[15:02:36] --- bert has joined
[15:02:39] --- simon has joined
[15:03:09] * bert has set the topic to: NEE - Netconf Conf Call
[15:03:09] --- sharonchisholm has joined
[15:08:24] <bert> seems we all agree more work needs to be done
[15:08:37] <bert> seems we want to continue with current WG (i.e. re-charter): - shows continuity in the work - less overhead compared to starting a new WG
[15:09:55] <bert> how many proposals are there? - we have a few (2 or 3) proposals for access control
[15:10:14] <bert> Andy believes it is the number 1 priority/work-item
[15:12:35] <bert> - partial locking
[15:12:42] <bert> -n netconf monitoring
[15:12:47] <bert> - requirements for access control
[15:12:56] <bert> Did I miss any?
[15:13:29] --- dromasca has joined
[15:14:50] <bert> Andy claims: [partial locking is no "low hanging fruit"
[15:17:34] <bert> This was on NEE agenda:
[15:17:43] <bert> 2.3 Access Control 2.3.1 ACL data model for NETCONF (Iijima Tomoyuki - 15 minutes) http://www.ietf.org/internet-drafts/draft-iijima-ngo-acldatamodel-00.txt 2.3.2 NETCONF access control profile for XACML (TBD -5 minutes) Proposes a profile that defines how to use XACML (eXtended Access Control Markup Language) to provide fine-grain access control for NETCONF commands. http://www.ietf.org/internet-drafts/draft-seitz-netconf-xacml-01.txt
[15:18:16] <bert> And this for PArtial LOcking:
[15:18:18] <bert> 2. Go through proposed NETCONF updates 2.1 Partial Lock RPC for Netconf (Balazs Lengyel - 15 minutes) Proposes a capability based extension to the NETCONF protocol to lock only a part of a configuration datastore. http://www.ietf.org/internet-drafts/draft-lengyel-ngo-partial-lock-00.txt
[15:22:44] <bert> Sharon states: for data model we have 3 proposals
[15:23:32] <bert> Sahron, can you list doc naames?
[15:24:34] <bert> Andy suggests we have langiuges (like XSD and RELAXng)
[15:24:42] <bert> DBH: but we have not agreed upon a language
[15:24:43] <dromasca> we seem to be mising any acl requirements contributions
[15:26:05] <bert> I do not see one either
[15:27:09] <bert> Dan asks: how will we write our schemas for now?
[15:27:15] <bert> Answer: for now we use XSD
[15:27:40] <bert> alternative would be to use SNMP MIB modules, which seems strange
[15:28:42] <bert> yes there was a charter
[15:28:49] <bert> http://www3.ietf.org/proceedings/07jul/slides/nee-7/sld1.htm
[15:29:22] <sharonchisholm> http://www3.ietf.org/proceedings/07jul/slides/nee-7/sld1.htm
[15:30:15] <bert> here is slide 3 (seems the most importnat):
[15:30:16] <bert> Initial problems identified for the working group are as follows. It is assumed that these items will be completed for additional items will be added. Netconf Monitoring: It is considered best practice for IETF working groups to include management of their protocols within the scope of the solution they are providing. Currently Netconf has not provided any such solution. Providing a method to monitor NETCONF is within the scope of this working group. Access Control: It is also considered best practice in management protocols to outline an access control solution. Previous discussion on this topic has suggested that allowing course-grain access control might be more desirable then finer-grain access control solutions provided in the past by solutions like SNMP. The working group should ensure it understands the requirements for access control before proceeding to define the solution.. Fine-grain Locking: It was recognized during the base NETCONF work, locking an entire configuration store did not meet operational or security requirements. This working group will look at solutions for finer-grain locking. Schema Advertisement: Currently the NETCONF protocol is able to advertise which protocol features are supported on a particular box. What is missing is the ability to advertise what XML Schema and what version of those Schema are supported to provide the information at the NETCONF content layer.
[15:31:36] <bert> There was the topic on NetConf over TLS:
[15:31:37] <bert> 2.4 NETCONF over TLS (Dan Romascanu - 10 minutes) Describes how to use TLS to secure NETCONF exchanges. http://www.ietf.org/internet-drafts/draft-badra-tls-netconf-03.txt
[15:34:01] <bert> Dan suggests to write a (short) I-D for 1) requirements for partial locking
[15:34:10] <bert> and 2) requirements for access control
[15:35:27] <bert> Andy worries (and such was discussed on mlist) about: what does it mean to lock X and X contains dynamic expressions
[15:35:35] <bert> Hope I described this correctly
[15:36:58] <bert> I don't hear much consensus as to 1) what work is most needed, and 2)  how to start working on any of the topics we discussed
[15:38:23] <sharonchisholm> Everyone agrees on Netconf Monitoring and Schema Advertisement
[15:41:34] <bert> So where is/was the agreement on the Shema Advertisment?
[15:45:04] <sharonchisholm> earlier on the call. Several people have it high on their list
[15:45:24] <bert> I mean where is the agreement on how to do it?
[15:45:45] <bert> Some want MIB, others an informal information model, others XSD >\
[15:46:02] <bert> s/>]/?/
[15:47:14] <bert> I would think if we do access control, it is 2 steps: requirements, then protcol/schema
[15:47:19] <bert> same for partial locking
[15:47:28] <bert> could be one document for each.
[15:47:41] <bert> don;t want to bog down on requirments though.
[15:48:06] <bert> But I hate it when some beleief it is a "simple black box" while others think it is a major undertaking (I actually agree with the latetr)
[15:51:02] <bert> Now we're on updates on protocol doc (i.e. more operations??)
[15:51:28] <dromasca> ask loadly
[15:51:45] <bert> ? what do you mean Dan?
[15:52:07] <dromasca> was this a question?
[15:52:18] <bert> what is "ask loadly" ??
[15:52:38] <dromasca> about protocol updates
[16:01:02] <bert> Sharon, why do you think we need an interim?
[16:01:39] <dromasca> would this be an interim before vancouver?
[16:02:10] <bert> that is what I udnerstood on the call. maybe I mis-understood
[16:09:22] --- dbh2 has joined
[16:10:14] <bert> Hi Dave
[16:10:23] --- dromasca has left
[16:10:29] <bert> I am emailing around the jabber log
[16:11:31] <dbh2> Hi Bert,
[16:12:05] <dbh2> I just got your message about the jabber log. I wish I'd thoght of this. I had great difficuty hearing the conversations clearly.
[16:12:32] <dbh2> Thanks for doing the minutes. I wondered why you were so quiet; now I understand.
[16:12:39] <bert> same here. SO I am not sure I recorded it all correctly (even if I had heard it all clearly)
[16:13:08] <dbh2> Most of it was rehash anyway.
[16:21:09] <simon> Thanks Bert & good night/good bye everybody
[16:21:13] --- simon has left
[16:38:46] --- sharonchisholm has left
[16:56:32] --- bert has left
[18:35:02] --- dbh2 has left