idnits 2.17.1 draft-halpern-supa-generic-policy-data-model-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 15, 2016) is 2905 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group J. Halpern 2 Internet-Draft Ericsson 3 Intended status: Informational J. Strassner 4 Expires: October 29, 2016 Huawei Technologies 5 April 15, 2016 7 Generic Policy Data Model for 8 Simplified Use of Policy Abstractions (SUPA) 9 draft-halpern-supa-generic-policy-data-model-01 11 Abstract 13 This document defines two YANG policy data models. The first is a 14 generic policy model that is meant to be extended on an application- 15 specific basis. The second is an exemplary extension of the first 16 generic policy model, and defines rules as event-condition-action 17 policies. Both models are independent of the level of abstraction of 18 the content and meaning of a policy. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current 28 Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six 31 months and may be updated, replaced, or obsoleted by other 32 documents at any time. It is inappropriate to use Internet-Drafts 33 as reference material or to cite them other than as "work in 34 progress." 36 This Internet-Draft will expire on October 29, 2016. 38 Copyright Notice 40 Copyright (c) 2016 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with 48 respect to this document. Code Components extracted from this 49 document must include Simplified BSD License text as described in 50 Section 4.e of the Trust Legal Provisions and are provided 51 without warranty as described in the Simplified BSD License. 53 Table of Contents 55 1. Overview ....................................................... 2 56 2. Conventions Used in This Document .............................. 2 57 3. Terminology .................................................... 3 58 3.1. Acronyms .................................................. 3 59 3.2. Definitions ............................................... 3 60 3.3. Symbology ................................................. 4 61 4. Design of the SUPA Policy Data Models .......................... 4 62 5. SUPA Policy Data Model YANG Module ............................. 5 63 6. IANA Considerations ............................................ 47 64 7. Security Considerations ........................................ 47 65 8. Acknowledgments ................................................ 47 66 9. References ..................................................... 47 67 9.1. Normative References ...................................... 48 68 9.2. Informative References .................................... 48 69 Authors' Addresses ................................................ 48 71 1. Overview 73 This document defines two YANG [RFC6020] [RFC6991] policy data 74 models. The first is a generic policy model that is meant to be 75 extended on an application-specific basis. It is derived from the 76 Generic Policy Information Model (GPIM) defined in [1]. The second 77 is an exemplary extension of the first (generic policy) model, and 78 defines policy rules as event-condition-action tuples. Both models 79 are independent of the level of abstraction of the content and 80 meaning of a policy. 82 The GPIM defines a common framework as a set of model elements 83 (e.g., classes, attributes, and relationships) that specify a 84 common set of policy management concepts that are independent of the 85 type of policy (e.g., imperative, procedural, declarative, or 86 otherwise). The first YANG data model is a translation of the GPIM 87 to a YANG module. The Eca Policy Rule Information Model (EPRIM), 88 also defined in [1], extends the GPIM to represent policy rules that 89 use the Event-Condition-Action (ECA) paradigm. The second YANG data 90 model maps the EPRIM to YANG. The second YANG data model MAY be 91 used to augment the functionality of the first YANG data model. 93 2. Conventions Used in This Document 95 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 96 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 97 this document are to be interpreted as described in [RFC2119]. In 98 this document, these words will appear with that interpretation 99 only when in ALL CAPS. Lower case uses of these words are not to 100 be interpreted as carrying [RFC2119] significance. 102 3. Terminology 104 This section defines acronyms, terms, and symbology used in the 105 rest of this document. 107 3.1. Acronyms 109 CNF Conjunctive Normal Form 110 DNF Disjunctive Normal Form 111 ECA Event-Condition-Action 112 EPRIM (SUPA) ECA Policy Rule Information Model 113 GPIM (SUPA) Generic Policy Information Model 114 NETCONF Network Configuration protocol 115 OAM&P Operations, Administration, Management, and Provisioning 116 OCL Object Constraint Language 117 OID Object IDentifier 118 SUPA Simplified Use of Policy Abstractions 119 UML Unified Modeling Language 120 URI Uniform Resource Identifier 122 3.2. Definitions 124 Action: a set of purposeful activities that have a set of 125 associated behavior. 127 Boolean Clause: a logical statement that evaluates to either TRUE 128 or FALSE. Also called Boolean Expression. 130 Condition: a set of attributes, features, and/or values that are to 131 be compared with a set of known attributes, features, and/or 132 values in order to make a decision. A Condition, when used in 133 the context of a Policy Rule, is used to determine whether or not 134 the set of Actions in that Policy Rul can be executed or not. 136 Constraint: A constraint is a limitation or restriction. 137 Constraints may be added to any type of object (e.g., events, 138 conditions, and actions in Policy Rules). 140 Constraint Programming: a type of programming that uses constraints 141 to define relations between variables in order to find 142 a feasible (and not necessarily optimal) solution. 144 Data Model: a data model is a representation of concepts of 145 interest to an environment in a form that is dependent on data 146 repository, data definition language, query language, 147 implementation language, and protocol (typically one or more of 148 these). 150 ECA: Event - Condition - Action policy. 152 Event: an Event is defined as any important occurrence in time of 153 a change in the system being managed, and/or in the environment 154 of the system being managed. An Event, when used in the context 155 of a Policy Rule, is used to determine whether the condition 156 clause of an imperative Policy Rule can be evaluated or not. 158 Information Model: an information model is a representation of 159 concepts of interest to an environment in a form that is 160 independent of data repository, data definition language, query 161 language, implementation language, and protocol. 163 Metadata: is data that provides descriptive and/or prescriptive 164 information about the object(s) to which it is attached. 166 Policy Rule: A Policy Rule is a set of rules that are used to 167 manage and control the changing or maintaining of the state of one 168 or more managed objects. 170 3.3. Symbology 172 The following representation is used to describe YANG data modules 173 defined in this draft. 175 o Brackets "[" and "]" enclose list keys. 177 o Abbreviations before data node names: "rw" means configuration 178 data (read-write), and "ro" means state data (read-only). 180 o Symbols after data node names: "?" means an optional node, "!" 181 means a presence container, and "*" denotes a list and leaf-list. 183 o Parentheses enclose choice and case nodes, and case nodes are also 184 marked with a colon (":"). 186 o Ellipsis ("...") stands for contents of subtrees that are not 187 shown. 189 4. Design of the SUPA Policy Data Models 191 This will be completed in the next version of this draft. Three 192 important points are: 194 - different policy models have common semantics 195 - capture those semantics within a common framework (GPIM) 196 - extend these semantics with a specific ECA example (EPRIM) 198 5. SUPA Policy Data Model YANG Module 200 The SUPA YANG data model module is divided into two main parts: 202 1) a set of containers that represent the objects that make 203 updated a Policy Rule and its Policy Rule Components 204 2) a set of containers that represent the objects that define and 205 apply metadata to Policy Rules and/or Policy Rule Components 207 < This will be finished in version 02 > 209 file "ietf-supa-policydatamodel@2016-03-21.yang" 211 module ietf-supa-policydatamodel { 213 yang-version 1.1; 214 namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel"; 215 prefix supa-pdm; 217 import ietf-yang-types { 218 prefix yang; 219 } 221 organization "IETF"; 222 contact 223 "Editor: Joel Halpern 224 email: jmh@joelhalpern.com; 225 Editor: John Strassner 226 email: strazpdj@gmail.com;"; 228 description 229 "This module defines a data model for generic high level 230 definition of policies to be applied to a network. 231 This module is derived from and aligns with 232 draft-strassner-supa-generic-policy-info-model-04. 233 Details on all classes, associations, and attributes 234 can be found there. 235 Copyright (c) 2015 IETF Trust and the persons identified 236 as the document authors. All rights reserved. 237 Redistribution and use in source and binary forms, with or 238 without modification, is permitted pursuant to, and 239 subject to the license terms contained in, the Simplified 240 BSD License set forth in Section 4.c of the IETF Trust's 241 Legal Provisions Relating to IETF Documents 242 (http://trustee.ietf.org/license-info)."; 244 revision 2016-04-15 { 245 description 246 "Fixed pyang 1.1 compilation errors. Fixed must clause 247 derefencing used in grouping statements. Reformatted 248 and expanded descriptions. Fixed various typos."; 249 reference 250 "draft-halpern-supa-policy-data-model-01"; 251 } 252 revision 2016-03-21 { 253 description 254 "Version 1 - initial version"; 255 reference 256 "draft-halpern-supa-policy-data-model-00"; 257 } 259 typedef policy-constraint-language-list { 260 type enumeration { 261 enum "undefined" { 262 description 263 "This may be used as an initialization and/or 264 an error state."; 265 } 266 enum "OCL2.4" { 267 description 268 "Object Constraint Language v2.4. This is a 269 declarative language for describing rules for 270 defining constraints and query expressions."; 271 } 272 enum "OCL2.x" { 273 description 274 "Object Constraint Language, v2.0 through 2.3.1."; 275 } 276 enum "OCL1.x" { 277 description 278 "Object Constraint Language, any version prior 279 to v2.0."; 280 } 281 enum "QVT1.2R" { 282 description 283 "QVT Relational Language."; 284 } 285 enum "QVT1.2O" { 286 description 287 "QVT Operational language."; 288 } 289 enum "Alloy" { 290 description 291 "A language for defining structures and 292 and relations using constraints."; 293 } 294 } 295 description 296 "The language used to encode the constraints 297 relevant to the relationship between the metadata 298 and the underlying policy object."; 299 } 301 typedef policy-data-type-id-encoding-list { 302 type enumeration { 303 enum "undefined" { 304 description 305 "This can be used for either initialization 306 or for signifying an error."; 307 } 308 enum "String" { 309 description 310 "The clause is directly present in 311 the content."; 312 } 313 enum "GUID" { 314 description 315 "The clause is referenced by this GUID."; 316 } 317 enum "UUID" { 318 description 319 "The clause is referenced by this UUID."; 320 } 321 enum "URI" { 322 description 323 "The clause is referenced by this URI."; 324 } 325 enum "FQDN" { 326 description 327 "The clause is referenced by this FQDN."; 328 } 329 } 330 description 331 "The list of possible data types used to represent object 332 IDs in the SUPA policy hierarchy."; 333 } 335 typedef policy-data-type-encoding-list { 336 type enumeration { 337 enum "undefined" { 338 description 339 "This can be used for either initialization 340 or for signifying an error."; 341 } 342 enum "string" { 343 description 344 "This represents a string data type."; 345 } 346 enum "integer" { 347 description 348 "This represents an integer data type."; 349 } 350 enum "boolean" { 351 description 352 "This represents a Boolean data type."; 353 } 354 enum "floating point" { 355 description 356 "This represents a floating point data type."; 357 } 358 enum "date-and-time" { 359 description 360 "This represents a data type that can specify 361 date and/or time."; 362 } 363 enum "GUID" { 364 description 365 "This represents a GUID data type."; 366 } 367 enum "UUID" { 368 description 369 "This represents a UUID data type."; 370 } 371 enum "URI" { 372 description 373 "This represents a Uniform Resource Identifier 374 (URI) data type."; 375 } 376 enum "DN" { 377 description 378 "This represents a Distinguished Name (DN) 379 data type."; 380 } 381 enum "NULL" { 382 description 383 "This represents a NULL data type. NULL means the 384 absence of an actual value. NULL is frequently 385 used to represent a missing or invalid value."; 386 } 387 } 388 description 389 "The set of allowable data types used to encode 390 multi-valued SUPA Policy attributes."; 391 } 393 // identities are used in this model as a means to provide simple 394 // reflection to allow an instance-identifier to be tested as to what 395 // class it represents. In turn, this allows must clauses to specify 396 // that the target of a particular instance-identifier leaf must be a 397 // specific class, or within a certain branch of the inheritance tree. 399 // This depends upon the ability to refine the entity class default 400 // value. The entity class should be read-only. Howeverm as this is 401 // the target of a MUST condition, it cannot be config-false. Also, 402 // it appears that we cannot put a MUST condition on its definition, 403 // as the default (actual) value changes at each inheritance. 405 identity POLICY-OBJECT-TYPE { 406 description 407 "The identity corresponding to a SUPAPolicyObject 408 object instance."; 409 } 411 grouping supa-policy-object-type { 412 leaf supa-policy-ID { 413 type string; 414 mandatory true; 415 description 416 "The string identifier of this policy object. 417 It must be unique within the policy system."; 418 } 419 leaf entity-class { 420 type identityref { 421 base POLICY-OBJECT-TYPE; 422 } 423 default POLICY-OBJECT-TYPE; 424 description 425 "The identifier of the class of this grouping."; 426 } 427 leaf supa-policy-object-ID-encoding { 428 type policy-data-type-id-encoding-list; 429 mandatory true; 430 description 431 "The encoding used by the supa-object-ID."; 432 } 433 leaf supa-policy-object-description { 434 type string; 435 description 436 "Human readable description of the characteristics 437 and behavior of this policy object."; 438 } 439 leaf supa-policy-name { 440 type string; 441 description 442 "A human-readable name for this policy."; 443 } 444 leaf-list supa-has-policy-metadata-agg { 445 type instance-identifier; 446 must "derived-from-or-self (deref(.)/entity-class, 447 SUPA-HAS-POLICY-METADATA-ASSOC)"; 449 description 450 "The SUPAPolicyObject object instance that aggregates 451 this set of SUPAPolicyMetadata object instances. As 452 there are attributes on this association, the 453 instance-identifier MUST point to an instance using 454 the grouping supa-has-policy-metadata-detail (which 455 includes subclasses of this association class)."; 456 } 457 description 458 "This is the superclass for all SUPA objects. It is 459 used to define common attributes and relationships 460 that all SUPA subclasses inherit."; 461 } 463 identity POLICY-COMPONENT-TYPE { 464 base POLICY-OBJECT-TYPE; 465 description 466 "The identity corresponding to a 467 SUPAPolicyComponentStructure object instance."; 468 } 470 grouping supa-policy-component-structure-type { 471 uses supa-policy-object-type { 472 refine entity-class { 473 default POLICY-COMPONENT-TYPE; 474 } 475 } 476 leaf supa-has-policy-component-decorator-part { 477 type instance-identifier; 478 must "derived-from-or-self (deref(.)/entity-class, 479 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 480 mandatory true; 481 description 482 "A reference to the association class for relating 483 policy component decorators to the policy components 484 they decorate. This is the set of 485 SUPAPolicyComponentStructure object instances that are 486 aggregated by a SUPAPolicyComponentDecorator object 487 instance. As there are attributes on this association, 488 the instance-identifier MUST point to an instance 489 using the specified grouping. This defines the object 490 class that this instance-identifier points to."; 491 } 492 description 493 "A superclass for all objects that represent different types 494 of components of a Policy Rule. Important subclasses include 495 the SUPAPolicyClause and the SUPAPolicyComponentDecorator. 496 This object is the root of the decorator pattern; as such, 497 it enables all subclasses to be decorated."; 498 } 499 identity POLICY-COMPONENT-DECORATOR-TYPE { 500 base POLICY-COMPONENT-TYPE; 501 description 502 "The identity corresponding to a 503 SUPAPolicyComponentDecorator object instance."; 504 } 506 grouping supa-policy-component-decorator-type { 507 uses supa-policy-component-structure-type { 508 refine entity-class { 509 default POLICY-COMPONENT-DECORATOR-TYPE; 510 } 511 } 512 leaf-list supa-has-policy-component-decorator-agg { 513 type instance-identifier; 514 must "derived-from-or-self (deref(.)/entity-class, 515 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 516 max-elements 1; 517 description 518 "The SUPAPolicyComponentDecorator object instance 519 that aggregates this set of 520 SUPAPolicyComponentStructure object instances. This 521 is a list of associations to the SUPA policy components 522 that this decorator decorates. As there are attributes 523 on this association, the instance-identifier MUST 524 point to an instance using the specified grouping. 525 This defines the object class that this 526 instance-identifier points to."; 527 } 528 leaf-list supa-decorator-constraints { 529 type string; 530 description 531 "A constraint expression applying to this 532 decorator, allowing specification of details not 533 captured in its subclasses, using an appropriate 534 constraint language."; 535 } 536 leaf supa-has-decorator-constraint-encoding { 537 type policy-constraint-language-list; 538 description 539 "The language in which the constraints on the 540 policy component decorator is expressed."; 541 } 542 description 543 "This object implements the decorator pattern, which 544 enables all or part of one or more objects to wrap 545 another concrete object."; 546 } 547 identity POLICY-COMPONENT-CLAUSE-TYPE { 548 base POLICY-COMPONENT-TYPE; 549 description 550 "The identity corresponding to a SUPAPolicyClause 551 object instance."; 552 } 554 grouping supa-policy-clause-type { 555 uses supa-policy-component-structure-type { 556 refine entity-class { 557 default POLICY-COMPONENT-CLAUSE-TYPE; 558 } 559 } 560 leaf supa-policy-clause-exec-status { 561 type enumeration { 562 enum "Unknown" { 563 description 564 "This may be used as an initialization and/or 565 an error state."; 566 } 567 enum "Completed" { 568 description 569 "This signifies that this particular policy 570 clause has run successfully, and is now idle."; 571 } 572 enum "Working" { 573 description 574 "This signifies that this particular policy 575 clause is currently in use, and no errors have 576 been reported."; 577 } 578 enum "Not Working" { 579 description 580 "This signifies that this particular policy 581 clause is currently in use, but one or more 582 errors have been reported."; 583 } 584 enum "Available" { 585 description 586 "This signifies that this particular policy 587 clause could be used, but currently is not 588 in use."; 589 } 590 enum "In Test" { 591 description 592 "This signifies that this particular policy 593 clause is not for use in operational policies."; 594 } 595 enum "Disabled" { 596 description 597 "This signifies that this particular policy 598 clause is not available for use."; 599 } 600 } 601 description "This describes whether this policy clause is in 602 use and if so whether it is working properly."; 603 } 604 leaf-list supa-has-policy-clause-part { 605 type instance-identifier; 606 must "derived-from-or-self (deref(.)/entity-class, 607 SUPA-HAS-POLICY-CLAUSE-ASSOC)"; 608 min-elements 1; 609 description 610 "The set of SUPAPolicyClause object instances that are 611 aggregated by this SUPAPolicyStructure (i.e., this 612 SUPA Policy Rule) object instance. This defines the 613 object class that this instance-identifier points to."; 614 } 615 description "The parent class for all SUPA Policy Clauses."; 616 } 618 identity POLICY-ENCODED-CLAUSE-TYPE { 619 base POLICY-COMPONENT-CLAUSE-TYPE; 620 description 621 "The identity corresponding to a SUPAPolicyEncodedClause 622 object instance."; 623 } 625 grouping supa-encoded-clause-type { 626 uses supa-policy-clause-type { 627 refine entity-class { 628 default POLICY-ENCODED-CLAUSE-TYPE; 629 } 630 } 631 leaf supa-encoded-clause-content { 632 type string; 633 mandatory true; 634 description 635 "Either a reference to a source for this clause or the 636 string representation of the clause."; 637 } 638 leaf supa-encoded-clause-encoding { 639 type policy-data-type-id-encoding-list; 640 mandatory true; 641 description 642 "The encoding for the encoding clause content."; 643 } 644 leaf supa-encoded-clause-language { 645 type enumeration { 646 enum "undefined" { 647 description 648 "This may be used as an initialization and/or 649 an error state."; 650 } 651 enum "CLI" { 652 description 653 "This defines the language as a type of Command 654 Line Interface."; 655 } 656 enum "TL1" { 657 description 658 "This defines the language as a type of 659 Transaction Language 1."; 660 } 661 enum "YANG" { 662 description 663 "This defines the language as a type of YANG."; 664 } 665 } 666 mandatory true; 667 description 668 "Indicates the lanaguage used for this object instance."; 669 } 670 leaf supa-encoded-clause-response { 671 type boolean; 672 description 673 "If present, this represents the success or failure 674 of the last invocation of this clause."; 675 } 676 description 677 "This class refines the behavior of the supa-policy-clause 678 by encoding the contents of the clause into the attributes 679 of this object. This enables clauses that are not based on 680 other SUPA objects to be modeled."; 681 } 683 container supa-encoding-clause-container { 684 description 685 "This is a container to collect all object instances of 686 type SUPAEncodedClause."; 687 list supa-encoding-clause-list { 688 key supa-policy-ID; 689 uses supa-encoded-clause-type; 690 description 691 "List of all instances of supa-encoding-clause-type. 692 If a module defines subclasses of the encoding clause, 693 those will be stored in a separate container."; 694 } 695 } 696 identity POLICY-COMPONENT-TERM-TYPE { 697 base POLICY-COMPONENT-DECORATOR-TYPE; 698 description 699 "The identity corresponding to a 700 SUPAPolicyComponentDecorator object instance."; 701 } 703 grouping supa-policy-term-type { 704 uses supa-policy-component-decorator-type { 705 refine entity-class { 706 default POLICY-COMPONENT-TERM-TYPE; 707 } 708 } 709 leaf supa-policy-term-is-negated { 710 type boolean; 711 description 712 "If the value of this attribute is true, then 713 this particular term is negated."; 714 } 715 description 716 "This is the superclass of all SUPA policy objects that are 717 used to test or set the value of a variable."; 718 } 720 identity POLICY-COMPONENT-VARIABLE-TYPE { 721 base POLICY-COMPONENT-TERM-TYPE; 722 description 723 "The identity corresponding to a SUPAPolicyVariable 724 object instance."; 725 } 727 grouping supa-policy-variable-type { 728 uses supa-policy-term-type { 729 refine entity-class { 730 default POLICY-COMPONENT-VARIABLE-TYPE; 731 } 732 } 733 leaf supa-policy-variable-name { 734 type string; 735 description 736 "A human-readable name for this policy variable."; 737 } 738 description 739 "This is one formulation of a SUPA Policy Clause. It uses 740 an object, defined in the SUPA hierarchy, to represent the 741 variable portion of a SUPA Policy Clause. The attribute 742 defined by the supa-policy-variable-name specifies an 743 attribute whose content should be compared to a value, 744 which is typically specified by supa-policy-value-type."; 745 } 746 container supa-policy-variable-container { 747 description 748 "This is a container to collect all object instances of 749 type SUPAPolicyVariable."; 750 list supa-policy-variable-list { 751 key supa-policy-ID; 752 uses supa-policy-variable-type; 753 description 754 "List of all instances of supa-policy-variable-type. 755 If a module defines subclasses of this class, 756 those will be stored in a separate container."; 757 } 758 } 760 identity POLICY-COMPONENT-OPERATOR-TYPE { 761 base POLICY-COMPONENT-TERM-TYPE; 762 description 763 "The identity corresponding to a SUPAPolicyOperator 764 object instance."; 765 } 767 grouping supa-policy-operator-type { 768 uses supa-policy-term-type { 769 refine entity-class { 770 default POLICY-COMPONENT-OPERATOR-TYPE; 771 } 772 } 773 leaf supa-policy-value-op-type { 774 type enumeration { 775 enum "unknown" { 776 description 777 "This may be used as an initialization and/or 778 an error state."; 779 } 780 enum "greater than" { 781 description 782 "A greater-than operator."; 783 } 784 enum "greater than or equal to" { 785 description 786 "A greater-than-or-equal-to operator."; 787 } 788 enum "less than" { 789 description 790 "A less-than operator."; 791 } 792 enum "less than or equal to" { 793 description 794 "A less-than-or-equal-to operator."; 795 } 796 enum "equal to" { 797 description 798 "An equal-to operator."; 799 } 800 enum "not equal to"{ 801 description 802 "A not-equal-to operator."; 803 } 804 enum "IN" { 805 description 806 "An operator that determines whether a given 807 value matches any of the specified values."; 808 } 809 enum "NOT IN" { 810 description 811 "An operator that determines whether a given 812 value does not match any of the specified 813 values."; 814 } 815 enum "SET" { 816 description 817 "An operator that makes the value of the 818 result equal to the input value."; 819 } 820 enum "CLEAR"{ 821 description 822 "An operator that deletes the value of the 823 specified object."; 824 } 825 enum "BETWEEN" { 826 description 827 "An operator that determines whether a given 828 value is within a specified range of values."; 829 } 830 } 831 mandatory true; 832 description 833 "The type of operator used to compare the variable 834 and value portions of this SUPA Policy Clause."; 835 } 836 description 837 "This is one formulation of a SUPA Policy Clause. It uses 838 an object, defined in the SUPA hierarchy, to represent the 839 operator portion of a SUPA Policy Clause. The attribute 840 defined by the supa-policy-op-type specifies an attribute 841 whose content defines the type of operator used to compare 842 the variable and value portions of this policy clause."; 843 } 844 container supa-policy-operator-container { 845 description 846 "This is a container to collect all object instances of 847 type SUPAPolicyOperator."; 848 list supa-policy-operator-list { 849 key supa-policy-ID; 850 uses supa-policy-operator-type; 851 description 852 "List of all instances of supa-policy-operator-type. 853 If a module defines subclasses of this class, 854 those will be stored in a separate container."; 855 } 856 } 858 identity POLICY-COMPONENT-VALUE-TYPE { 859 base POLICY-COMPONENT-TERM-TYPE; 860 description 861 "The identity corresponding to a SUPAPolicyValue 862 object instance."; 863 } 865 grouping supa-policy-value-type { 866 uses supa-policy-term-type { 867 refine entity-class { 868 default POLICY-COMPONENT-VALUE-TYPE; 869 } 870 } 871 leaf-list supa-policy-value-content { 872 type string; 873 description 874 "The content of the value portion of this SUPA Policy 875 Clause. The data type of the content is specified in 876 the supa-policy-value-encoding."; 877 } 878 leaf supa-policy-value-encoding { 879 type policy-data-type-encoding-list; 880 description 881 "The data type of the supa-policy-value-content."; 882 } 883 description 884 "This is one formulation of a SUPA Policy Clause. It uses 885 an object, defined in the SUPA hierarchy, to represent the 886 value portion of a SUPA Policy Clause. The attribute 887 defined by the supa-policy-value-content specifies an 888 attribute whose content should be compared to a variable, 889 which is typically specified by supa-policy-variable-type."; 890 } 891 container supa-policy-value-container { 892 description 893 "This is a container to collect all object instances of 894 type SUPAPolicyValue."; 895 list supa-policy-value-list { 896 key supa-policy-ID; 897 uses supa-policy-value-type; 898 description 899 "List of all instances of supa-policy-value-type. 900 If a module defines subclasses of this class, 901 those will be stored in a separate container."; 902 } 903 } 905 identity POLICY-GENERIC-DECORATED-TYPE { 906 base POLICY-COMPONENT-DECORATOR-TYPE; 907 description 908 "The identity corresponding to a 909 SUPAGenericDecoratedComponent object instance."; 910 } 912 grouping supa-policy-generic-decorated-type { 913 uses supa-policy-component-decorator-type { 914 refine entity-class { 915 default POLICY-GENERIC-DECORATED-TYPE; 916 } 917 } 918 leaf-list supa-policy-generic-decorated-content { 919 type string; 920 description 921 "The content of this SUPA Policy Clause. The data type 922 of this attribute is specified in the 923 supa-policy-generic-decorated-encoding."; 924 } 925 leaf supa-policy-generic-decorated-encoding { 926 type policy-data-type-encoding-list; 927 description 928 "The data type of the 929 supa-policy-generic-decorated-content attribute."; 930 } 931 description 932 "This object enables a generic object to be defined and 933 used as a decorator in a SUPA Policy Clause. 934 This should not be confused with the SUPAEncodedClause 935 class. This class represents a single, atomic, 936 vendor-specific object that defines a portion of a SUPA 937 Policy Clause, whereas a SUPA Policy Encoded Clause 938 represents the entire policy clause."; 939 } 940 container supa-policy-generic-decorated-container { 941 description 942 "This is a container to collect all object instances of 943 type SUPAGenericDecoratedComponent."; 944 list supa-encoding-clause-list { 945 key supa-policy-ID; 946 uses supa-policy-generic-decorated-type; 947 description 948 "List of all instances of 949 supa-policy-generic-decorated-type. If a module 950 defines subclasses of this class, those will be 951 stored in a separate container."; 952 } 953 } 955 identity POLICY-COLLECTION { 956 base POLICY-COMPONENT-DECORATOR-TYPE; 957 description 958 "The identity corresponding to a SUPAPolicyCollection 959 object instance."; 960 } 962 grouping supa-policy-collection { 963 uses supa-policy-component-decorator-type { 964 refine entity-class { default POLICY-COLLECTION; 965 } 966 } 967 leaf-list supa-policy-collection-content { 968 type string; 969 description 970 "The content of this collection object. The data type 971 is specified in supa-policy-collection-encoding."; 972 } 973 leaf supa-policy-collection-encoding { 974 type enumeration { 975 enum "undefined" { 976 description 977 "This may be used as an initialization and/or 978 an error state."; 979 } 980 enum "by regex" { 981 description 982 "This defines the data type of the content of 983 this collection instance to be a regular 984 expression that contains all or part of a 985 string to match the class name of the object 986 that is to be collected by this instance of a 987 SUPAPolicyCollection class."; 988 } 989 enum "by URI" { 990 description 991 "This defines the data type of the content of 992 this collection instance to be a Uniform 993 Resource Identifier. It identifies the object 994 instance that is to be collected by this 995 instance of a SUPAPolicyCollection class."; 996 } 997 } 998 mandatory true; 999 description 1000 "The data type of the supa-policy-collection-content."; 1001 } 1002 leaf supa-policy-collection-function { 1003 type enumeration { 1004 enum "undefined" { 1005 description 1006 "This may be used as an initialization and/or 1007 an error state."; 1008 } 1009 enum "event collection" { 1010 description 1011 "This collection contains objects that are used 1012 to populate the event clause of a 1013 SUPA Policy."; 1014 } 1015 enum "condition collection" { 1016 description 1017 "This collection contains objects that are used 1018 to populate the condition clause of a 1019 SUPA Policy."; 1020 } 1021 enum "action collection" { 1022 description 1023 "This collection contains objects that are used 1024 to populate the action clause of a 1025 SUPA Policy."; 1026 } 1027 enum "logic collection" { 1028 description 1029 "This collection contains objects that define 1030 logic for processing a SUPA Policy."; 1031 } 1032 } 1033 description 1034 "Defines how this collection instance is to be used."; 1035 } 1036 leaf supa-policy-collection-is-ordered { 1037 type boolean; 1038 description 1039 "If the value of this leaf is true, then all elements 1040 in this collection are ordered."; 1041 } 1042 leaf supa-policy-collection-type { 1043 type enumeration { 1044 enum "undefined" { 1045 description 1046 "This may be used as an initialization and/or 1047 an error state."; 1048 } 1049 enum "set" { 1050 description 1051 "An unordered collection of elements that MUST 1052 NOT have duplicates."; 1053 } 1054 enum "bag" { 1055 description 1056 "An unordered collection of elements that MAY 1057 have duplicates."; 1058 } 1059 enum "dictionary" { 1060 description 1061 "A list of values that is interpreted as a set 1062 of pairs, with the first entry of each pair 1063 interpreted as a dictionary key, and the 1064 second entry interpreted as a value for that 1065 key. As a result, collections using this value 1066 of supa-policy-collection-type MUST have 1067 supa-policy-collection-is-ordered set to true."; 1068 } 1069 } 1070 mandatory true; 1071 description 1072 "The type of the supa-policy-collection."; 1073 } 1074 description 1075 "This enables a collection of arbitrary objects to be 1076 defined and used in a SUPA Policy Clause. 1077 This should not be confused with the SUPAEncodedClause 1078 class. This class represents a single, atomic, object that 1079 defines a portion of a SUPA Policy Clause, whereas a SUPA 1080 Policy Encoded Clause represents the entire policy clause."; 1081 } 1082 container supa-policy-collection-container { 1083 description 1084 "This is a container to collect all object instances of 1085 type SUPAPolicyCollection."; 1086 list supa-policy-collection-list { 1087 key supa-policy-ID; 1088 uses supa-policy-collection; 1089 description 1090 "List of all instances of supa-policy-collection. 1091 If a module defines subclasses of this class, 1092 those will be stored in a separate container."; 1093 } 1094 } 1096 identity POLICY-STRUCTURE-TYPE { 1097 base POLICY-OBJECT-TYPE; 1098 description 1099 "The identity corresponding to a SUPAPolicyStructure 1100 object instance."; 1101 } 1103 grouping supa-policy-structure-type { 1104 uses supa-policy-object-type { 1105 refine entity-class { 1106 default POLICY-STRUCTURE-TYPE; 1107 } 1108 } 1109 leaf supa-policy-admin-status { 1110 type enumeration { 1111 enum "unknown" { 1112 description 1113 "This may be used as an initialization and/or 1114 an error state."; 1115 } 1116 enum "enabled" { 1117 description 1118 "This SUPA Policy Rule has been 1119 administratively enabled."; 1120 } 1121 enum "disabled" { 1122 description 1123 "This SUPA Policy Rule has been 1124 administratively disabled."; 1125 } 1126 enum "in test" { 1127 description 1128 "This SUPA Policy Rule has been 1129 administratively placed into test mode, and 1130 SHOULD NOT be used as part of an operational 1131 policy rule."; 1132 } 1133 } 1134 mandatory true; 1135 description 1136 "The current admnistrative status of this SUPA POLICY 1137 Rule."; 1138 } 1139 leaf supa-policy-continuum-level { 1140 type uint32; 1141 description 1142 "This is the current level of abstraction of this 1143 particular SUPA Policy Rule."; 1144 } 1145 leaf supa-policy-deploy-status { 1146 type enumeration { 1147 enum "undefined" { 1148 description 1149 "This may be used as an initialization and/or 1150 an error state."; 1151 } 1152 enum "deployed and enabled" { 1153 description 1154 "This SUPA Policy Rule has been deployed and 1155 enabled."; 1156 } 1157 enum "disabled" { 1158 description 1159 "This SUPA Policy Rule has been 1160 administratively disabled."; 1161 } 1162 enum "in test" { 1163 description 1164 "This SUPA Policy Rule has been 1165 administratively placed into test mode, and 1166 SHOULD NOT be used as part of an operational 1167 policy rule."; 1168 } 1169 } 1170 mandatory true; 1171 description 1172 "This is the current level of abstraction of this 1173 particular SUPA Policy Rule."; 1174 } 1175 leaf supa-policy-exec-status { 1176 type enumeration { 1177 enum "undefined" { 1178 description 1179 "This may be used as an initialization and/or 1180 an error state."; 1181 } 1182 enum "operational success" { 1183 description 1184 "This SUPA Policy Rule has been executed in 1185 operational mode, and produced no errors."; 1186 } 1187 enum "operational failure" { 1188 description 1189 "This SUPA Policy Rule has been executed in 1190 operational mode, but has produced at least 1191 one error."; 1192 } 1193 enum "currently in operation" { 1194 description 1195 "This SUPA Policy Rule is currently still 1196 executing in operational mode."; 1197 } 1198 enum "ready" { 1199 description 1200 "This SUPA Policy Rule is ready to be 1201 executed in operational mode."; 1202 } 1203 enum "test success" { 1204 description 1205 "This SUPA Policy Rule has been executed in 1206 test mode, and produced no errors."; 1207 } 1208 enum "test failure" { 1209 description 1210 "This SUPA Policy Rule has been executed in 1211 test mode, but has produced at least 1212 one error."; 1213 } 1214 enum "currently in test" { 1215 description 1216 "This SUPA Policy Rule is currently still 1217 executing in test mode."; 1218 } 1219 } 1220 mandatory true; 1221 description 1222 "This is the current level of abstraction of this 1223 particular SUPA Policy Rule."; 1224 } 1225 leaf supa-policy-exec-fail-strategy { 1226 type enumeration { 1227 enum "undefined" { 1228 description 1229 "This may be used as an initialization and/or 1230 an error state."; 1231 } 1232 enum "rollback all" { 1233 description 1234 "This means that execution of this SUPA 1235 Policy Rule is stopped, rollback of all 1236 actions (whether successful or not) is 1237 attempted, and all SUPA Policy Rules that 1238 otherwise would have executed are ignored."; 1239 } 1240 enum "rollback failure" { 1241 description 1242 "This means that execution of this SUPA 1243 Policy Rule is stopped, and rollback is 1244 attempted for only the SUPA Policy Rule that 1245 failed to execute correctly."; 1246 } 1247 enum "stop execution" { 1248 description 1249 "This means that execution of this SUPA Policy 1250 Rule SHOULD be stopped."; 1251 } 1252 enum "ignore" { 1253 description 1254 "This means that any failures produced by this 1255 SUPA Policy Rule SHOULD be ignored."; 1256 } 1257 } 1258 mandatory true; 1259 description 1260 "This defines what actions, if any, should be taken by 1261 this particular SUPA Policy Rule if it fails to 1262 execute correctly. Some implementations may not be 1263 able to accommodate the rollback failure option; 1264 hence, this option may be skipped."; 1265 } 1266 leaf-list supa-has-policy-source-agg { 1267 type instance-identifier; 1268 must "derived-from-or-self (deref(.)/entity-class, 1269 SUPA-HAS-POLICY-SOURCE-ASSOC)"; 1270 description 1271 "The SUPAPolicyStructure (i.e., the type of SUPA 1272 Policy Rule) object instance that aggregates this set 1273 set of SUPAPolicySource object instances. This 1274 defines the object class that this instance-identifier 1275 points to."; 1276 } 1277 leaf-list supa-has-policy-target-agg { 1278 type instance-identifier; 1279 must "derived-from-or-self (deref(.)/entity-class, 1280 SUPA-HAS-POLICY-TARGET-ASSOC)"; 1282 description 1283 "This represents the aggregation of Policy Target 1284 objects by this particular SUPA Policy Rule. It is 1285 the SUPAPolicyStructure object instance that 1286 aggregates this set of SUPAPolicyTarget object 1287 instances. This defines the object class that 1288 this instance-identifier points to."; 1289 } 1290 leaf-list supa-has-policy-clause-agg { 1291 type instance-identifier; 1292 must "derived-from-or-self (deref(.)/entity-class, 1293 SUPA-HAS-POLICY-CLAUSE-ASSOC)"; 1294 description 1295 "The SUPAPolicyStructure object instance that 1296 aggregates this set of SUPAPolicyClause object 1297 instances. This defines the object class that 1298 this instance-identifier points to."; 1299 } 1300 leaf-list supa-has-policy-exec-action-assoc-src-ptr { 1301 type instance-identifier; 1302 must "derived-from-or-self (deref(.)/entity-class, 1303 SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; 1304 description 1305 "This associates a SUPAPolicyStructure (i.e., a SUPA 1306 Policy Rule) object instance to zero or more SUPA 1307 Policy Actions to be used to correct errors caused if 1308 this SUPA Policy Rule does not execute correctly."; 1309 } 1310 leaf-list supa-has-policy-exec-action-assoc-dst-ptr { 1311 type instance-identifier; 1312 must "derived-from-or-self (deref(.)/entity-class, 1313 SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; 1314 min-elements 1; 1315 description 1316 "The set of zero or more SUPA Policy Actions to be used 1317 by this particular SUPAPolicyStructure (i.e., SUPA 1318 Policy Rule to correct errors caused if this SUPA 1319 Policy Rule does not execute correctly."; 1320 } 1321 description 1322 "A superclass for all objects that represent different types 1323 of Policy Rules. Currently, this is limited to a single 1324 type - the event-condition-action (ECA) policy rule. 1325 A SUPA Policy may be an individual policy, or a set of 1326 policies. This is supported by applying the composite 1327 pattern to this class."; 1328 } 1329 identity POLICY-SOURCE-TYPE { 1330 base POLICY-OBJECT-TYPE; 1331 description 1332 "The identity corresponding to a SUPAPolicySource 1333 object instance."; 1334 } 1336 grouping supa-policy-source-type { 1337 uses supa-policy-object-type { 1338 refine entity-class { 1339 default POLICY-SOURCE-TYPE; 1340 } 1341 } 1342 leaf-list supa-has-policy-source-part { 1343 type instance-identifier; 1344 must "derived-from-or-self (deref(.)/entity-class, 1345 SUPA-HAS-POLICY-SOURCE-ASSOC)"; 1346 description 1347 "This represents the aggregation of one or more SUPA 1348 Policy Source objects to this particular SUPA Policy 1349 Rule object. In other words, it is the set of 1350 SUPAPolicySource object instances that are aggregated 1351 by this SUPAPolicyStructure (i.e., this SUPA Policy 1352 Rule). This defines the object class that this 1353 instance-identifier points to."; 1354 } 1355 description 1356 "This object defines a set of managed entities that 1357 authored, or are otherwise responsible for, this SUPA 1358 Policy Rule. Note that a SUPA Policy Source does not 1359 evaluate or execute SUPAPolicies. Its primary use is for 1360 auditability and the implementation of deontic and/or 1361 alethic logic."; 1362 } 1364 identity POLICY-TARGET-TYPE { 1365 base POLICY-OBJECT-TYPE; 1366 description 1367 "The identity corresponding to a SUPAPolicyTarget 1368 object instance."; 1369 } 1371 grouping supa-policy-target-type { 1372 uses supa-policy-object-type { 1373 refine entity-class { 1374 default POLICY-TARGET-TYPE; 1375 } 1376 } 1377 leaf-list supa-has-policy-target-part { 1378 type instance-identifier; 1379 must "derived-from-or-self (deref(.)/entity-class, 1380 SUPA-HAS-POLICY-TARGET-ASSOC)"; 1381 description 1382 "This represents the aggregation of one or more SUPA 1383 Policy Target objects to this particular SUPA Policy 1384 Rule object. In other words, it is the set of 1385 SUPAPolicyTarget object instances that are aggregated 1386 by this SUPAPolicyStructure (i.e., this SUPA Policy 1387 Rule). This defines the object class that this 1388 instance-identifier points to."; 1389 } 1390 description 1391 "This object defines a set of managed entities that a 1392 SUPA Policy Rule is applied to."; 1393 } 1395 identity POLICY-METADATA-TYPE { 1396 description 1397 "The identity corresponding to a SUPAPolicyMetadata 1398 object instance."; 1399 } 1401 grouping supa-policy-metadata-type { 1402 leaf supa-policy-metadata-id { 1403 type string; 1404 mandatory true; 1405 description 1406 "This represents part of the object identifier of an 1407 instance of this class. It defines the content of the 1408 object identifier."; 1409 } 1410 leaf entity-class { 1411 type identityref { 1412 base POLICY-METADATA-TYPE; 1413 } 1414 default POLICY-METADATA-TYPE; 1415 description 1416 "The identifier of the class of this grouping."; 1417 } 1418 leaf supa-policy-metadata-id-encoding { 1419 type policy-data-type-id-encoding-list; 1420 mandatory true; 1421 description 1422 "This represents part of the object identifier of an 1423 instance of this class. It defines the format of the 1424 object identifier."; 1425 } 1426 leaf supa-policy-metadata-description { 1427 type string; 1428 description 1429 "This contains a free-form textual description of this 1430 metadata object."; 1431 } 1432 leaf supa-policy-metadata-name { 1433 type string; 1434 description 1435 "This contains a human-readable name for this 1436 metadata object."; 1437 } 1438 leaf-list supa-has-policy-metadata-part { 1439 type instance-identifier; 1440 must "derived-from-or-self (deref(.)/entity-class, 1441 SUPA-HAS-POLICY-METADATA-ASSOC)"; 1442 description 1443 "This represents the set of SUPAPolicyMetadata object 1444 instances that are aggregated by this SUPAPolicyObject 1445 object instance (i.e., this is the set of policy 1446 metadata aggregated by this SUPAPolicyObject). As 1447 there are attributes on this association, the 1448 instance-identifier MUST point to an instance using 1449 the grouping supa-has-policy-metadata-detail (which 1450 includes the subclasses of the association class)."; 1451 } 1452 leaf supa-policy-metadata-decorator-part { 1453 type instance-identifier; 1454 must "derived-from-or-self (deref(.)/entity-class, 1455 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 1456 mandatory true; 1457 description 1458 "This object implements the decorator pattern, which is 1459 applied to SUPA metadata objects. This enables all or 1460 part of one or more metadata objects to wrap another 1461 concrete metadata object."; 1462 } 1463 description 1464 "This is the superclass of all metadata classes. Metadata 1465 is information that describes and/or prescribes the 1466 characteristics and behavior of another object that is 1467 not an inherent, distinguishing characteristics or 1468 behavior of that object."; 1469 } 1471 identity POLICY-METADATA-CONCRETE-TYPE { 1472 base POLICY-METADATA-TYPE; 1473 description 1474 "The identity corresponding to a SUPAPolicyConcreteMetadata 1475 object instance."; 1476 } 1477 grouping supa-policy-concrete-metadata-type { 1478 uses supa-policy-metadata-type { 1479 refine entity-class { 1480 default POLICY-METADATA-TYPE; 1481 } 1482 } 1483 leaf supa-policy-metadata-valid-period-end { 1484 type yang:date-and-time; 1485 description 1486 "This defines the ending date and time that this 1487 metadata object is valid for."; 1488 } 1489 leaf supa-policy-metadata-valid-period-start { 1490 type yang:date-and-time; 1491 description 1492 "This defines the starting date and time that this 1493 metadata object is valid for."; 1494 } 1495 description 1496 "This is a concrete class that will be wrapped by concrete 1497 instances of the SUPA Policy Metadata Decorator class. It 1498 can be viewed as a container for metadata that will be 1499 attached to a subclass of SUPA Policy Object. It may 1500 contain all or part of one or more metadata subclasses."; 1501 } 1503 container supa-policy-concrete-metadata-container { 1504 description 1505 "This is a container to collect all object instances of 1506 type SUPAPolicyConcreteMetadata."; 1507 list supa-policy-concrete-metadata-list { 1508 key supa-policy-metadata-id; 1509 uses supa-policy-concrete-metadata-type; 1510 description 1511 "A list of all supa-policy-metadata instances in the 1512 system."; 1513 } 1514 } 1516 identity POLICY-METADATA-DECORATOR-TYPE { 1517 base POLICY-METADATA-TYPE; 1518 description 1519 "The identity corresponding to a 1520 SUPAPolicyMetadataDecorator object instance."; 1521 } 1522 grouping supa-policy-metadata-decorator-type { 1523 uses supa-policy-metadata-type { 1524 refine entity-class { 1525 default POLICY-METADATA-DECORATOR-TYPE; 1526 } 1527 } 1528 leaf-list supa-policy-metadata-decorator-agg { 1529 type instance-identifier; 1530 must "derived-from-or-self (deref(.)/entity-class, 1531 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 1532 max-elements 1; 1533 description 1534 "This represents the decorator pattern being applied to 1535 metadata. This is the aggregate part (i.e., the 1536 concrete subclass of the SUPAPolicyMetadataDecorator 1537 class that wraps a concrete subclass of 1538 SUPAPolicyMetadata; currently, the only such class is 1539 SUPAPolicyConcreteMetadata)."; 1540 } 1541 description 1542 "This object implements the decorator pattern, which is 1543 applied to SUPA metadata objects. This enables all or part 1544 of one or more metadata objects to wrap another concrete 1545 metadata object."; 1546 } 1548 identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { 1549 base POLICY-METADATA-DECORATOR-TYPE; 1550 description 1551 "The identity corresponding to a 1552 SUPAPolicyAccessMetadataDef object instance."; 1553 } 1555 grouping supa-policy-metadata-decorator-access-type { 1556 uses supa-policy-metadata-decorator-type { 1557 refine entity-class { 1558 default POLICY-METADATA-DECORATOR-ACCESS-TYPE; 1559 } 1560 } 1561 leaf supa-policy-metadata-access-priv-def { 1562 type enumeration { 1563 enum "undefined" { 1564 description 1565 "This may be used as an initialization and/or 1566 an error state."; 1567 } 1568 enum "read only" { 1569 description 1570 "This defines access as read only for ALL SUPA 1571 Policy object instances that are adorned with 1572 this metadata object."; 1573 } 1574 enum "read write" { 1575 description 1576 "This defines access as read and/or write for 1577 ALL SUPA Policy object instances that are 1578 adorned with this metadata object."; 1579 } 1580 enum "specified by MAC" { 1581 description 1582 "This defines access as defined by an external 1583 Mandatory Access Control model. The name and 1584 location of this model are specified in the 1585 supa-policy-metadata-access-priv-model-name 1586 and supa-policy-metadata-access-priv-model-ref 1587 attributes of this metadata object."; 1588 } 1589 enum "specified by DAC" { 1590 description 1591 "This defines access as defined by an external 1592 Discretionary Access Control model. The name 1593 and location of this model are specified in the 1594 supa-policy-metadata-access-priv-model-name 1595 and supa-policy-metadata-access-priv-model-ref 1596 attributes of this metadata object."; 1597 } 1598 enum "specified by RBAC" { 1599 description 1600 "This defines access as defined by an external 1601 Role Based Access Control model. The name 1602 and location of this model are specified in the 1603 supa-policy-metadata-access-priv-model-name 1604 and supa-policy-metadata-access-priv-model-ref 1605 attributes of this metadata object."; 1606 } 1607 enum "specified by ABAC" { 1608 description 1609 "This defines access as defined by an external 1610 Attribute Based Access Control model. The name 1611 and location of this model are specified in the 1612 supa-policy-metadata-access-priv-model-name 1613 and supa-policy-metadata-access-priv-model-ref 1614 attributes of this metadata object."; 1615 } 1616 enum "specified by custom" { 1617 description 1618 "This defines access as defined by an external 1619 Custom Access Control model. The name and 1620 location of this model are specified in the 1621 supa-policy-metadata-access-priv-model-name 1622 and supa-policy-metadata-access-priv-model-ref 1623 attributes of this metadata object."; 1624 } 1625 } 1626 description 1627 "This defines the type of access control model that is 1628 used by this object instance."; 1629 } 1630 leaf supa-policy-metadata-access-priv-model-name { 1631 type string; 1632 description 1633 "This contains the name of the access control model 1634 being used. If the value of the 1635 supa-policy-metadata-access-priv-model-ref is 0-2, 1636 then the value of this attribute is not applicable. 1637 Otherwise, the text in this class attribute should be 1638 interpreted according to the value of the 1639 supa-policy-metadata-access-priv-model-ref class 1640 attribute."; 1641 } 1642 leaf supa-policy-metadata-access-priv-model-ref { 1643 type enumeration { 1644 enum "undefined" { 1645 description 1646 "This can be used for either initialization 1647 or for signifying an error."; 1648 } 1649 enum "URI" { 1650 description 1651 "The clause is referenced by this URI."; 1652 } 1653 enum "GUID" { 1654 description 1655 "The clause is referenced by this GUID."; 1656 } 1657 enum "UUID" { 1658 description 1659 "The clause is referenced by this UUID."; 1660 } 1661 enum "FQDN" { 1662 description 1663 "The clause is referenced by this FQDN."; 1664 } 1665 } 1666 description 1667 "This defines the data type of the 1668 supa-policy-metadata-access-priv-model-name 1669 attribute."; 1670 } 1671 description 1672 "This is a concrete class that defines metadata for access 1673 control information that can be added to a SUPA Policy 1674 object. This is done using the SUPAHasPolicyMetadata 1675 aggregation."; 1676 } 1677 container supa-policy-metadata-decorator-access-container { 1678 description 1679 "This is a container to collect all object instances of 1680 type SUPAPolicyAccessMetadataDef."; 1681 list supa-policy-metadata-decorator-access-list { 1682 key supa-policy-metadata-id; 1683 uses supa-policy-metadata-decorator-type; 1684 description 1685 "A list of all supa-policy-metadata-decorator-access 1686 instances in the system. Instances of subclasses 1687 will be in a separate list."; 1688 } 1689 } 1691 identity POLICY-METADATA-DECORATOR-VERSION-TYPE { 1692 base POLICY-METADATA-DECORATOR-TYPE; 1693 description 1694 "The identity corresponding to a 1695 SUPAPolicyVersionMetadataDef object instance."; 1696 } 1698 grouping supa-policy-metadata-decorator-version-type { 1699 uses supa-policy-metadata-decorator-type { 1700 refine entity-class { 1701 default POLICY-METADATA-DECORATOR-VERSION-TYPE; 1702 } 1703 } 1704 leaf supa-policy-metadata-version-major { 1705 type string; 1706 description 1707 "This contains a string (typically representing an 1708 integer in the overall version format) that indicates 1709 a significant increase in functionality is present in 1710 this version."; 1711 } 1712 leaf supa-policy-metadata-version-minor { 1713 type string; 1714 description 1715 "This contains a string (typically representing an 1716 integer in the overall version format) that indicates 1717 that this release contains a set of features and/or bug 1718 fixes that collectively do not warrant incrementing the 1719 supa-policy-metadata-version-major attribute."; 1720 } 1721 leaf supa-policy-metadata-version-rel-type { 1722 type enumeration { 1723 enum "undefined" { 1724 description 1725 "This can be used for either initialization 1726 or for signifying an error."; 1727 } 1728 enum "internal" { 1729 description 1730 "This indicates that this version should only 1731 be used for internal (development) purposes."; 1732 } 1733 enum "alpha" { 1734 description 1735 "This indicates that this version is considered 1736 to be alpha quality."; 1737 } 1738 enum "beta" { 1739 description 1740 "This indicates that this version is considered 1741 to be beta quality."; 1742 } 1743 enum "release candidate" { 1744 description 1745 "This indicates that this version is considered 1746 to be a candidate for full production."; 1747 } 1748 enum "release production" { 1749 description 1750 "This indicates that this version is considered 1751 to be ready for full production."; 1752 } 1753 enum "maintenance" { 1754 description 1755 "This indicates that this version is considered 1756 to be for maintenance purposes."; 1757 } 1758 } 1759 description 1760 "This defines the type of this version's release."; 1761 } 1762 leaf supa-policy-metadata-version-rel-type-num { 1763 type string; 1764 description 1765 "This contains a string (typically representing an 1766 integer in the overall version format) that indicates 1767 a significant increase in functionality is present in 1768 this version."; 1769 } 1770 description 1771 "This is a concrete class that defines metadata for version 1772 control information that can be added to a SUPA Policy 1773 object. This is done using the SUPAHasPolicyMetadata 1774 aggregation."; 1775 } 1776 container supa-policy-metadata-decorator-version-container { 1777 description 1778 "This is a container to collect all object instances of 1779 type SUPAPolicyVersionMetadataDef."; 1780 list supa-policy-metadata-decorator-version-list { 1781 key supa-policy-metadata-id; 1782 uses supa-policy-metadata-decorator-type; 1783 description 1784 "A list of all supa-policy-metadata-decorator-version 1785 instances in the system. Instances of subclasses 1786 will be in a separate list."; 1787 } 1788 } 1790 identity SUPA-HAS-POLICY-METADATA-ASSOC { 1791 description 1792 "The identity corresponding to a 1793 SUPAHasPolicyMetadataDetail association class 1794 object instance."; 1795 } 1797 grouping supa-has-policy-metadata-detail { 1798 leaf supa-policy-ID { 1799 type string; 1800 description 1801 "This is a globally unique ID for this association 1802 instance in the overall policy system."; 1803 } 1804 leaf entity-class { 1805 type identityref { 1806 base SUPA-HAS-POLICY-METADATA-ASSOC; 1807 } 1808 default SUPA-HAS-POLICY-METADATA-ASSOC; 1809 description 1810 "The identifier of the class of this assocation."; 1811 } 1812 leaf supa-has-policy-metadata-object-ptr { 1813 type instance-identifier; 1814 must "derived-from-or-self (deref(.)/entity-class, 1815 POLICY-OBJECT-TYPE)"; 1816 description 1817 "This is a reference from the SUPAPolicyObject object 1818 instance that is aggregating SUPAPolicyMetadata object 1819 instances using the SUPAHasPolicyMetadata aggregation. 1820 This SUPAPolicyMetadataDetail association class is 1821 used to define part of the semantics of the 1822 SUPAHasPolicyMetadata aggregation. For example, it can 1823 define which SUPAPolicyMetadata object instances can 1824 be aggregated by this particular SUPAPolicyObject 1825 object instance."; 1826 } 1827 leaf supa-has-policy-metadata-ptr { 1828 type instance-identifier; 1829 must "derived-from-or-self (deref(.)/entity-class, 1830 POLICY-METADATA-TYPE)"; 1831 description 1832 "This is a reference from the SUPAPolicyMetadata object 1833 instance(s) that are being aggregated by this 1834 SUPAPolicyObject object instance using the 1835 SUPAHasPolicyMetadata aggregation. The class 1836 SUPAPolicyMetadataDetail association class is used to 1837 define part of the semantics of the 1838 SUPAHasPolicyMetadata aggregation. For example, it can 1839 define which SUPAPolicyMetadata object instances can 1840 be aggregated by this particular SUPAPolicyObject 1841 object instance."; 1842 } 1843 leaf supa-policy-metadata-detail-is-applicable { 1844 type boolean; 1845 description 1846 "This attributes controls whether the associated 1847 metadata is currently considered applciable to this 1848 policy object; this enables metadata to be turned on 1849 and off when needed without disturbing the structure 1850 of the object that the metadata applies to."; 1851 } 1852 leaf-list supa-policy-metadata-detail-constraint { 1853 type string; 1854 description 1855 "A list of constraints, expressed as strings 1856 in the language defined by the 1857 supa-policy-metadata-detail-encoding."; 1858 } 1859 leaf supa-policy-metadata-detail-encoding { 1860 type string; 1861 description 1862 "The langauge used to encode the constraints 1863 relevant to the relationship between the metadata 1864 and the underlying policy object."; 1865 } 1866 description 1867 "This is a concrete association class that defines the 1868 semantics of the SUPAPolicyMetadata aggregation. This 1869 enables the attributes and relationships of the 1870 SUPAPolicyMetadataDetail class to be used to constrain 1871 which SUPAPolicyMetadata objects can be aggregated by 1872 this particular SUPAPolicyObject instance."; 1873 } 1874 container supa-policy-metadata-detail-container { 1875 description 1876 "This is a container to collect all object instances of 1877 type SUPAPolicyMetadataDetail."; 1878 list supa-policy-metadata-detail-list { 1879 key supa-policy-ID; 1880 uses supa-has-policy-metadata-detail; 1881 description 1882 "This is a list of all supa-policy-metadata-detail 1883 instances in the system. Instances of subclasses 1884 will be in a separate list. 1885 Note that this policy is made concrete for exemplary 1886 purposes. To be useful, it almost certainly needs 1887 refinement."; 1888 } 1889 } 1891 identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { 1892 description 1893 "The identity corresponding to a SUPAHasMetadataDecorator 1894 association class object instance."; 1895 } 1897 grouping supa-has-decorator-policy-component-detail { 1898 leaf supa-policy-ID { 1899 type string; 1900 description 1901 "This is a globally unique ID for this association 1902 instance in the overall policy system."; 1903 } 1904 leaf entity-class { 1905 type identityref { 1906 base SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; 1907 } 1908 default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; 1909 description 1910 "The identifier of the class of this assocation."; 1911 } 1912 leaf supa-policy-component-decorator-ptr { 1913 type instance-identifier; 1914 must "derived-from-or-self (deref(.)/entity-class, 1915 SUPA-POLICY-COMPONENT-DECORATOR-TYPE)"; 1916 description 1917 "This associates the SUPAPolicyComponentStructure 1918 object instance participating in a 1919 SUPAHasDecoratedPolicyComponent aggregation to the 1920 SUPAHasDecoratedPolicyComponentDetail association 1921 class that provides the semantics of this aggregation. 1922 This defines the object class that this 1923 instance-identifier points to."; 1924 } 1925 leaf supa-policy-component-ptr { 1926 type instance-identifier; 1927 must "derived-from-or-self (deref(.)/entity-class, 1928 SUPA-POLICY-COMPONENT-TYPE)"; 1929 description 1930 "This associates the SUPAPolicyComponentDecorator 1931 object instance participating in a 1932 SUPAHasDecoratedPolicyComponent aggregation to the 1933 SUPAHasDecoratedPolicyComponentDetail association 1934 class that provides the semantics of this aggregation. 1935 This defines the object class that this 1936 instance-identifier points to."; 1937 } 1938 leaf-list supa-has-decorator-constraint { 1939 type string; 1940 description 1941 "A constraint expression applying to this association 1942 between a policy component decorator and the 1943 decorated component."; 1944 } 1945 leaf supa-has-decorator-constraint-encoding { 1946 type string; 1947 description 1948 "The language in which the constraints on the 1949 policy component-decoration is expressed."; 1950 } 1951 description 1952 "This is a concrete association class that defines the 1953 semantics of the SUPAHasDecoratedPolicyComponent 1954 aggregation. The purpose of this class is to use the 1955 Decorator pattern to detemine which 1956 SUPAPolicyComponentDecorator object instances, if any, 1957 are required to augment the functionality of the concrete 1958 subclass of SUPAPolicyClause that is being used."; 1959 } 1961 container supa-policy-component-decorator-detail-container { 1962 description 1963 "This is a container to collect all object instances of 1964 type SUPAPolicyComponentDecoratorDetail."; 1965 list supa-policy-component-decorator-detail-list { 1966 key supa-policy-ID; 1967 uses supa-has-decorator-policy-component-detail; 1968 description 1969 "This is a list of all 1970 supa-policy-component-decorator-details."; 1971 } 1972 } 1973 identity SUPA-HAS-POLICY-SOURCE-ASSOC { 1974 description 1975 "The identity corresponding to a SUPAHasPolicySource 1976 association class object instance."; 1977 } 1979 grouping supa-has-policy-source-detail { 1980 leaf supa-policy-ID { 1981 type string; 1982 description 1983 "This is a globally unique ID for this association 1984 instance in the overall policy system."; 1985 } 1986 leaf entity-class { 1987 type identityref { 1988 base SUPA-HAS-POLICY-SOURCE-ASSOC; 1989 } 1990 default SUPA-HAS-POLICY-SOURCE-ASSOC; 1991 description 1992 "The identifier of the class of this assocation."; 1993 } 1994 leaf supa-policy-source-structure-ptr { 1995 type instance-identifier; 1996 must "derived-from-or-self (deref(.)/entity-class, 1997 POLICY-STRUCTURE-TYPE)"; 1998 description 1999 "This associates the SUPAPolicyStructure object 2000 instance participating in a SUPAHasPolicySource 2001 aggregation to the SUPAHasPolicySourceDetail 2002 association class that provides the semantics of 2003 this aggregation. This defines the object class 2004 that this instance-identifier points to."; 2005 } 2006 leaf supa-policy-source-ptr { 2007 type instance-identifier; 2008 must "derived-from-or-self (deref(.)/entity-class, 2009 SUPA-POLICY-SOURCE-TYPE)"; 2010 description 2011 "This associates the SUPAPolicySource object 2012 instance participating in a SUPAHasPolicySource 2013 aggregation to the SUPAHasPolicySourceDetail 2014 association class that provides the semantics of 2015 this aggregation. This defines the object class 2016 that this instance-identifier points to."; 2017 } 2018 leaf supa-policy-source-is-authenticated { 2019 type boolean; 2020 description 2021 "If the value of this attribute is true, then this 2022 SUPAPolicySource object has been authenticated by 2023 this particular SUPAPolicyStructure object."; 2024 } 2025 leaf supa-policy-source-is-trusted { 2026 type boolean; 2027 description 2028 "If the value of this attribute is true, then this 2029 SUPAPolicySource object has been verified to be 2030 trusted by this particular SUPAPolicyStructure 2031 object."; 2032 } 2033 description 2034 "This is an association class, and defines the semantics of 2035 the SUPAHasPolicySource aggregation. The attributes and 2036 relationships of this class can be used to define which 2037 SUPAPolicySource objects can be attached to which 2038 particular set of SUPAPolicyStructure objects."; 2039 } 2041 container supa-policy-source-detail-container { 2042 description 2043 "This is a container to collect all object instances of 2044 type SUPAPolicySourceDetail."; 2045 list supa-policy-source-detail-list { 2046 key supa-policy-ID; 2047 uses supa-has-policy-source-detail; 2048 description 2049 "This is a list of all supa-policy-source-detail 2050 objects."; 2051 } 2052 } 2054 identity SUPA-HAS-POLICY-TARGET-ASSOC { 2055 description 2056 "The identity corresponding to a SUPAHasPolicyTarget 2057 association class object instance."; 2058 } 2060 grouping supa-has-policy-target-detail { 2061 leaf supa-policy-ID { 2062 type string; 2063 description 2064 "This is a globally unique ID for this association 2065 instance in the overall policy system."; 2066 } 2067 leaf entity-class { 2068 type identityref { 2069 base SUPA-HAS-POLICY-TARGET-ASSOC; 2070 } 2071 default SUPA-HAS-POLICY-TARGET-ASSOC; 2072 description 2073 "The identifier of the class of this assocation."; 2074 } 2075 leaf supa-policy-target-structure-ptr { 2076 type instance-identifier; 2077 must "derived-from-or-self (deref(.)/entity-class, 2078 POLICY-STRUCTURE-TYPE)"; 2079 description 2080 "This associates the SUPAPolicyStructure object 2081 instance participating in a SUPAHasPolicyTarget 2082 aggregation to the SUPAHasPolicyTargetDetail 2083 association class that provides the semantics of 2084 this aggregation. This defines the object class 2085 that this instance-identifier points to."; 2086 } 2087 leaf supa-policy-target-ptr { 2088 type instance-identifier; 2089 must "derived-from-or-self (deref(.)/entity-class, 2090 SUPA-POLICY-TARGET-TYPE)"; 2091 description 2092 "This associates the SUPAPolicyTarget object 2093 instance participating in a SUPAHasPolicyTarget 2094 aggregation to the SUPAHasPolicyTargetDetail 2095 association class that provides the semantics of 2096 this aggregation. This defines the object class 2097 that this instance-identifier points to."; 2098 } 2099 leaf supa-policy-source-is-authenticated { 2100 type boolean; 2101 description 2102 "If the value of this attribute is true, then this 2103 SUPAPolicyTarget object has been authenticated by 2104 this particular SUPAPolicyStructure object."; 2105 } 2106 leaf supa-policy-source-is-enabled { 2107 type boolean; 2108 description 2109 "If the value of this attribute is true, then this 2110 SUPAPolicyTarget object is able to be used as a 2111 SUPAPolicyTarget. This means that it has agreed to 2112 play the role of a SUPAPolicyTarget, and that it is 2113 able to either process (directly or with the aid of a 2114 proxy) SUPAPolicies, or receive the results of a 2115 processed SUPAPolicy and apply those results to 2116 itself."; 2117 } 2118 description 2119 "This is an association class, and defines the semantics of 2120 the SUPAHasPolicyTarget aggregation. The attributes and 2121 relationships of this class can be used to define which 2122 SUPAPolicyTarget objects can be attached to which 2123 particular set of SUPAPolicyStructure objects."; 2124 } 2125 container supa-policy-target-detail-container { 2126 description 2127 "This is a container to collect all object instances of 2128 type SUPAPolicyTargetDetail."; 2129 list supa-policy-target-detail-list { 2130 key supa-policy-ID; 2131 uses supa-has-policy-target-detail; 2132 description 2133 "This is a list of all supa-policy-target-detail 2134 objects."; 2135 } 2136 } 2138 identity SUPA-HAS-POLICY-CLAUSE-ASSOC { 2139 description 2140 "The identity corresponding to a SUPAHasPolicyClause 2141 association class object instance."; 2142 } 2144 grouping supa-has-policy-clause-detail { 2145 leaf supa-policy-ID { 2146 type string; 2147 description 2148 "This is a globally unique ID for this association 2149 instance in the overall policy system."; 2150 } 2151 leaf entity-class { 2152 type identityref { 2153 base SUPA-HAS-POLICY-CLAUSE-ASSOC; 2154 } 2155 default SUPA-HAS-POLICY-CLAUSE-ASSOC; 2156 description 2157 "The identifier of the class of this assocation."; 2158 } 2159 leaf supa-policy-clause-structure-ptr { 2160 type instance-identifier; 2161 must "derived-from-or-self (deref(.)/entity-class, 2162 POLICY-STRUCTURE-TYPE)"; 2163 description 2164 "This associates the SUPAPolicyStructure object 2165 instance participating in a SUPAHasPolicyClause 2166 aggregation to the SUPAHasPolicyClauseDetail 2167 association class that provides the semantics of 2168 this aggregation. This defines the object class 2169 that this instance-identifier points to."; 2170 } 2171 leaf supa-policy-clause-ptr { 2172 type instance-identifier; 2173 must "derived-from-or-self (deref(.)/entity-class, 2174 SUPA-POLICY-CLAUSE-TYPE)"; 2176 description 2177 "This associates the SUPAPolicyClause object 2178 instance participating in a SUPAHasPolicyClause 2179 aggregation to the SUPAHasPolicyClauseDetail 2180 association class that provides the semantics of 2181 this aggregation. This defines the object class 2182 that this instance-identifier points to."; 2183 } 2184 description 2185 "This is an association class, and defines the semantics of 2186 the SUPAHasPolicyClause aggregation. The attributes and 2187 relationships of this class can be used to define which 2188 SUPAPolicyTarget objects can be attached to which 2189 particular set of SUPAPolicyStructure objects. 2190 Every SUPAPolicyStructure object instance MUST aggregate 2191 at least one SUPAPolicyClause object instance. However, 2192 the converse is NOT true. For example, a SUPAPolicyClause 2193 could be instantiated and then stored for later use in a 2194 policy repository."; 2195 } 2197 container supa-policy-clause-detail-container { 2198 description 2199 "This is a container to collect all object instances of 2200 type SUPAPolicyClauseDetail."; 2201 list supa-policy-clause-detail-list { 2202 key supa-policy-ID; 2203 uses supa-has-policy-clause-detail; 2204 description 2205 "This is a list of all supa-policy-clause-detail 2206 objects."; 2207 } 2208 } 2210 identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { 2211 description 2212 "The identity corresponding to a 2213 SUPAHasPolExecFailActionToTake association class 2214 object instance."; 2215 } 2217 grouping supa-has-policy-exec-action-detail { 2218 leaf supa-policy-ID { 2219 type string; 2220 description 2221 "This is a globally unique ID for this association 2222 instance in the overall policy system."; 2223 } 2224 leaf entity-class { 2225 type identityref { 2226 base SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; 2227 } 2228 default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; 2229 description 2230 "The identifier of the class of this assocation."; 2231 } 2232 leaf supa-policy-structure-action-src-ptr { 2233 type instance-identifier; 2234 must "derived-from-or-self (deref(.)/entity-class, 2235 POLICY-STRUCTURE-TYPE)"; 2236 description 2237 "This associates the SUPAPolicyStructure object 2238 instance participating in a 2239 SUPAHasPolExecFailActionToTake association to the 2240 SUPAHasPolExecFailActionToTakeDetail association 2241 class that provides the semantics of this 2242 aggregation. This defines the object class that 2243 this instance-identifier points to."; 2244 } 2245 leaf supa-policy-structure-action-dst-ptr { 2246 type instance-identifier; 2247 must "derived-from-or-self (deref(.)/entity-class, 2248 POLICY-STRUCTURE-TYPE)"; 2249 description 2250 "This associates a SUPAPolicyAction object 2251 instance participating in a 2252 SUPAHasPolExecFailActionToTake association to the 2253 SUPAHasPolExecFailActionToTakeDetail association 2254 class that provides the semantics of this 2255 aggregation. This defines the object class that 2256 this instance-identifier points to."; 2257 } 2258 leaf supa-policy-exec-fail-take-action-encoding { 2259 type policy-data-type-id-encoding-list; 2260 description 2261 "This defines how to find the set of SUPA Policy 2262 Action objects contained in each element of the 2263 supa-policy-exec-fail-take-action-name attribute 2264 object."; 2265 } 2266 leaf-list supa-policy-exec-fail-take-action-name { 2267 type string; 2268 description 2269 "This identifies the set of SUPA Policy Actions to take 2270 if the SUPAPolicyStructure object that owns this 2271 association failed to execute properly. The 2272 interpretation of this string attribute is defined by 2273 the supa-policy-exec-fail-take-action-encoding class 2274 attribute."; 2275 } 2276 description 2277 "This is an association class, and defines the semantics of 2278 the SUPAHasPolExecFailTakeAction association. The 2279 attributes and relationships of this class can be used to 2280 determine which SUPA Policy Action objects are executed in 2281 response to a failure of the SUPAPolicyStructure object 2282 instance that owns this association."; 2283 } 2285 container supa-policy-exec-fail-take-action-detail-container { 2286 description 2287 "This is a container to collect all object instances of 2288 type SUPAPolExecFailActionToTakeDetail."; 2289 list supa-policy-exec-fail-take-action-detail-list { 2290 key supa-policy-ID; 2291 uses supa-has-policy-exec-action-detail; 2292 description 2293 "This is a list of all 2294 supa-has-policy-exec-action-detail objects."; 2295 } 2296 } 2297 } 2299 2301 6. IANA Considerations 2303 No IANA considerations exist for this document. 2305 7. Security Considerations 2307 TBD 2309 8. Acknowledgments 2311 This document has benefited from reviews, suggestions, comments 2312 and proposed text provided by the following members, listed in 2313 alphabetical order: Qin Wu. 2315 9. References 2317 This section defines normative and informative references for this 2318 document. 2320 9.1. Normative References 2322 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2323 Requirement Levels", BCP 14, RFC 2119, March 1997. 2325 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for 2326 the Network Configuration Protocol (NETCONF)", 2327 RFC 6020, October 2010. 2329 [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, 2330 July 2013. 2332 9.2. Informative References 2334 [1] Strassner, J., Halpern, J., Coleman, J., "Generic 2335 Policy Information Model for Simplified Use of Policy 2336 Abstractions (SUPA)", 2337 draft-strassner-supa-generic-policy-info-model-05 2338 March 21, 2016 2340 Authors' Addresses 2342 Joel Halpern 2343 Ericsson 2344 P. O. Box 6049 2345 Leesburg, VA 20178 2346 Email: joel.halpern@ericsson.com 2348 John Strassner 2349 Huawei Technologies 2350 2330 Central Expressway 2351 Santa Clara, CA 95138 USA 2352 Email: john.sc.strassner@huawei.com