8] model to define access
                         control for ALL SUPAPolicyObject objects that
                         are adorned with this
                         SUPAPolicyAccessMetadataDef object. The name
                         and location of this access control model are specified
                         specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this metadata SUPAPolicyAccessMetadataDef
                         object.";
                }
                enum "specified by custom" {
                    description
                        "This defines access as defined by uses an external Custom Access Control model.
                         model to define access control for ALL
                         SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         The name and location of this access control
                         model are specified specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this metadata SUPAPolicyAccessMetadataDef
                         object.";
                }
            }
            description
                "This defines the type of access control model that is
                 used by this SUPAPolicyObject object instance.";
        }
        leaf supa-policy-metadata-access-priv-model-name {
            type string;
            description
                "This contains the name of the access control model
                 being used. If the value of the
                 supa-policy-metadata-access-priv-model-ref is 0-2,
                 error, then this SUPAPolicyAccessMetadataDef object
                 MUST NOT be used. If the value of the
                 supa-policy-metadata-access-priv-model-ref is init,
                 then this SUPAPolicyAccessMetadataDef object has been
                 properly initialized, and is ready to be used. If the
                 value of the supa-policy-metadata-access-priv-model-ref
                 is read only or read write, then the value of this
                 attribute is not applicable. applicable (because a type of model
                 is NOT being defined; instead, the access control for
                 all SUPAPolicyObjects is being defined). Otherwise,
                 the text in this class attribute should SHOULD be interpreted
                 according to the value of the
                 supa-policy-metadata-access-priv-model-ref class
                 attribute.";
        }
        leaf supa-policy-metadata-access-priv-model-ref {
            type enumeration {
                enum "undefined" "error" {
                    description
                        "This can be used for either initialization
                        or for signifying signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicyAccessMetadataDef
                         object if the value of this attribute is
                         error.";
                }
                enum "init" {
                    description
                        "This signifies an initialization state.";
                }
                enum "URI"  {
                    description
                        "The clause access control model is referenced by
                         this URI.";
                }
                enum "GUID"  {
                    description
                        "The clause access control model is referenced by
                         this GUID.";
                }
                enum "UUID"  {
                    description
                        "The clause access control model is referenced by
                         this UUID.";
                }
                enum "FQDN"  {
                    description
                        "The clause access control model is referenced by
                         this FQDN.";
                }
                enum "FQPN"  {
                    description
                        "The access control model is referenced by
                         this FQPN.";
                }
                enum "string_instance_id" {
                    description
                        "A string that is the canonical representation,
                         in ASCII, of an instance ID of this object.";
                }
            }
            description
                "This defines the data type of the
                 supa-policy-metadata-access-priv-model-name
                 attribute.";
        }
        description
            "This is a concrete class that defines metadata for access
             control information that can be added to a SUPA Policy
             object. any
             SUPAPolicyObject object instance.

             This is done using the SUPAHasPolicyMetadata
             aggregation."; association
             in conjunction with the Decorator pattern [1].";
    }

    container supa-policy-metadata-decorator-access-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyAccessMetadataDef.";
        list supa-policy-metadata-decorator-access-list {
            key supa-policy-metadata-id;
            uses supa-policy-metadata-decorator-type;
            description
                "A list of all supa-policy-metadata-decorator-access
                instances in the system.  Instances of subclasses
                will be in a separate list.";
        }
    }

    identity POLICY-METADATA-DECORATOR-VERSION-TYPE {
        base POLICY-METADATA-DECORATOR-TYPE;
        description
            "The identity corresponding to a
             SUPAPolicyVersionMetadataDef object instance.";
    }

    grouping supa-policy-metadata-decorator-version-type {
        uses supa-policy-metadata-decorator-type {
            refine entity-class {
                default POLICY-METADATA-DECORATOR-VERSION-TYPE;
            }
        }
        leaf supa-policy-metadata-version-major supa-policy-metadata-version-major {
            type string;
            description
                "This contains a string representation of an integer
                 that is greater than or equal to zero. It indicates
                 that a significant increase in functionality is present
                 in this version. It MAY also indicate that this version
                 has changes that are NOT backwards-compatible (the
                 supa-policy-metadata-version-build class attribute is
                 used to denote such changes). The string 0.1.0
                 defines an initial version that MUST NOT be considered
                 stable. Improvements to this initial version are
                 denoted by incrementing the minor and patch class
                 attributes (supa-policy-metadata-version-major and
                 supa-policy-metadata-version-patch, respectively). The
                 major version X (i.e., X.y.z, where X > 0) MUST be
                 incremented if any backwards-incompatible changes are
                 introduced. It MAY include minor and patch level
                 changes. The minor and patch version numbers MUST be
                 reset to 0 when the major version number is
                 incremented.";
        }
        leaf supa-policy-metadata-version-minor {
            type string;
            description
                "This contains a string representation of an integer
                 that is greater than or equal to zero. It indicates
                 that this release contains a set of features and/or
                 bug fixes that MUST be backwards-compatible. The
                 minor version Y (i.e., x.Y.z, where x > 0) MUST be
                 incremented if new, backwards-compatible changes are
                 introduced. It MUST be incremented if any features are
                 marked as deprecated. It MAY be incremented if new
                 functionality or improvements are introduced, and MAY
                 include patch level changes. The patch version number
                 MUST be reset to 0 when the minor version number is
                 incremented.";
        }
        leaf supa-policy-metadata-version-patch {
            type string;
            description
                "This contains a string (typically representing representation of an integer in the overall version format)
                 that indicates
                 a significant increase in functionality is present in greater than or equal to zero. It indicates
                 that this version."; version contains ONLY bug fixes. The patch
                 version Z (i.e., x.y.Z, where x > 0) MUST be
                 incremented if new, backwards-compatible changes are
                 introduced. A bug fix is defined as an internal change
                 that fixes incorrect behavior.";
        }
        leaf supa-policy-metadata-version-minor supa-policy-metadata-version-prerelease {
            type string;
            description
                "This contains a string (typically representing an
                 integer in that defines the overall pre-release
                 version. A pre-release version format) that indicates
                 that this release contains MAY be denoted by
                 appending a set hyphen and a series of features and/or bug
                 fixes dot-separated
                 identifiers immediately following the patch version.
                 Identifiers MUST comprise only ASCII alphanumerics and
                 a hyphen. Identifiers MUST NOT be empty. Numeric
                 identifiers MUST NOT include leading zeroes.
                 Pre-release versions have a lower precedence than the
                 associated normal version. A pre-release version
                 indicates that collectively do the version is unstable and might not warrant incrementing
                 satisfy the
                 supa-policy-metadata-version-major attribute."; intended compatibility requirements as
                 denoted by its associated normal version. Examples
                 include: 1.0.0-alpha and 1.0.0-0.3.7.";
        }
        leaf supa-policy-metadata-version-rel-type supa-policy-metadata-version-build {
            type enumeration {
                enum "undefined" { string;
            description
                "This can contains a string that defines the metadata of
                 this build. Build metadata is optional. If present,
                 build metadata MAY be used for denoted by appending a plus
                 (+) sign to the version, followed by a series of
                 dot-separated identifiers. This may follow either initialization
                 the patch or for signifying an error."; pre-release portions of the version.
                 If build metadata is present, then any identifiers
                 that it uses MUST be made up of only ASCII
                 alphanumerics and a hyphen. The identifier portion of
                 the build metadata MUST NOT be empty. Build metadata
                 SHOULD be ignored when determining version precedence.
                 Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1,
                 1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85.";
        }
                enum "internal" {
        description
            "This indicates is a concrete class that defines metadata for version
             control information that can be added to any
             SUPAPolicyObject. This is done using the
             SUPAHasPolicyMetadata association. This class uses the
             Semantic Versioning Specification [6] as follows:
               <major>.<minor>.<patch>[<pre-release>][<build-metadata>]
             where the first three components (major, minor, and patch)
             MUST be present, and the latter two components (pre-release
             and build-metadata) MAY be present. A version number MUST
             take the form <major>.<minor>.<patch>, where <major>,
             <minor>, and <patch> are each non-negative integers that
             MUST NOT contain leading zeros. In addition, the value of
             each of these three elements MUST increase numerically.
             In this approach, supaVersionMajor denotes a new release;
             supaVersionMinor denotes a minor release; supaVersionPatch
             denotes a version should only that consists ONLY of bug fixes. Version
             precedence MUST be used calculated by separating the version
             into major, minor, patch, and pre-release identifiers, in
             that order. See [1] for internal (development) purposes."; more information.";
    }
                enum "alpha"

    container supa-policy-metadata-decorator-version-container {
        description
            "This indicates that this version is considered a container to collect all object instances of
             type SUPAPolicyVersionMetadataDef.";
        list supa-policy-metadata-decorator-version-list {
            key supa-policy-metadata-id;
            uses supa-policy-metadata-decorator-type;
            description
                "A list of all supa-policy-metadata-decorator-version
                instances in the system. Instances of subclasses
                will be alpha quality."; in a separate list.";
        }
                enum "beta"
    }
    identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE {
        base POLICY-COMPONENT-TYPE;
        description
                        "This indicates that this version is considered
            "The identity corresponding to be beta quality."; a
             SUPAHasPolicyMetadataDetail association class
             object instance.";
    }
                enum "release candidate"

    grouping supa-has-policy-metadata-detail {
        uses supa-policy-object-type {
            refine entity-class {
               default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE;
            }
        }
        leaf supa-has-policy-metadata-detail-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-OBJECT-TYPE)";
            description
                "This indicates leaf is an instance-identifier that references
                 the SUPAPolicyObject instance end point of the
                 association represented by this version instance of the
                 SUPAHasPolicyMetadata association [1]. The groupings
                 supa-policy-object-type and supa-policy-metadata-type
                 represent the SUPAPolicyObject and SUPAPolicyMetadata
                 classes, respectively. Thus, the instance identified
                 by this leaf is considered the SUPAPolicyObject instance that is
                 associated by this association to be a candidate for full production."; the set of
                 SUPAPolicyMetadata instances referenced by the
                 supa-has-policy-metadata-detail-part-ptr leaf of
                 this grouping.";
        }
                enum "release production"
        leaf supa-has-policy-metadata-detail-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-METADATA-TYPE)";
            description
                "This indicates leaf is an instance-identifier that references
                 the SUPAPolicyMetadata instance end point of the
                 association represented by this version instance of the
                 SUPAHasPolicyMetadata association [1]. The groupings
                 supa-policy-object-type and supa-policy-metadata-type
                 represents the SUPAPolicyObject and SUPAPolicyMetadata
                 classes, respectively. Thus, the instance
                 identified by this leaf is considered the SUPAPolicyMetadata
                 instance that is associated by this association to be ready for full production.";
                 the set of SUPAPolicyObject instances referenced by
                 the supa-has-policy-metadata-detail-agg-ptr leaf of
                 this grouping.";
        }
                enum "maintenance"
        leaf supa-policy-metadata-detail-is-applicable {
            type boolean;
            description
                "This indicates that this version attribute controls whether the associated
                 metadata is currently considered applicable to this
                 SUPAPolicyObject; this enables metadata to be for maintenance purposes.";
                }
            }
            description
                "This defines turned
                 on and off when needed without disturbing the type
                 structure of this version's release."; the object that the metadata applies to,
                 or affecting other objects in the system.";
        }
        leaf supa-policy-metadata-version-rel-type-num
        leaf-list supa-policy-metadata-detail-constraint {
            type string;
            description
                "This contains a string (typically representing an
                 integer
                "A list of constraints, expressed as strings, in
                 the overall version format) that indicates
                 a significant increase in functionality is present in language defined by the
                 supa-policy-metadata-detail-encoding attribute.
                 If there are no constraints on using this version.";
                 SUPAPolicyMetadata object with this particular
                 SUPAPolicyObject object, then this leaf-list will
                 consist of a list of a single null string.";
        }
        leaf supa-policy-metadata-detail-constraint-encoding {
            type policy-constraint-language-list;
            description
                "The language used to encode the constraints relevant
                 to the relationship between the SUPAPolicyMetadata
                 object and the underlying SUPAPolicyObject.";
        }
        description
            "This is a concrete association class that defines metadata for version
             control information that can be added to a SUPA Policy
             object. This is done using the
             semantics of the SUPAHasPolicyMetadata
             aggregation."; association. This
             enables the attributes and relationships of the
             SUPAHasPolicyMetadataDetail class to be used to constrain
             which SUPAPolicyMetadata objects can be associated by
             this particular SUPAPolicyObject instance.";
    }

    container supa-policy-metadata-decorator-version-container supa-policy-metadata-detail-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyVersionMetadataDef."; SUPAPolicyMetadataDetail.";
        list supa-policy-metadata-decorator-version-list supa-policy-metadata-detail-list {
            key supa-policy-metadata-id; supa-policy-ID;
            uses supa-policy-metadata-decorator-type; supa-has-policy-metadata-detail;
            description
                "A
                "This is a list of all supa-policy-metadata-decorator-version supa-policy-metadata-detail
                instances in the system.  Instances of subclasses
                will be in a separate list."; list. Note that this association
                class is made concrete for exemplary purposes.  To be
                useful, it almost certainly needs refinement.";
        }
    }
    identity SUPA-HAS-POLICY-METADATA-ASSOC SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC {
        base POLICY-COMPONENT-TYPE;
        description
            "The identity corresponding to a
             SUPAHasPolicyMetadataDetail
             SUPAHasDecoratedPolicyComponentDetail association class
             object instance.";
    }

    grouping supa-has-policy-metadata-detail supa-has-decorator-policy-component-detail {
        uses supa-policy-object-type {
            refine entity-class {
               default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC;
            }
        }
        leaf supa-policy-ID supa-has-policy-component-decorator-agg-ptr {
            type string; instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                   POLICY-COMPONENT-DECORATOR-TYPE)";
            description
                "This leaf is a globally unique ID for this association
                 instance in an instance-identifier that references
                 the overall policy system.";
        }
        leaf entity-class {
            type identityref {
                base SUPA-HAS-POLICY-METADATA-ASSOC;
            }
            default SUPA-HAS-POLICY-METADATA-ASSOC;
            description
                "The identifier SUPAPolicyComponentDecorator instance end point of
                 the class association represented by this instance of the
                 SUPAHasDecoratedPolicyComponent association [1]. The
                 groupings supa-policy-component-decorator-type and
                 supa-policy-component-structure-type represent the
                 SUPAPolicyComponentDecorator and
                 SUPAPolicyComponentStructure classes, respectively.
                 Thus, the instance identified by this assocation.";
        } leaf supa-has-policy-metadata-object-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-OBJECT-TYPE)";
            description
                "This is a reference from the SUPAPolicyObject object
                 SUPAPolicyComponentDecorator instance that is aggregating SUPAPolicyMetadata object
                 instances using the SUPAHasPolicyMetadata aggregation.
                 This SUPAPolicyMetadataDetail
                 associated by this association class is
                 used to define part of the semantics set of the
                 SUPAHasPolicyMetadata aggregation. For example, it can
                 define which SUPAPolicyMetadata object
                 SUPAPolicyComponentStructure instances can
                 be aggregated referenced by
                 the supa-has-policy-component-decorator-part-ptr leaf
                 of this particular SUPAPolicyObject
                 object instance."; grouping.";
        }
        leaf supa-has-policy-metadata-ptr supa-has-policy-component-decorator-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-METADATA-TYPE)";
                   POLICY-COMPONENT-TYPE)";
            description
                "This leaf is a reference from the SUPAPolicyMetadata object
                 instance(s) an instance-identifier that are being aggregated references
                 the SUPAPolicyComponentStructure instance end point of
                 the association represented by this
                 SUPAPolicyObject object instance using of the
                 SUPAHasPolicyMetadata aggregation. The class
                 SUPAPolicyMetadataDetail
                 SUPAHasDecoratedPolicyComponent association class is used to
                 define part of [1]. The
                 groupings supa-policy-component-decorator-type and
                 supa-policy-component-structure-type represent the semantics of
                 SUPAPolicyComponentDecorator and
                 SUPAPolicyComponentStructure classes, respectively.
                 Thus, the
                 SUPAHasPolicyMetadata aggregation. For example, it can
                 define which SUPAPolicyMetadata object instances can
                 be aggregated instance identified by this particular SUPAPolicyObject
                 object instance.";
        } leaf supa-policy-metadata-detail-is-applicable {
            type boolean;
            description
                "This attributes controls whether is the associated
                 metadata
                 SUPAPolicyComponentStructure instance that is currently considered applciable to this
                 policy object;
                 associated by this enables metadata association to be turned on
                 and off when needed without disturbing the structure set of
                 SUPAPolicyComponentStructure instances referenced by
                 the object that the metadata applies to."; supa-has-policy-component-decorator-agg-ptr leaf
                 of this grouping.";
        }
        leaf-list supa-policy-metadata-detail-constraint supa-has-decorator-constraint {
            type string;
            description
                "A list constraint expression applying to this association
                 between a SUPAPolicyComponentDecorator and the
                 decorated component (which is a concrete subclass of constraints, expressed
                 the SUPAPolicyComponentStructure class, such as strings
                in
                 SUPAEncodedClause or SUPABooleanClauseAtomic). The
                 supa-has-decorator-constraint-encoding attribute
                 specifies the language defined by used to write the
                supa-policy-metadata-detail-encoding."; set of
                 constraint expressions.";
        }
        leaf supa-policy-metadata-detail-encoding supa-has-decorator-constraint-encoding {
            type string; policy-constraint-language-list;
            description
                "The langauge language used to encode the constraints relevant
                 to the relationship between the metadata
                and the underlying policy object.";
                 SUPAPolicyComponentDecorator and the
                 SUPAPolicyComponentStructure object instances.";
        }
        description
            "This is a concrete association class that defines the
             semantics of the SUPAPolicyMetadata aggregation. This
             enables the attributes and relationships SUPAHasDecoratedPolicyComponent
             association. The purpose of the
             SUPAPolicyMetadataDetail this class is to be used use the
             Decorator pattern [1] to constrain detemine which SUPAPolicyMetadata objects can be aggregated by
             this particular SUPAPolicyObject instance.";
             SUPAPolicyComponentDecorator object instances, if any,
             are required to augment the functionality of a concrete
             subclass of SUPAPolicyClause that is being used.";
    }

    container supa-policy-metadata-detail-container supa-policy-component-decorator-detail-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyMetadataDetail."; SUPAPolicyComponentDecoratorDetail.";
        list supa-policy-metadata-detail-list supa-policy-component-decorator-detail-list {
            key supa-policy-ID;
            uses supa-has-policy-metadata-detail; supa-has-decorator-policy-component-detail;
            description
                "This is a list of all supa-policy-metadata-detail
                instances in the system.  Instances of subclasses
                will be in a separate list.
                Note that this policy is made concrete for exemplary
                purposes.  To be useful, it almost certainly needs
                refinement.";
                 supa-policy-component-decorator-details.";
        }
    }
    identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC SUPA-HAS-POLICY-SOURCE-ASSOC {
        base POLICY-OBJECT-TYPE;
        description
            "The identity corresponding to a SUPAHasMetadataDecorator SUPAHasPolicySource
             association class object instance.";
    }

    grouping supa-has-decorator-policy-component-detail supa-has-policy-source-detail {
        leaf supa-policy-ID
        uses supa-policy-object-type {
            type string;
            description
                "This is a globally unique ID for this association
                 instance in the overall policy system.";
        }
        leaf
            refine entity-class {
            type identityref {
                base SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC;
            }
               default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC;
            description
                "The identifier of the class of this assocation."; SUPA-HAS-POLICY-SOURCE-ASSOC;
            }
        }
        leaf supa-policy-component-decorator-ptr supa-has-policy-source-detail-agg-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                   SUPA-POLICY-COMPONENT-DECORATOR-TYPE)";
                  POLICY-STRUCTURE-TYPE)";
            description
                "This associates leaf is an instance-identifier that references
                 a SUPAPolicyStructure instance end point of the SUPAPolicyComponentStructure
                 object
                 association represented by this instance participating in a
                 SUPAHasDecoratedPolicyComponent aggregation to of the
                 SUPAHasDecoratedPolicyComponentDetail
                 SUPAHasPolicySource association
                 class that provides [1]. The grouping
                 supa-has-policy-source-detail represents the semantics of
                 SUPAHasPolicySourceDetail class. Thus, the instance
                 identified by this aggregation.
                 This defines leaf is the object class SUPAPolicyStructure
                 instance that is associated by this
                 instance-identifier points to."; association to the
                 SUPAPolicySource instance referenced by the
                 supa-has-policy-source-detail-part-ptr leaf of
                 this grouping.";
        }
        leaf supa-policy-component-ptr supa-has-policy-source-detail-part-ptr {
            type instance-identifier;
             must "derived-from-or-self (deref(.)/entity-class,
                   SUPA-POLICY-COMPONENT-TYPE)";
                   POLICY-SOURCE-TYPE)";
            description
                "This associates leaf is an instance-identifier that references
                 a SUPAPolicySource instance end point of the SUPAPolicyComponentDecorator
                 object
                 association represented by this instance participating in a
                 SUPAHasDecoratedPolicyComponent aggregation of the
                 SUPAHasPolicySource association [1]. The grouping
                 supa-has-policy-source-detail represents the
                 SUPAHasPolicySourceDetail class. Thus, the instance
                 identified by this leaf is the SUPAPolicySource
                 instance that is associated by this association to the
                 SUPAHasDecoratedPolicyComponentDetail association
                 class that provides
                 SUPAPolicyStructure instance referenced by the semantics
                 supa-has-policy-source-detail-agg-ptr leaf of
                 this aggregation.
                 This defines the object class that this
                 instance-identifier points to."; grouping.";
        }
        leaf-list supa-has-decorator-constraint
        leaf supa-policy-source-is-authenticated {
            type string; boolean;
            description
                "A constraint expression applying to
                "If the value of this association
                 between attribute is true, then this
                 SUPAPolicySource object has been authenticated by
                 a policy component decorator and the
                 decorated component."; engine or application that is executing this
                 particular SUPAPolicyStructure object.";
        }
        leaf supa-has-decorator-constraint-encoding supa-policy-source-is-trusted {
            type string; boolean;
            description
                "The language in which the constraints on
                "If the value of this attribute is true, then this
                 SUPAPolicySource object has been verified to be
                 trusted by a policy component-decoration engine or application that is expressed.";
                 executing this particular SUPAPolicyStructure object.";
        }
        description
            "This is a concrete an association class that class, and defines the semantics of
             the SUPAHasDecoratedPolicyComponent
             aggregation. SUPAHasPolicySource association. The purpose attributes and
             relationships of this class is can be used to use the
             Decorator pattern define which
             SUPAPolicySource objects can be attached to detemine which
             SUPAPolicyComponentDecorator
             particular set of SUPAPolicyStructure objects. Note that a
             SUPAPolicySource object instances, if any,
             are required to augment is NOT responsible for evaluating
             or executing SUPAPolicies; rather, it identifies the functionality set
             of entities that are responsible for managing this
             SUPAPolicySource object. Its primary uses are for
             auditability, as well as processing deontic logic. This
             object represents the concrete
             subclass semantics of SUPAPolicyClause that is being used."; associating a
             SUPAPolicySource to a SUPAPolicyTarget.";
    }

    container supa-policy-component-decorator-detail-container supa-policy-source-detail-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyComponentDecoratorDetail."; SUPAPolicySourceDetail.";
        list supa-policy-component-decorator-detail-list supa-policy-source-detail-list {
            key supa-policy-ID;
            uses supa-has-decorator-policy-component-detail; supa-has-policy-source-detail;
            description
                "This is a list of all
                 supa-policy-component-decorator-details."; supa-policy-source-detail
                 objects.";
        }
    }

    identity SUPA-HAS-POLICY-SOURCE-ASSOC SUPA-HAS-POLICY-TARGET-ASSOC {
        base POLICY-OBJECT-TYPE;
        description
            "The identity corresponding to a SUPAHasPolicySource SUPAHasPolicyTarget
             association class object instance.";
    }
    grouping supa-has-policy-source-detail {
        leaf supa-policy-ID {
            type string;
            description
                "This is a globally unique ID for this association
                 instance in the overall policy system.";
        }
        leaf entity-class {
            type identityref supa-has-policy-target-detail {
                base SUPA-HAS-POLICY-SOURCE-ASSOC;
            }
            default SUPA-HAS-POLICY-SOURCE-ASSOC;
            description
                "The identifier of the class of this assocation.";
        uses supa-policy-object-type {
            refine entity-class {
               default SUPA-HAS-POLICY-TARGET-ASSOC;
            }
        }
        leaf supa-policy-source-structure-ptr supa-has-policy-target-detail-agg-ptr {
            type instance-identifier;
             must "derived-from-or-self (deref(.)/entity-class,
                   POLICY-STRUCTURE-TYPE)";
            description
                "This associates the leaf is an instance-identifier that references
                 a SUPAPolicyStructure object instance participating in a SUPAHasPolicySource
                 aggregation to end point of the SUPAHasPolicySourceDetail
                 association class that provides the semantics represented by this instance of the
                 SUPAHasPolicyTarget association [1]. The grouping
                 supa-has-policy-target-detail represents the
                 SUPAHasPolicyTargetDetail class. Thus, the instance
                 identified by this aggregation. This defines leaf is the object class SUPAPolicyStructure
                 instance that is associated by this instance-identifier points to."; association to the
                 SUPAPolicyTarget instance referenced by the
                 supa-has-policy-target-detail-part-ptr leaf of
                 this grouping.";
        }
        leaf supa-policy-source-ptr supa-has-policy-target-detail-part-ptr {
            type instance-identifier;
             must "derived-from-or-self (deref(.)/entity-class,
                   SUPA-POLICY-SOURCE-TYPE)";
                   POLICY-TARGET-TYPE)";
            description
                "This associates leaf is an instance-identifier that references
                 a SUPAPolicyTarget instance end point of the SUPAPolicySource object
                 association represented by this instance participating in a SUPAHasPolicySource
                 aggregation to of the SUPAHasPolicySourceDetail
                 SUPAHasPolicyTarget association class that provides [1]. The grouping
                 supa-has-policy-target-detail represents the semantics of
                 SUPAHasPolicyTargetDetail class. Thus, the instance
                 identified by this aggregation. This defines leaf is the object class SUPAPolicyTarget
                 instance that is associated by this instance-identifier points to."; association to the
                 SUPAPolicyStructure instance referenced by the
                 supa-has-policy-source-detail-agg-ptr leaf of
                 this grouping.";
        }
        leaf supa-policy-source-is-authenticated supa-policy-target-is-authenticated {
            type boolean;
            description
                "If the value of this attribute is true, then this
                 SUPAPolicySource
                 SUPAPolicyTarget object has been authenticated by
                 a policy engine or application that is executing this
                 particular SUPAPolicyStructure object.";
        }
        leaf supa-policy-source-is-trusted supa-policy-target-is-enabled {
            type boolean;
            description
                "If the value of this attribute is true, then this
                 SUPAPolicySource each
                 SUPAPolicyTarget object has been verified that is referenced by this
                 SUPAHasPolicyTarget aggregation is able to be
                 trusted used as
                 a SUPAPolicyTarget by this particular the SUPAPolicyStructure
                 object."; object
                 that is referenced by this SUPAHasPolicyTarget
                 aggregation. This means that this SUPAPolicyTarget has
                 agreed to: 1) have SUPAPolicies applied to it, and 2)
                 process (directly or with the aid of a proxy) one or
                 more SUPAPolicies, or receive the results of a
                 processed SUPAPolicy and apply those results to
                 itself.";
        }
        description
            "This is an association class, and defines the semantics of
             the SUPAHasPolicySource aggregation. SUPAHasPolicyTarget association. The attributes and
             relationships of this class can be used to define which
             SUPAPolicySource
             SUPAPolicyTarget objects can be attached to which
             particular set of SUPAPolicyStructure objects."; objects. Note that a
             SUPAPolicyTarget is used to identify a set of managed
             entities to which a SUPAPolicy should be applied; this
             object represents the semantics of applying a SUPAPolicy
             to a SUPAPolicyTarget.";
    }

    container supa-policy-source-detail-container supa-policy-target-detail-container {
    description
            "This is a container to collect all object instances of
             type SUPAPolicySourceDetail."; SUPAPolicyTargetDetail.";
        list supa-policy-source-detail-list supa-policy-target-detail-list {
            key supa-policy-ID;
            uses supa-has-policy-source-detail; supa-has-policy-target-detail;
            description
                "This is a list of all supa-policy-source-detail supa-policy-target-detail
                 objects.";
        }
    }

    identity SUPA-HAS-POLICY-TARGET-ASSOC SUPA-HAS-POLICY-CLAUSE-ASSOC {
        base POLICY-STRUCTURE-TYPE;
        description
            "The identity corresponding to a SUPAHasPolicyTarget SUPAHasPolicyClause
             association class object instance.";
    }
    grouping supa-has-policy-target-detail supa-has-policy-clause-detail {
        leaf supa-policy-ID
        uses supa-policy-structure-type {
            type string;
            description
                "This is a globally unique ID for this association
                 instance in the overall policy system.";
        }
        leaf
            refine entity-class {
            type identityref {
                base SUPA-HAS-POLICY-TARGET-ASSOC;
            }
               default SUPA-HAS-POLICY-TARGET-ASSOC;
            description
                "The identifier of the class of this assocation."; SUPA-HAS-POLICY-CLAUSE-ASSOC;
            }
        }
        leaf supa-policy-target-structure-ptr supa-has-policy-clause-detail-agg-ptr {
            type instance-identifier;
             must "derived-from-or-self (deref(.)/entity-class,
                   POLICY-STRUCTURE-TYPE)";
            description
                "This associates leaf is an instance-identifier that references
                 a concrete subclass of the SUPAPolicyStructure object class
                 end point of the association represented by this
                 instance participating in a SUPAHasPolicyTarget
                 aggregation to of the SUPAHasPolicyTargetDetail SUPAHasPolicyClause association class that provides [1].
                 The grouping supa-has-policy-clause-detail represents
                 the semantics of SUPAHasPolicyClauseDetail association class. Thus,
                 the instance identified by this aggregation. This defines leaf is the object class
                 SUPAPolicyStructure instance that is associated by
                 this instance-identifier points to."; association to the set of SUPAPolicyClause
                 instances referenced by the
                 supa-has-policy-clause-detail-part-ptr leaf of this
                 grouping.";
        }
        leaf supa-policy-target-ptr supa-has-policy-clause-detail-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                   SUPA-POLICY-TARGET-TYPE)";
                   POLICY-CLAUSE-TYPE)";
            description
                "This associates the SUPAPolicyTarget object
                 instance participating in leaf is an instance-identifier that references
                 a SUPAHasPolicyTarget
                 aggregation to concrete subclass of the SUPAHasPolicyTargetDetail
                 association SUPAPolicyClause class that provides the semantics
                 end point of
                 this aggregation. This defines the object class
                 that association represented by this instance-identifier points to.";
        }
        leaf supa-policy-source-is-authenticated {
            type boolean;
            description
                "If the value
                 instance of this attribute is true, then this
                 SUPAPolicyTarget object has been authenticated the SUPAHasPolicyClause association [1].
                 The grouping supa-has-policy-clause-detail represents
                 the SUPAHasPolicyClauseDetail association class. Thus,
                 the instance identified by this particular SUPAPolicyStructure object.";
        } leaf supa-policy-source-is-enabled {
            type boolean;
            description
                "If the value of this attribute is true, then this
                 SUPAPolicyTarget object is able to be used as a
                 SUPAPolicyTarget. This means that it has agreed to
                 play the role of a SUPAPolicyTarget, and
                 SUPAPolicyClause instance that it is
                 able to either process (directly or with associated by this
                 association to the aid set of a
                 proxy) SUPAPolicies, or receive SUPAPolicyStructure
                 instances referenced by the results
                 supa-has-policy-clause-detail-agg-ptr leaf of a
                 processed SUPAPolicy and apply those results to
                 itself."; this
                 grouping.";
        }
        description
            "This is an association class, and defines the semantics of
             the SUPAHasPolicyTarget aggregation. SUPAHasPolicyClause association. The attributes and
             relationships of this class can be used to define which
             SUPAPolicyTarget objects can be attached to used by which particular
             set of SUPAPolicyStructure objects."; objects. Every
             SUPAPolicyStructure instance MUST aggregate at
             least one SUPAPolicyClause instance. However, the
             converse is NOT true. For example, a SUPAPolicyStructure
             instance MUST aggregate at least one SUPAPolicyClause
             instance. However, a SUPAPolicyClause object could be
             instantiated and then stored for later use in a policy
             repository.";
    }

    container supa-policy-target-detail-container supa-policy-clause-detail-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyTargetDetail."; SUPAPolicyClauseDetail.";
        list supa-policy-target-detail-list supa-policy-clause-detail-list {
            key supa-policy-ID;
            uses supa-has-policy-target-detail; supa-has-policy-clause-detail;
            description
                "This is a list of all supa-policy-target-detail supa-policy-clause-detail
                 objects.";
        }
    }

    identity SUPA-HAS-POLICY-CLAUSE-ASSOC SUPA-HAS-POLICY-EXEC-ACTION-ASSOC {
        base POLICY-STRUCTURE-TYPE;
        description
            "The identity corresponding to a SUPAHasPolicyClause
             SUPAHasPolExecFailActionToTake association class
             object instance.";
    }

    grouping supa-has-policy-clause-detail supa-has-policy-exec-action-detail {
        uses supa-policy-structure-type {
            refine entity-class {
               default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC;
            }
        }
        leaf supa-policy-ID supa-has-exec-fail-action-detail-agg-ptr {
            type string; instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-STRUCTURE-TYPE)";
            description
                "This leaf is an instance-identifier that references
                 a SUPAPolicyStructure instance end point of the
                 association represented by this instance of the
                 SUPAHasPolExecFailActionToTake association [1] that
                 was executing a SUPAPolicy. This SUPAPolicyStructure
                 is referred to as the 'parent' SUPAPolicyStructure
                 instance, while the other instance end point of this
                 association is called the 'child' SUPAPolicyStructure.
                 The grouping supa-policy-structure-type represents the
                 SUPAPolicyStructure class. Thus, the instance
                 identified by this leaf is the parent
                 SUPAPolicyStructure instance that is associated by this
                 association to the child SUPAPolicyStructure instance
                 referenced by the
                 supa-has-exec-fail-action-detail-part-ptr leaf of this
                 grouping.";
        }
        leaf supa-has-exec-fail-action-detail-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-STRUCTURE-TYPE)";
            description
                "This leaf is an instance-identifier that references
                 a SUPAPolicyStructure instance end point of the
                 association represented by this instance of the
                 SUPAHasPolExecFailActionToTake association [1] that
                 was NOT currently executing a SUPAPolicy. This
                 SUPAPolicyStructure is referred to as the 'child'
                 SUPAPolicyStructure instance, while the other instance
                 end point of this association is called the 'parent'
                 SUPAPolicyStructure. The grouping
                 supa-policy-structure-type represents the
                 SUPAPolicyStructure class. Thus, the instance
                 identified by this leaf is a globally unique ID for the child
                 SUPAPolicyStructure instance that is associated by
                 this association to the child SUPAPolicyStructure
                 instance in referenced by the overall policy system.";
        }
                 supa-has-exec-fail-action-detail-part-ptr leaf entity-class {
            type identityref {
                base SUPA-HAS-POLICY-CLAUSE-ASSOC;
            }
            default SUPA-HAS-POLICY-CLAUSE-ASSOC;
            description
                "The identifier of the class of
                 this assocation."; grouping.";
        }
        leaf supa-policy-clause-structure-ptr
        leaf-list supa-policy-exec-fail-take-action-name {
            type instance-identifier;
             must "derived-from-or-self (deref(.)/entity-class,
                   POLICY-STRUCTURE-TYPE)"; string;
            description
                "This associates the SUPAPolicyStructure object
                 instance participating in is a SUPAHasPolicyClause
                 aggregation to the SUPAHasPolicyClauseDetail
                 association class list that provides contains the semantics set of
                 this aggregation. This defines names for
                 SUPAPolicyActions to use if the SUPAPolicyStructure
                 object class that owns this instance-identifier points to.";
        }
        leaf supa-policy-clause-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                   SUPA-POLICY-CLAUSE-TYPE)";

            description
                "This associates the SUPAPolicyClause object
                 instance participating in a SUPAHasPolicyClause
                 aggregation association failed to the SUPAHasPolicyClauseDetail execute
                 properly. This association class that provides the semantics defines a set of child
                 SUPAPolicyStructure objects to use if this aggregation. This (the parent)
                 SUPAPolicyStructure object fails to execute correctly.
                 Each child SUPAPolicyStructure object has one or more
                 SUPAPolicyActions; this attribute defines the object class name(s)
                 of each SUPAPolicyAction in each child
                 SUPAPolicyStructure that this instance-identifier points to."; should be used to try and
                 remediate the failure.";
        }
        description
            "This is an association class, and defines the semantics of
             the SUPAHasPolicyClause aggregation. SUPAHasPolExecFailTakeAction association. The
             attributes and relationships of this class can be used to define
             determine which
             SUPAPolicyTarget SUPAPolicyAction objects can be attached are executed in
             response to which
             particular set a failure of SUPAPolicyStructure objects.
             Every the SUPAPolicyStructure object
             instance MUST aggregate
             at least one SUPAPolicyClause object instance. However,
             the converse is NOT true. For example, a SUPAPolicyClause
             could be instantiated and then stored for later use in a
             policy repository."; that owns this association.";
    }

    container supa-policy-clause-detail-container supa-policy-exec-fail-take-action-detail-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolicyClauseDetail."; SUPAPolExecFailActionToTakeDetail.";
        list supa-policy-clause-detail-list supa-policy-exec-fail-take-action-detail-list {
            key supa-policy-ID;
            uses supa-has-policy-clause-detail; supa-has-policy-exec-action-detail;
            description
                "This is a list of all supa-policy-clause-detail
                 supa-has-policy-exec-action-detail objects.";
        }
    }

    identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC {
        base POLICY-METADATA-TYPE;
        description
            "The identity corresponding to a
             SUPAHasPolExecFailActionToTake
             SUPAHasMetadataDecoratorDetail association class
             object instance.";
    }

    grouping supa-has-policy-exec-action-detail supa-has-policy-metadata-dec-detail {
        leaf supa-policy-ID {
            type string;
            description
                "This is a globally unique ID for this association
                 instance in the overall policy system.";
        }
        leaf entity-class
        uses supa-policy-metadata-type {
            type identityref
            refine entity-class {
                base SUPA-HAS-POLICY-EXEC-ACTION-ASSOC;
            }
               default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC;
            description
                "The identifier of the class of this assocation."; SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC;
            }
        }
        leaf supa-policy-structure-action-src-ptr supa-has-policy-metadata-detail-dec-agg-ptr {
            type instance-identifier;
             must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-STRUCTURE-TYPE)";
                   POLICY-METADATA-TYPE)";
            description
                "This associates leaf is an instance-identifier that references
                 a SUPAPolicyMetadataDecorator instance end point of
                 the SUPAPolicyStructure object association represented by this instance participating in a
                 SUPAHasPolExecFailActionToTake of the
                 SUPAHasMetadataDecorator association to [1]. The
                 grouping supa-has-policy-metadata-detail represents
                 the
                 SUPAHasPolExecFailActionToTakeDetail SUPAHasMetadataDecoratorDetail association
                 class that provides class.

                 Thus, the semantics of instance identified by this
                 aggregation. This defines leaf is the object class
                 SUPAPolicyMetadataDecorator instance that is
                 associated by this instance-identifier points to."; association to the set of
                 SUPAPolicyMetadata instances referenced by the
                 supa-has-policy-metadata-detail-dec-part-ptr leaf of
                 this grouping.";
        }
        leaf supa-policy-structure-action-dst-ptr supa-has-policy-metadata-detail-dec-part-ptr {
            type instance-identifier;
            must "derived-from-or-self (deref(.)/entity-class,
                  POLICY-STRUCTURE-TYPE)";
                   POLICY-METADATA-TYPE)";
            description
                "This associates leaf is an instance-identifier that references
                 a SUPAPolicyAction object SUPAPolicyMetadata instance participating in a
                 SUPAHasPolExecFailActionToTake end point of the
                 association to represented by this instance of the
                 SUPAHasPolExecFailActionToTakeDetail
                 SUPAHasMetadataDecorator association
                 class that provides [1]. The
                 grouping supa-has-policy-metadata-detail represents
                 the semantics of this
                 aggregation. This defines SUPAHasMetadataDecoratorDetail association class.
                 Thus, the object class that instance identified by this instance-identifier points to.";
        } leaf supa-policy-exec-fail-take-action-encoding {
            type policy-data-type-id-encoding-list;
            description
                "This defines how to find the set of SUPA Policy
                 Action objects contained in each element of the
                 supa-policy-exec-fail-take-action-name attribute
                 object.";
        }
        leaf-list supa-policy-exec-fail-take-action-name {
            type string;
            description
                "This identifies the set of SUPA Policy Actions to take
                 if is the SUPAPolicyStructure object
                 SUPAPolicyMetadata instance that owns is associated by
                 this association failed to execute properly. The
                 interpretation the set of this string attribute is defined
                 SUPAPolicyMetadataDecorator instances referenced by
                 the supa-policy-exec-fail-take-action-encoding class
                 attribute."; supa-has-policy-metadata-detail-dec-agg-ptr leaf
                 of this grouping.";
        }
        description
            "This is an association class, and defines the semantics of
             the SUPAHasPolExecFailTakeAction SUPAHasMetadataDecorator association. The attributes
             and relationships of this class can be used to
             determine define which SUPA Policy Action objects are executed in
             response
             concrete subclasses of the SUPAPolicyMetadataDecorator
             class can be used to a failure wrap which concrete subclasses of the SUPAPolicyStructure object
             instance that owns this association.";
             SUPAPolicyMetadata class.";
    }

    container supa-policy-exec-fail-take-action-detail-container supa-policy-metadata-decorator-detail-container {
        description
            "This is a container to collect all object instances of
             type SUPAPolExecFailActionToTakeDetail."; SUPAHasMetadaDecoratorDetail.";
        list supa-policy-exec-fail-take-action-detail-list supa-policy-metadata-decorator-detail-list {
            key supa-policy-ID; supa-policy-metadata-id;
            uses supa-has-policy-exec-action-detail; supa-has-policy-metadata-dec-detail;
            description
                "This is a list of all
                 supa-has-policy-exec-action-detail supa-policy-metadata-detail
                 objects.";
        }
    }
}

<CODE ENDS>
6. IANA Considerations

   No IANA considerations exist for this document.

7. Security Considerations

   TBD

8. Acknowledgments

   This document has benefited from reviews, suggestions, comments
   and proposed text provided by the following members, listed in
   alphabetical order:

      Qin Wu. Wu

9. References

   This section defines normative and informative references for this
   document.

9.1. Normative References

    [RFC2119]   Bradner, S., "Key words for use in RFCs to Indicate
                Requirement Levels", BCP 14, RFC 2119, March 1997.

    [RFC6020]   Bjorklund, M., "YANG - A Data Modeling Language for
                the Network Configuration Protocol (NETCONF)",
                RFC 6020, October 2010.

    [RFC6991]   Schoenwaelder, J., "Common YANG Data Types", RFC 6991,
                July 2013.

9.2. Informative References

    [1]         Strassner, J., Halpern, J., Coleman, J., "Generic
                Policy Information Model for Simplified Use of Policy
                Abstractions (SUPA)",
                draft-strassner-supa-generic-policy-info-model-05 March 21, 2016 2016,
                draft-ietf-supa-generic-policy-info-model-01
    [2]         http://www.omg.org/spec/OCL/
    [3]         http://doc.omg.org/formal/2002-04-03.pdf
    [4]         http://alloy.mit.edu/alloy/
    [5]         http://www.omg.org/spec/QVT/

    [6]         http://semver.org/
    [7]         Definitions of DAC, MAC, and RBAC may be found here:
                http://csrc.nist.gov/groups/SNS/rbac/faq.html#03
    [8]         ABAC is described here:
                http://csrc.nist.gov/groups/SNS/rbac/index.html

Authors' Addresses

   Joel Halpern
   Ericsson
   P. O. Box 6049
   Leesburg, VA 20178
   Email:  joel.halpern@ericsson.com

   John Strassner
   Huawei Technologies
   2330 Central Expressway
   Santa Clara, CA  95138  USA
   Email: john.sc.strassner@huawei.com

   Sven van der Meer
   LM Ericsson Ltd.
   Ericsson Software Campus
   Garrycastle
   Athlone
   N37 PV44
   Ireland
   Email: sven.van.der.meer@ericsson.com