idnits 2.17.1 draft-ietf-supa-generic-policy-data-model-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 20, 2016) is 2838 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group J. Halpern 2 Internet-Draft Ericsson 3 Intended status: Informational J. Strassner 4 Expires: January 20, 2017 Huawei Technologies 5 July 20, 2016 7 Generic Policy Data Model for 8 Simplified Use of Policy Abstractions (SUPA) 9 draft-ietf-supa-generic-policy-data-model-00 11 Abstract 13 This document defines two YANG policy data models. The first is a 14 generic policy model that is meant to be extended on an application- 15 specific basis. The second is an exemplary extension of the first 16 generic policy model, and defines rules as event-condition-action 17 policies. Both models are independent of the level of abstraction of 18 the content and meaning of a policy. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current 28 Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six 31 months and may be updated, replaced, or obsoleted by other 32 documents at any time. It is inappropriate to use Internet-Drafts 33 as reference material or to cite them other than as "work in 34 progress." 36 This Internet-Draft will expire on January 20, 2017. 38 Copyright Notice 40 Copyright (c) 2016 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with 48 respect to this document. Code Components extracted from this 49 document must include Simplified BSD License text as described in 50 Section 4.e of the Trust Legal Provisions and are provided 51 without warranty as described in the Simplified BSD License. 53 Table of Contents 55 1. Overview ....................................................... 2 56 2. Conventions Used in This Document .............................. 2 57 3. Terminology .................................................... 3 58 3.1. Acronyms .................................................. 3 59 3.2. Definitions ............................................... 3 60 3.3. Symbology ................................................. 4 61 4. Design of the SUPA Policy Data Models .......................... 4 62 5. SUPA Policy Data Model YANG Module ............................. 5 63 6. IANA Considerations ............................................ 47 64 7. Security Considerations ........................................ 47 65 8. Acknowledgments ................................................ 47 66 9. References ..................................................... 47 67 9.1. Normative References ...................................... 48 68 9.2. Informative References .................................... 48 69 Authors' Addresses ................................................ 48 71 1. Overview 73 This document defines two YANG [RFC6020] [RFC6991] policy data 74 models. The first is a generic policy model that is meant to be 75 extended on an application-specific basis. It is derived from the 76 Generic Policy Information Model (GPIM) defined in [1]. The second 77 is an exemplary extension of the first (generic policy) model, and 78 defines policy rules as event-condition-action tuples. Both models 79 are independent of the level of abstraction of the content and 80 meaning of a policy. 82 The GPIM defines a common framework as a set of model elements 83 (e.g., classes, attributes, and relationships) that specify a 84 common set of policy management concepts that are independent of the 85 type of policy (e.g., imperative, procedural, declarative, or 86 otherwise). The first YANG data model is a translation of the GPIM 87 to a YANG module. The Eca Policy Rule Information Model (EPRIM), 88 also defined in [1], extends the GPIM to represent policy rules that 89 use the Event-Condition-Action (ECA) paradigm. The second YANG data 90 model maps the EPRIM to YANG. The second YANG data model MAY be 91 used to augment the functionality of the first YANG data model. 93 2. Conventions Used in This Document 95 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 96 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 97 this document are to be interpreted as described in [RFC2119]. In 98 this document, these words will appear with that interpretation 99 only when in ALL CAPS. Lower case uses of these words are not to 100 be interpreted as carrying [RFC2119] significance. 102 3. Terminology 104 This section defines acronyms, terms, and symbology used in the 105 rest of this document. 107 3.1. Acronyms 109 CNF Conjunctive Normal Form 110 DNF Disjunctive Normal Form 111 ECA Event-Condition-Action 112 EPRIM (SUPA) ECA Policy Rule Information Model 113 GPIM (SUPA) Generic Policy Information Model 114 NETCONF Network Configuration protocol 115 OAM&P Operations, Administration, Management, and Provisioning 116 OCL Object Constraint Language 117 OID Object IDentifier 118 SUPA Simplified Use of Policy Abstractions 119 UML Unified Modeling Language 120 URI Uniform Resource Identifier 122 3.2. Definitions 124 Action: a set of purposeful activities that have a set of 125 associated behavior. 127 Boolean Clause: a logical statement that evaluates to either TRUE 128 or FALSE. Also called Boolean Expression. 130 Condition: a set of attributes, features, and/or values that are to 131 be compared with a set of known attributes, features, and/or 132 values in order to make a decision. A Condition, when used in 133 the context of a Policy Rule, is used to determine whether or not 134 the set of Actions in that Policy Rul can be executed or not. 136 Constraint: A constraint is a limitation or restriction. 137 Constraints may be added to any type of object (e.g., events, 138 conditions, and actions in Policy Rules). 140 Constraint Programming: a type of programming that uses constraints 141 to define relations between variables in order to find 142 a feasible (and not necessarily optimal) solution. 144 Data Model: a data model is a representation of concepts of 145 interest to an environment in a form that is dependent on data 146 repository, data definition language, query language, 147 implementation language, and protocol (typically one or more of 148 these). 150 ECA: Event - Condition - Action policy. 152 Event: an Event is defined as any important occurrence in time of 153 a change in the system being managed, and/or in the environment 154 of the system being managed. An Event, when used in the context 155 of a Policy Rule, is used to determine whether the condition 156 clause of an imperative Policy Rule can be evaluated or not. 158 Information Model: an information model is a representation of 159 concepts of interest to an environment in a form that is 160 independent of data repository, data definition language, query 161 language, implementation language, and protocol. 163 Metadata: is data that provides descriptive and/or prescriptive 164 information about the object(s) to which it is attached. 166 Policy Rule: A Policy Rule is a set of rules that are used to 167 manage and control the changing or maintaining of the state of one 168 or more managed objects. 170 3.3. Symbology 172 The following representation is used to describe YANG data modules 173 defined in this draft. 175 o Brackets "[" and "]" enclose list keys. 177 o Abbreviations before data node names: "rw" means configuration 178 data (read-write), and "ro" means state data (read-only). 180 o Symbols after data node names: "?" means an optional node, "!" 181 means a presence container, and "*" denotes a list and leaf-list. 183 o Parentheses enclose choice and case nodes, and case nodes are also 184 marked with a colon (":"). 186 o Ellipsis ("...") stands for contents of subtrees that are not 187 shown. 189 4. Design of the SUPA Policy Data Models 191 This will be completed in the next version of this draft. Three 192 important points are: 194 - different policy models have common semantics 195 - capture those semantics within a common framework (GPIM) 196 - extend these semantics with a specific ECA example (EPRIM) 198 5. SUPA Policy Data Model YANG Module 200 The SUPA YANG data model module is divided into two main parts: 202 1) a set of containers that represent the objects that make 203 updated a Policy Rule and its Policy Rule Components 204 2) a set of containers that represent the objects that define and 205 apply metadata to Policy Rules and/or Policy Rule Components 207 < This will be finished in version 02 > 209 file "ietf-supa-policydatamodel@2016-03-21.yang" 211 module ietf-supa-policydatamodel { 213 yang-version 1.1; 214 namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel"; 215 prefix supa-pdm; 217 import ietf-yang-types { 218 prefix yang; 219 } 221 organization "IETF"; 222 contact 223 "Editor: Joel Halpern 224 email: jmh@joelhalpern.com; 225 Editor: John Strassner 226 email: strazpdj@gmail.com;"; 228 description 229 "This module defines a data model for generic high level 230 definition of policies to be applied to a network. 231 This module is derived from and aligns with 232 draft-strassner-supa-generic-policy-info-model-04. 233 Details on all classes, associations, and attributes 234 can be found there. 235 Copyright (c) 2015 IETF Trust and the persons identified 236 as the document authors. All rights reserved. 237 Redistribution and use in source and binary forms, with or 238 without modification, is permitted pursuant to, and 239 subject to the license terms contained in, the Simplified 240 BSD License set forth in Section 4.c of the IETF Trust's 241 Legal Provisions Relating to IETF Documents 242 (http://trustee.ietf.org/license-info)."; 244 revision 2016-07-20 { 245 description 246 "Conversion to WG draft, 20160720. 247 Fixed pyang 1.1 compilation errors. Fixed must clause 248 derefencing used in grouping statements. Reformatted 249 and expanded descriptions. Fixed various typos. 250 Initial version, 20160321"; 251 reference 252 "draft-ietf-supa-policy-data-model-00"; 253 } 255 typedef policy-constraint-language-list { 256 type enumeration { 257 enum "undefined" { 258 description 259 "This may be used as an initialization and/or 260 an error state."; 261 } 262 enum "OCL2.4" { 263 description 264 "Object Constraint Language v2.4. This is a 265 declarative language for describing rules for 266 defining constraints and query expressions."; 267 } 268 enum "OCL2.x" { 269 description 270 "Object Constraint Language, v2.0 through 2.3.1."; 271 } 272 enum "OCL1.x" { 273 description 274 "Object Constraint Language, any version prior 275 to v2.0."; 276 } 277 enum "QVT1.2R" { 278 description 279 "QVT Relational Language."; 280 } 281 enum "QVT1.2O" { 282 description 283 "QVT Operational language."; 284 } 285 enum "Alloy" { 286 description 287 "A language for defining structures and 288 and relations using constraints."; 289 } 290 } 291 description 292 "The language used to encode the constraints 293 relevant to the relationship between the metadata 294 and the underlying policy object."; 295 } 297 typedef policy-data-type-id-encoding-list { 298 type enumeration { 299 enum "undefined" { 300 description 301 "This can be used for either initialization 302 or for signifying an error."; 303 } 304 enum "String" { 305 description 306 "The clause is directly present in 307 the content."; 308 } 309 enum "GUID" { 310 description 311 "The clause is referenced by this GUID."; 312 } 313 enum "UUID" { 314 description 315 "The clause is referenced by this UUID."; 316 } 317 enum "URI" { 318 description 319 "The clause is referenced by this URI."; 320 } 321 enum "FQDN" { 322 description 323 "The clause is referenced by this FQDN."; 324 } 325 } 326 description 327 "The list of possible data types used to represent object 328 IDs in the SUPA policy hierarchy."; 329 } 331 typedef policy-data-type-encoding-list { 332 type enumeration { 333 enum "undefined" { 334 description 335 "This can be used for either initialization 336 or for signifying an error."; 337 } 338 enum "string" { 339 description 340 "This represents a string data type."; 341 } 342 enum "integer" { 343 description 344 "This represents an integer data type."; 345 } 346 enum "boolean" { 347 description 348 "This represents a Boolean data type."; 349 } 350 enum "floating point" { 351 description 352 "This represents a floating point data type."; 353 } 354 enum "date-and-time" { 355 description 356 "This represents a data type that can specify 357 date and/or time."; 358 } 359 enum "GUID" { 360 description 361 "This represents a GUID data type."; 362 } 363 enum "UUID" { 364 description 365 "This represents a UUID data type."; 366 } 367 enum "URI" { 368 description 369 "This represents a Uniform Resource Identifier 370 (URI) data type."; 371 } 372 enum "DN" { 373 description 374 "This represents a Distinguished Name (DN) 375 data type."; 376 } 377 enum "NULL" { 378 description 379 "This represents a NULL data type. NULL means the 380 absence of an actual value. NULL is frequently 381 used to represent a missing or invalid value."; 382 } 383 } 384 description 385 "The set of allowable data types used to encode 386 multi-valued SUPA Policy attributes."; 387 } 389 // identities are used in this model as a means to provide simple 390 // reflection to allow an instance-identifier to be tested as to what 391 // class it represents. In turn, this allows must clauses to specify 392 // that the target of a particular instance-identifier leaf must be a 393 // specific class, or within a certain branch of the inheritance tree. 395 // This depends upon the ability to refine the entity class default 396 // value. The entity class should be read-only. Howeverm as this is 397 // the target of a MUST condition, it cannot be config-false. Also, 398 // it appears that we cannot put a MUST condition on its definition, 399 // as the default (actual) value changes at each inheritance. 401 identity POLICY-OBJECT-TYPE { 402 description 403 "The identity corresponding to a SUPAPolicyObject 404 object instance."; 405 } 407 grouping supa-policy-object-type { 408 leaf supa-policy-ID { 409 type string; 410 mandatory true; 411 description 412 "The string identifier of this policy object. 413 It must be unique within the policy system."; 414 } 415 leaf entity-class { 416 type identityref { 417 base POLICY-OBJECT-TYPE; 418 } 419 default POLICY-OBJECT-TYPE; 420 description 421 "The identifier of the class of this grouping."; 422 } 423 leaf supa-policy-object-ID-encoding { 424 type policy-data-type-id-encoding-list; 425 mandatory true; 426 description 427 "The encoding used by the supa-object-ID."; 428 } 429 leaf supa-policy-object-description { 430 type string; 431 description 432 "Human readable description of the characteristics 433 and behavior of this policy object."; 434 } 435 leaf supa-policy-name { 436 type string; 437 description 438 "A human-readable name for this policy."; 439 } 440 leaf-list supa-has-policy-metadata-agg { 441 type instance-identifier; 442 must "derived-from-or-self (deref(.)/entity-class, 443 SUPA-HAS-POLICY-METADATA-ASSOC)"; 445 description 446 "The SUPAPolicyObject object instance that aggregates 447 this set of SUPAPolicyMetadata object instances. As 448 there are attributes on this association, the 449 instance-identifier MUST point to an instance using 450 the grouping supa-has-policy-metadata-detail (which 451 includes subclasses of this association class)."; 452 } 453 description 454 "This is the superclass for all SUPA objects. It is 455 used to define common attributes and relationships 456 that all SUPA subclasses inherit."; 457 } 459 identity POLICY-COMPONENT-TYPE { 460 base POLICY-OBJECT-TYPE; 461 description 462 "The identity corresponding to a 463 SUPAPolicyComponentStructure object instance."; 464 } 466 grouping supa-policy-component-structure-type { 467 uses supa-policy-object-type { 468 refine entity-class { 469 default POLICY-COMPONENT-TYPE; 470 } 471 } 472 leaf supa-has-policy-component-decorator-part { 473 type instance-identifier; 474 must "derived-from-or-self (deref(.)/entity-class, 475 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 476 mandatory true; 477 description 478 "A reference to the association class for relating 479 policy component decorators to the policy components 480 they decorate. This is the set of 481 SUPAPolicyComponentStructure object instances that are 482 aggregated by a SUPAPolicyComponentDecorator object 483 instance. As there are attributes on this association, 484 the instance-identifier MUST point to an instance 485 using the specified grouping. This defines the object 486 class that this instance-identifier points to."; 487 } 488 description 489 "A superclass for all objects that represent different types 490 of components of a Policy Rule. Important subclasses include 491 the SUPAPolicyClause and the SUPAPolicyComponentDecorator. 492 This object is the root of the decorator pattern; as such, 493 it enables all subclasses to be decorated."; 494 } 495 identity POLICY-COMPONENT-DECORATOR-TYPE { 496 base POLICY-COMPONENT-TYPE; 497 description 498 "The identity corresponding to a 499 SUPAPolicyComponentDecorator object instance."; 500 } 502 grouping supa-policy-component-decorator-type { 503 uses supa-policy-component-structure-type { 504 refine entity-class { 505 default POLICY-COMPONENT-DECORATOR-TYPE; 506 } 507 } 508 leaf-list supa-has-policy-component-decorator-agg { 509 type instance-identifier; 510 must "derived-from-or-self (deref(.)/entity-class, 511 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 512 max-elements 1; 513 description 514 "The SUPAPolicyComponentDecorator object instance 515 that aggregates this set of 516 SUPAPolicyComponentStructure object instances. This 517 is a list of associations to the SUPA policy components 518 that this decorator decorates. As there are attributes 519 on this association, the instance-identifier MUST 520 point to an instance using the specified grouping. 521 This defines the object class that this 522 instance-identifier points to."; 523 } 524 leaf-list supa-decorator-constraints { 525 type string; 526 description 527 "A constraint expression applying to this 528 decorator, allowing specification of details not 529 captured in its subclasses, using an appropriate 530 constraint language."; 531 } 532 leaf supa-has-decorator-constraint-encoding { 533 type policy-constraint-language-list; 534 description 535 "The language in which the constraints on the 536 policy component decorator is expressed."; 537 } 538 description 539 "This object implements the decorator pattern, which 540 enables all or part of one or more objects to wrap 541 another concrete object."; 542 } 543 identity POLICY-COMPONENT-CLAUSE-TYPE { 544 base POLICY-COMPONENT-TYPE; 545 description 546 "The identity corresponding to a SUPAPolicyClause 547 object instance."; 548 } 550 grouping supa-policy-clause-type { 551 uses supa-policy-component-structure-type { 552 refine entity-class { 553 default POLICY-COMPONENT-CLAUSE-TYPE; 554 } 555 } 556 leaf supa-policy-clause-exec-status { 557 type enumeration { 558 enum "Unknown" { 559 description 560 "This may be used as an initialization and/or 561 an error state."; 562 } 563 enum "Completed" { 564 description 565 "This signifies that this particular policy 566 clause has run successfully, and is now idle."; 567 } 568 enum "Working" { 569 description 570 "This signifies that this particular policy 571 clause is currently in use, and no errors have 572 been reported."; 573 } 574 enum "Not Working" { 575 description 576 "This signifies that this particular policy 577 clause is currently in use, but one or more 578 errors have been reported."; 579 } 580 enum "Available" { 581 description 582 "This signifies that this particular policy 583 clause could be used, but currently is not 584 in use."; 585 } 586 enum "In Test" { 587 description 588 "This signifies that this particular policy 589 clause is not for use in operational policies."; 590 } 591 enum "Disabled" { 592 description 593 "This signifies that this particular policy 594 clause is not available for use."; 595 } 596 } 597 description "This describes whether this policy clause is in 598 use and if so whether it is working properly."; 599 } 600 leaf-list supa-has-policy-clause-part { 601 type instance-identifier; 602 must "derived-from-or-self (deref(.)/entity-class, 603 SUPA-HAS-POLICY-CLAUSE-ASSOC)"; 604 min-elements 1; 605 description 606 "The set of SUPAPolicyClause object instances that are 607 aggregated by this SUPAPolicyStructure (i.e., this 608 SUPA Policy Rule) object instance. This defines the 609 object class that this instance-identifier points to."; 610 } 611 description "The parent class for all SUPA Policy Clauses."; 612 } 614 identity POLICY-ENCODED-CLAUSE-TYPE { 615 base POLICY-COMPONENT-CLAUSE-TYPE; 616 description 617 "The identity corresponding to a SUPAPolicyEncodedClause 618 object instance."; 619 } 621 grouping supa-encoded-clause-type { 622 uses supa-policy-clause-type { 623 refine entity-class { 624 default POLICY-ENCODED-CLAUSE-TYPE; 625 } 626 } 627 leaf supa-encoded-clause-content { 628 type string; 629 mandatory true; 630 description 631 "Either a reference to a source for this clause or the 632 string representation of the clause."; 633 } 634 leaf supa-encoded-clause-encoding { 635 type policy-data-type-id-encoding-list; 636 mandatory true; 637 description 638 "The encoding for the encoding clause content."; 639 } 640 leaf supa-encoded-clause-language { 641 type enumeration { 642 enum "undefined" { 643 description 644 "This may be used as an initialization and/or 645 an error state."; 646 } 647 enum "CLI" { 648 description 649 "This defines the language as a type of Command 650 Line Interface."; 651 } 652 enum "TL1" { 653 description 654 "This defines the language as a type of 655 Transaction Language 1."; 656 } 657 enum "YANG" { 658 description 659 "This defines the language as a type of YANG."; 660 } 661 } 662 mandatory true; 663 description 664 "Indicates the lanaguage used for this object instance."; 665 } 666 leaf supa-encoded-clause-response { 667 type boolean; 668 description 669 "If present, this represents the success or failure 670 of the last invocation of this clause."; 671 } 672 description 673 "This class refines the behavior of the supa-policy-clause 674 by encoding the contents of the clause into the attributes 675 of this object. This enables clauses that are not based on 676 other SUPA objects to be modeled."; 677 } 679 container supa-encoding-clause-container { 680 description 681 "This is a container to collect all object instances of 682 type SUPAEncodedClause."; 683 list supa-encoding-clause-list { 684 key supa-policy-ID; 685 uses supa-encoded-clause-type; 686 description 687 "List of all instances of supa-encoding-clause-type. 688 If a module defines subclasses of the encoding clause, 689 those will be stored in a separate container."; 690 } 691 } 692 identity POLICY-COMPONENT-TERM-TYPE { 693 base POLICY-COMPONENT-DECORATOR-TYPE; 694 description 695 "The identity corresponding to a 696 SUPAPolicyComponentDecorator object instance."; 697 } 699 grouping supa-policy-term-type { 700 uses supa-policy-component-decorator-type { 701 refine entity-class { 702 default POLICY-COMPONENT-TERM-TYPE; 703 } 704 } 705 leaf supa-policy-term-is-negated { 706 type boolean; 707 description 708 "If the value of this attribute is true, then 709 this particular term is negated."; 710 } 711 description 712 "This is the superclass of all SUPA policy objects that are 713 used to test or set the value of a variable."; 714 } 716 identity POLICY-COMPONENT-VARIABLE-TYPE { 717 base POLICY-COMPONENT-TERM-TYPE; 718 description 719 "The identity corresponding to a SUPAPolicyVariable 720 object instance."; 721 } 723 grouping supa-policy-variable-type { 724 uses supa-policy-term-type { 725 refine entity-class { 726 default POLICY-COMPONENT-VARIABLE-TYPE; 727 } 728 } 729 leaf supa-policy-variable-name { 730 type string; 731 description 732 "A human-readable name for this policy variable."; 733 } 734 description 735 "This is one formulation of a SUPA Policy Clause. It uses 736 an object, defined in the SUPA hierarchy, to represent the 737 variable portion of a SUPA Policy Clause. The attribute 738 defined by the supa-policy-variable-name specifies an 739 attribute whose content should be compared to a value, 740 which is typically specified by supa-policy-value-type."; 741 } 742 container supa-policy-variable-container { 743 description 744 "This is a container to collect all object instances of 745 type SUPAPolicyVariable."; 746 list supa-policy-variable-list { 747 key supa-policy-ID; 748 uses supa-policy-variable-type; 749 description 750 "List of all instances of supa-policy-variable-type. 751 If a module defines subclasses of this class, 752 those will be stored in a separate container."; 753 } 754 } 756 identity POLICY-COMPONENT-OPERATOR-TYPE { 757 base POLICY-COMPONENT-TERM-TYPE; 758 description 759 "The identity corresponding to a SUPAPolicyOperator 760 object instance."; 761 } 763 grouping supa-policy-operator-type { 764 uses supa-policy-term-type { 765 refine entity-class { 766 default POLICY-COMPONENT-OPERATOR-TYPE; 767 } 768 } 769 leaf supa-policy-value-op-type { 770 type enumeration { 771 enum "unknown" { 772 description 773 "This may be used as an initialization and/or 774 an error state."; 775 } 776 enum "greater than" { 777 description 778 "A greater-than operator."; 779 } 780 enum "greater than or equal to" { 781 description 782 "A greater-than-or-equal-to operator."; 783 } 784 enum "less than" { 785 description 786 "A less-than operator."; 787 } 788 enum "less than or equal to" { 789 description 790 "A less-than-or-equal-to operator."; 791 } 792 enum "equal to" { 793 description 794 "An equal-to operator."; 795 } 796 enum "not equal to"{ 797 description 798 "A not-equal-to operator."; 799 } 800 enum "IN" { 801 description 802 "An operator that determines whether a given 803 value matches any of the specified values."; 804 } 805 enum "NOT IN" { 806 description 807 "An operator that determines whether a given 808 value does not match any of the specified 809 values."; 810 } 811 enum "SET" { 812 description 813 "An operator that makes the value of the 814 result equal to the input value."; 815 } 816 enum "CLEAR"{ 817 description 818 "An operator that deletes the value of the 819 specified object."; 820 } 821 enum "BETWEEN" { 822 description 823 "An operator that determines whether a given 824 value is within a specified range of values."; 825 } 826 } 827 mandatory true; 828 description 829 "The type of operator used to compare the variable 830 and value portions of this SUPA Policy Clause."; 831 } 832 description 833 "This is one formulation of a SUPA Policy Clause. It uses 834 an object, defined in the SUPA hierarchy, to represent the 835 operator portion of a SUPA Policy Clause. The attribute 836 defined by the supa-policy-op-type specifies an attribute 837 whose content defines the type of operator used to compare 838 the variable and value portions of this policy clause."; 839 } 840 container supa-policy-operator-container { 841 description 842 "This is a container to collect all object instances of 843 type SUPAPolicyOperator."; 844 list supa-policy-operator-list { 845 key supa-policy-ID; 846 uses supa-policy-operator-type; 847 description 848 "List of all instances of supa-policy-operator-type. 849 If a module defines subclasses of this class, 850 those will be stored in a separate container."; 851 } 852 } 854 identity POLICY-COMPONENT-VALUE-TYPE { 855 base POLICY-COMPONENT-TERM-TYPE; 856 description 857 "The identity corresponding to a SUPAPolicyValue 858 object instance."; 859 } 861 grouping supa-policy-value-type { 862 uses supa-policy-term-type { 863 refine entity-class { 864 default POLICY-COMPONENT-VALUE-TYPE; 865 } 866 } 867 leaf-list supa-policy-value-content { 868 type string; 869 description 870 "The content of the value portion of this SUPA Policy 871 Clause. The data type of the content is specified in 872 the supa-policy-value-encoding."; 873 } 874 leaf supa-policy-value-encoding { 875 type policy-data-type-encoding-list; 876 description 877 "The data type of the supa-policy-value-content."; 878 } 879 description 880 "This is one formulation of a SUPA Policy Clause. It uses 881 an object, defined in the SUPA hierarchy, to represent the 882 value portion of a SUPA Policy Clause. The attribute 883 defined by the supa-policy-value-content specifies an 884 attribute whose content should be compared to a variable, 885 which is typically specified by supa-policy-variable-type."; 886 } 887 container supa-policy-value-container { 888 description 889 "This is a container to collect all object instances of 890 type SUPAPolicyValue."; 891 list supa-policy-value-list { 892 key supa-policy-ID; 893 uses supa-policy-value-type; 894 description 895 "List of all instances of supa-policy-value-type. 896 If a module defines subclasses of this class, 897 those will be stored in a separate container."; 898 } 899 } 901 identity POLICY-GENERIC-DECORATED-TYPE { 902 base POLICY-COMPONENT-DECORATOR-TYPE; 903 description 904 "The identity corresponding to a 905 SUPAGenericDecoratedComponent object instance."; 906 } 908 grouping supa-policy-generic-decorated-type { 909 uses supa-policy-component-decorator-type { 910 refine entity-class { 911 default POLICY-GENERIC-DECORATED-TYPE; 912 } 913 } 914 leaf-list supa-policy-generic-decorated-content { 915 type string; 916 description 917 "The content of this SUPA Policy Clause. The data type 918 of this attribute is specified in the 919 supa-policy-generic-decorated-encoding."; 920 } 921 leaf supa-policy-generic-decorated-encoding { 922 type policy-data-type-encoding-list; 923 description 924 "The data type of the 925 supa-policy-generic-decorated-content attribute."; 926 } 927 description 928 "This object enables a generic object to be defined and 929 used as a decorator in a SUPA Policy Clause. 930 This should not be confused with the SUPAEncodedClause 931 class. This class represents a single, atomic, 932 vendor-specific object that defines a portion of a SUPA 933 Policy Clause, whereas a SUPA Policy Encoded Clause 934 represents the entire policy clause."; 935 } 936 container supa-policy-generic-decorated-container { 937 description 938 "This is a container to collect all object instances of 939 type SUPAGenericDecoratedComponent."; 940 list supa-encoding-clause-list { 941 key supa-policy-ID; 942 uses supa-policy-generic-decorated-type; 943 description 944 "List of all instances of 945 supa-policy-generic-decorated-type. If a module 946 defines subclasses of this class, those will be 947 stored in a separate container."; 948 } 949 } 951 identity POLICY-COLLECTION { 952 base POLICY-COMPONENT-DECORATOR-TYPE; 953 description 954 "The identity corresponding to a SUPAPolicyCollection 955 object instance."; 956 } 958 grouping supa-policy-collection { 959 uses supa-policy-component-decorator-type { 960 refine entity-class { default POLICY-COLLECTION; 961 } 962 } 963 leaf-list supa-policy-collection-content { 964 type string; 965 description 966 "The content of this collection object. The data type 967 is specified in supa-policy-collection-encoding."; 968 } 969 leaf supa-policy-collection-encoding { 970 type enumeration { 971 enum "undefined" { 972 description 973 "This may be used as an initialization and/or 974 an error state."; 975 } 976 enum "by regex" { 977 description 978 "This defines the data type of the content of 979 this collection instance to be a regular 980 expression that contains all or part of a 981 string to match the class name of the object 982 that is to be collected by this instance of a 983 SUPAPolicyCollection class."; 984 } 985 enum "by URI" { 986 description 987 "This defines the data type of the content of 988 this collection instance to be a Uniform 989 Resource Identifier. It identifies the object 990 instance that is to be collected by this 991 instance of a SUPAPolicyCollection class."; 992 } 993 } 994 mandatory true; 995 description 996 "The data type of the supa-policy-collection-content."; 997 } 998 leaf supa-policy-collection-function { 999 type enumeration { 1000 enum "undefined" { 1001 description 1002 "This may be used as an initialization and/or 1003 an error state."; 1004 } 1005 enum "event collection" { 1006 description 1007 "This collection contains objects that are used 1008 to populate the event clause of a 1009 SUPA Policy."; 1010 } 1011 enum "condition collection" { 1012 description 1013 "This collection contains objects that are used 1014 to populate the condition clause of a 1015 SUPA Policy."; 1016 } 1017 enum "action collection" { 1018 description 1019 "This collection contains objects that are used 1020 to populate the action clause of a 1021 SUPA Policy."; 1022 } 1023 enum "logic collection" { 1024 description 1025 "This collection contains objects that define 1026 logic for processing a SUPA Policy."; 1027 } 1028 } 1029 description 1030 "Defines how this collection instance is to be used."; 1031 } 1032 leaf supa-policy-collection-is-ordered { 1033 type boolean; 1034 description 1035 "If the value of this leaf is true, then all elements 1036 in this collection are ordered."; 1037 } 1038 leaf supa-policy-collection-type { 1039 type enumeration { 1040 enum "undefined" { 1041 description 1042 "This may be used as an initialization and/or 1043 an error state."; 1044 } 1045 enum "set" { 1046 description 1047 "An unordered collection of elements that MUST 1048 NOT have duplicates."; 1049 } 1050 enum "bag" { 1051 description 1052 "An unordered collection of elements that MAY 1053 have duplicates."; 1054 } 1055 enum "dictionary" { 1056 description 1057 "A list of values that is interpreted as a set 1058 of pairs, with the first entry of each pair 1059 interpreted as a dictionary key, and the 1060 second entry interpreted as a value for that 1061 key. As a result, collections using this value 1062 of supa-policy-collection-type MUST have 1063 supa-policy-collection-is-ordered set to true."; 1064 } 1065 } 1066 mandatory true; 1067 description 1068 "The type of the supa-policy-collection."; 1069 } 1070 description 1071 "This enables a collection of arbitrary objects to be 1072 defined and used in a SUPA Policy Clause. 1073 This should not be confused with the SUPAEncodedClause 1074 class. This class represents a single, atomic, object that 1075 defines a portion of a SUPA Policy Clause, whereas a SUPA 1076 Policy Encoded Clause represents the entire policy clause."; 1077 } 1078 container supa-policy-collection-container { 1079 description 1080 "This is a container to collect all object instances of 1081 type SUPAPolicyCollection."; 1082 list supa-policy-collection-list { 1083 key supa-policy-ID; 1084 uses supa-policy-collection; 1085 description 1086 "List of all instances of supa-policy-collection. 1087 If a module defines subclasses of this class, 1088 those will be stored in a separate container."; 1089 } 1090 } 1092 identity POLICY-STRUCTURE-TYPE { 1093 base POLICY-OBJECT-TYPE; 1094 description 1095 "The identity corresponding to a SUPAPolicyStructure 1096 object instance."; 1097 } 1099 grouping supa-policy-structure-type { 1100 uses supa-policy-object-type { 1101 refine entity-class { 1102 default POLICY-STRUCTURE-TYPE; 1103 } 1104 } 1105 leaf supa-policy-admin-status { 1106 type enumeration { 1107 enum "unknown" { 1108 description 1109 "This may be used as an initialization and/or 1110 an error state."; 1111 } 1112 enum "enabled" { 1113 description 1114 "This SUPA Policy Rule has been 1115 administratively enabled."; 1116 } 1117 enum "disabled" { 1118 description 1119 "This SUPA Policy Rule has been 1120 administratively disabled."; 1121 } 1122 enum "in test" { 1123 description 1124 "This SUPA Policy Rule has been 1125 administratively placed into test mode, and 1126 SHOULD NOT be used as part of an operational 1127 policy rule."; 1128 } 1129 } 1130 mandatory true; 1131 description 1132 "The current admnistrative status of this SUPA POLICY 1133 Rule."; 1134 } 1135 leaf supa-policy-continuum-level { 1136 type uint32; 1137 description 1138 "This is the current level of abstraction of this 1139 particular SUPA Policy Rule."; 1140 } 1141 leaf supa-policy-deploy-status { 1142 type enumeration { 1143 enum "undefined" { 1144 description 1145 "This may be used as an initialization and/or 1146 an error state."; 1147 } 1148 enum "deployed and enabled" { 1149 description 1150 "This SUPA Policy Rule has been deployed and 1151 enabled."; 1152 } 1153 enum "disabled" { 1154 description 1155 "This SUPA Policy Rule has been 1156 administratively disabled."; 1157 } 1158 enum "in test" { 1159 description 1160 "This SUPA Policy Rule has been 1161 administratively placed into test mode, and 1162 SHOULD NOT be used as part of an operational 1163 policy rule."; 1164 } 1165 } 1166 mandatory true; 1167 description 1168 "This is the current level of abstraction of this 1169 particular SUPA Policy Rule."; 1170 } 1171 leaf supa-policy-exec-status { 1172 type enumeration { 1173 enum "undefined" { 1174 description 1175 "This may be used as an initialization and/or 1176 an error state."; 1177 } 1178 enum "operational success" { 1179 description 1180 "This SUPA Policy Rule has been executed in 1181 operational mode, and produced no errors."; 1182 } 1183 enum "operational failure" { 1184 description 1185 "This SUPA Policy Rule has been executed in 1186 operational mode, but has produced at least 1187 one error."; 1188 } 1189 enum "currently in operation" { 1190 description 1191 "This SUPA Policy Rule is currently still 1192 executing in operational mode."; 1193 } 1194 enum "ready" { 1195 description 1196 "This SUPA Policy Rule is ready to be 1197 executed in operational mode."; 1198 } 1199 enum "test success" { 1200 description 1201 "This SUPA Policy Rule has been executed in 1202 test mode, and produced no errors."; 1203 } 1204 enum "test failure" { 1205 description 1206 "This SUPA Policy Rule has been executed in 1207 test mode, but has produced at least 1208 one error."; 1209 } 1210 enum "currently in test" { 1211 description 1212 "This SUPA Policy Rule is currently still 1213 executing in test mode."; 1214 } 1215 } 1216 mandatory true; 1217 description 1218 "This is the current level of abstraction of this 1219 particular SUPA Policy Rule."; 1220 } 1221 leaf supa-policy-exec-fail-strategy { 1222 type enumeration { 1223 enum "undefined" { 1224 description 1225 "This may be used as an initialization and/or 1226 an error state."; 1227 } 1228 enum "rollback all" { 1229 description 1230 "This means that execution of this SUPA 1231 Policy Rule is stopped, rollback of all 1232 actions (whether successful or not) is 1233 attempted, and all SUPA Policy Rules that 1234 otherwise would have executed are ignored."; 1235 } 1236 enum "rollback failure" { 1237 description 1238 "This means that execution of this SUPA 1239 Policy Rule is stopped, and rollback is 1240 attempted for only the SUPA Policy Rule that 1241 failed to execute correctly."; 1242 } 1243 enum "stop execution" { 1244 description 1245 "This means that execution of this SUPA Policy 1246 Rule SHOULD be stopped."; 1247 } 1248 enum "ignore" { 1249 description 1250 "This means that any failures produced by this 1251 SUPA Policy Rule SHOULD be ignored."; 1252 } 1253 } 1254 mandatory true; 1255 description 1256 "This defines what actions, if any, should be taken by 1257 this particular SUPA Policy Rule if it fails to 1258 execute correctly. Some implementations may not be 1259 able to accommodate the rollback failure option; 1260 hence, this option may be skipped."; 1261 } 1262 leaf-list supa-has-policy-source-agg { 1263 type instance-identifier; 1264 must "derived-from-or-self (deref(.)/entity-class, 1265 SUPA-HAS-POLICY-SOURCE-ASSOC)"; 1266 description 1267 "The SUPAPolicyStructure (i.e., the type of SUPA 1268 Policy Rule) object instance that aggregates this set 1269 set of SUPAPolicySource object instances. This 1270 defines the object class that this instance-identifier 1271 points to."; 1272 } 1273 leaf-list supa-has-policy-target-agg { 1274 type instance-identifier; 1275 must "derived-from-or-self (deref(.)/entity-class, 1276 SUPA-HAS-POLICY-TARGET-ASSOC)"; 1278 description 1279 "This represents the aggregation of Policy Target 1280 objects by this particular SUPA Policy Rule. It is 1281 the SUPAPolicyStructure object instance that 1282 aggregates this set of SUPAPolicyTarget object 1283 instances. This defines the object class that 1284 this instance-identifier points to."; 1285 } 1286 leaf-list supa-has-policy-clause-agg { 1287 type instance-identifier; 1288 must "derived-from-or-self (deref(.)/entity-class, 1289 SUPA-HAS-POLICY-CLAUSE-ASSOC)"; 1290 description 1291 "The SUPAPolicyStructure object instance that 1292 aggregates this set of SUPAPolicyClause object 1293 instances. This defines the object class that 1294 this instance-identifier points to."; 1295 } 1296 leaf-list supa-has-policy-exec-action-assoc-src-ptr { 1297 type instance-identifier; 1298 must "derived-from-or-self (deref(.)/entity-class, 1299 SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; 1300 description 1301 "This associates a SUPAPolicyStructure (i.e., a SUPA 1302 Policy Rule) object instance to zero or more SUPA 1303 Policy Actions to be used to correct errors caused if 1304 this SUPA Policy Rule does not execute correctly."; 1305 } 1306 leaf-list supa-has-policy-exec-action-assoc-dst-ptr { 1307 type instance-identifier; 1308 must "derived-from-or-self (deref(.)/entity-class, 1309 SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; 1310 min-elements 1; 1311 description 1312 "The set of zero or more SUPA Policy Actions to be used 1313 by this particular SUPAPolicyStructure (i.e., SUPA 1314 Policy Rule to correct errors caused if this SUPA 1315 Policy Rule does not execute correctly."; 1316 } 1317 description 1318 "A superclass for all objects that represent different types 1319 of Policy Rules. Currently, this is limited to a single 1320 type - the event-condition-action (ECA) policy rule. 1321 A SUPA Policy may be an individual policy, or a set of 1322 policies. This is supported by applying the composite 1323 pattern to this class."; 1324 } 1325 identity POLICY-SOURCE-TYPE { 1326 base POLICY-OBJECT-TYPE; 1327 description 1328 "The identity corresponding to a SUPAPolicySource 1329 object instance."; 1330 } 1332 grouping supa-policy-source-type { 1333 uses supa-policy-object-type { 1334 refine entity-class { 1335 default POLICY-SOURCE-TYPE; 1336 } 1337 } 1338 leaf-list supa-has-policy-source-part { 1339 type instance-identifier; 1340 must "derived-from-or-self (deref(.)/entity-class, 1341 SUPA-HAS-POLICY-SOURCE-ASSOC)"; 1342 description 1343 "This represents the aggregation of one or more SUPA 1344 Policy Source objects to this particular SUPA Policy 1345 Rule object. In other words, it is the set of 1346 SUPAPolicySource object instances that are aggregated 1347 by this SUPAPolicyStructure (i.e., this SUPA Policy 1348 Rule). This defines the object class that this 1349 instance-identifier points to."; 1350 } 1351 description 1352 "This object defines a set of managed entities that 1353 authored, or are otherwise responsible for, this SUPA 1354 Policy Rule. Note that a SUPA Policy Source does not 1355 evaluate or execute SUPAPolicies. Its primary use is for 1356 auditability and the implementation of deontic and/or 1357 alethic logic."; 1358 } 1360 identity POLICY-TARGET-TYPE { 1361 base POLICY-OBJECT-TYPE; 1362 description 1363 "The identity corresponding to a SUPAPolicyTarget 1364 object instance."; 1365 } 1367 grouping supa-policy-target-type { 1368 uses supa-policy-object-type { 1369 refine entity-class { 1370 default POLICY-TARGET-TYPE; 1371 } 1372 } 1373 leaf-list supa-has-policy-target-part { 1374 type instance-identifier; 1375 must "derived-from-or-self (deref(.)/entity-class, 1376 SUPA-HAS-POLICY-TARGET-ASSOC)"; 1377 description 1378 "This represents the aggregation of one or more SUPA 1379 Policy Target objects to this particular SUPA Policy 1380 Rule object. In other words, it is the set of 1381 SUPAPolicyTarget object instances that are aggregated 1382 by this SUPAPolicyStructure (i.e., this SUPA Policy 1383 Rule). This defines the object class that this 1384 instance-identifier points to."; 1385 } 1386 description 1387 "This object defines a set of managed entities that a 1388 SUPA Policy Rule is applied to."; 1389 } 1391 identity POLICY-METADATA-TYPE { 1392 description 1393 "The identity corresponding to a SUPAPolicyMetadata 1394 object instance."; 1395 } 1397 grouping supa-policy-metadata-type { 1398 leaf supa-policy-metadata-id { 1399 type string; 1400 mandatory true; 1401 description 1402 "This represents part of the object identifier of an 1403 instance of this class. It defines the content of the 1404 object identifier."; 1405 } 1406 leaf entity-class { 1407 type identityref { 1408 base POLICY-METADATA-TYPE; 1409 } 1410 default POLICY-METADATA-TYPE; 1411 description 1412 "The identifier of the class of this grouping."; 1413 } 1414 leaf supa-policy-metadata-id-encoding { 1415 type policy-data-type-id-encoding-list; 1416 mandatory true; 1417 description 1418 "This represents part of the object identifier of an 1419 instance of this class. It defines the format of the 1420 object identifier."; 1421 } 1422 leaf supa-policy-metadata-description { 1423 type string; 1424 description 1425 "This contains a free-form textual description of this 1426 metadata object."; 1427 } 1428 leaf supa-policy-metadata-name { 1429 type string; 1430 description 1431 "This contains a human-readable name for this 1432 metadata object."; 1433 } 1434 leaf-list supa-has-policy-metadata-part { 1435 type instance-identifier; 1436 must "derived-from-or-self (deref(.)/entity-class, 1437 SUPA-HAS-POLICY-METADATA-ASSOC)"; 1438 description 1439 "This represents the set of SUPAPolicyMetadata object 1440 instances that are aggregated by this SUPAPolicyObject 1441 object instance (i.e., this is the set of policy 1442 metadata aggregated by this SUPAPolicyObject). As 1443 there are attributes on this association, the 1444 instance-identifier MUST point to an instance using 1445 the grouping supa-has-policy-metadata-detail (which 1446 includes the subclasses of the association class)."; 1447 } 1448 leaf supa-policy-metadata-decorator-part { 1449 type instance-identifier; 1450 must "derived-from-or-self (deref(.)/entity-class, 1451 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 1452 mandatory true; 1453 description 1454 "This object implements the decorator pattern, which is 1455 applied to SUPA metadata objects. This enables all or 1456 part of one or more metadata objects to wrap another 1457 concrete metadata object."; 1458 } 1459 description 1460 "This is the superclass of all metadata classes. Metadata 1461 is information that describes and/or prescribes the 1462 characteristics and behavior of another object that is 1463 not an inherent, distinguishing characteristics or 1464 behavior of that object."; 1465 } 1467 identity POLICY-METADATA-CONCRETE-TYPE { 1468 base POLICY-METADATA-TYPE; 1469 description 1470 "The identity corresponding to a SUPAPolicyConcreteMetadata 1471 object instance."; 1472 } 1473 grouping supa-policy-concrete-metadata-type { 1474 uses supa-policy-metadata-type { 1475 refine entity-class { 1476 default POLICY-METADATA-TYPE; 1477 } 1478 } 1479 leaf supa-policy-metadata-valid-period-end { 1480 type yang:date-and-time; 1481 description 1482 "This defines the ending date and time that this 1483 metadata object is valid for."; 1484 } 1485 leaf supa-policy-metadata-valid-period-start { 1486 type yang:date-and-time; 1487 description 1488 "This defines the starting date and time that this 1489 metadata object is valid for."; 1490 } 1491 description 1492 "This is a concrete class that will be wrapped by concrete 1493 instances of the SUPA Policy Metadata Decorator class. It 1494 can be viewed as a container for metadata that will be 1495 attached to a subclass of SUPA Policy Object. It may 1496 contain all or part of one or more metadata subclasses."; 1497 } 1499 container supa-policy-concrete-metadata-container { 1500 description 1501 "This is a container to collect all object instances of 1502 type SUPAPolicyConcreteMetadata."; 1503 list supa-policy-concrete-metadata-list { 1504 key supa-policy-metadata-id; 1505 uses supa-policy-concrete-metadata-type; 1506 description 1507 "A list of all supa-policy-metadata instances in the 1508 system."; 1509 } 1510 } 1512 identity POLICY-METADATA-DECORATOR-TYPE { 1513 base POLICY-METADATA-TYPE; 1514 description 1515 "The identity corresponding to a 1516 SUPAPolicyMetadataDecorator object instance."; 1517 } 1518 grouping supa-policy-metadata-decorator-type { 1519 uses supa-policy-metadata-type { 1520 refine entity-class { 1521 default POLICY-METADATA-DECORATOR-TYPE; 1522 } 1523 } 1524 leaf-list supa-policy-metadata-decorator-agg { 1525 type instance-identifier; 1526 must "derived-from-or-self (deref(.)/entity-class, 1527 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 1528 max-elements 1; 1529 description 1530 "This represents the decorator pattern being applied to 1531 metadata. This is the aggregate part (i.e., the 1532 concrete subclass of the SUPAPolicyMetadataDecorator 1533 class that wraps a concrete subclass of 1534 SUPAPolicyMetadata; currently, the only such class is 1535 SUPAPolicyConcreteMetadata)."; 1536 } 1537 description 1538 "This object implements the decorator pattern, which is 1539 applied to SUPA metadata objects. This enables all or part 1540 of one or more metadata objects to wrap another concrete 1541 metadata object."; 1542 } 1544 identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { 1545 base POLICY-METADATA-DECORATOR-TYPE; 1546 description 1547 "The identity corresponding to a 1548 SUPAPolicyAccessMetadataDef object instance."; 1549 } 1551 grouping supa-policy-metadata-decorator-access-type { 1552 uses supa-policy-metadata-decorator-type { 1553 refine entity-class { 1554 default POLICY-METADATA-DECORATOR-ACCESS-TYPE; 1555 } 1556 } 1557 leaf supa-policy-metadata-access-priv-def { 1558 type enumeration { 1559 enum "undefined" { 1560 description 1561 "This may be used as an initialization and/or 1562 an error state."; 1563 } 1564 enum "read only" { 1565 description 1566 "This defines access as read only for ALL SUPA 1567 Policy object instances that are adorned with 1568 this metadata object."; 1569 } 1570 enum "read write" { 1571 description 1572 "This defines access as read and/or write for 1573 ALL SUPA Policy object instances that are 1574 adorned with this metadata object."; 1575 } 1576 enum "specified by MAC" { 1577 description 1578 "This defines access as defined by an external 1579 Mandatory Access Control model. The name and 1580 location of this model are specified in the 1581 supa-policy-metadata-access-priv-model-name 1582 and supa-policy-metadata-access-priv-model-ref 1583 attributes of this metadata object."; 1584 } 1585 enum "specified by DAC" { 1586 description 1587 "This defines access as defined by an external 1588 Discretionary Access Control model. The name 1589 and location of this model are specified in the 1590 supa-policy-metadata-access-priv-model-name 1591 and supa-policy-metadata-access-priv-model-ref 1592 attributes of this metadata object."; 1593 } 1594 enum "specified by RBAC" { 1595 description 1596 "This defines access as defined by an external 1597 Role Based Access Control model. The name 1598 and location of this model are specified in the 1599 supa-policy-metadata-access-priv-model-name 1600 and supa-policy-metadata-access-priv-model-ref 1601 attributes of this metadata object."; 1602 } 1603 enum "specified by ABAC" { 1604 description 1605 "This defines access as defined by an external 1606 Attribute Based Access Control model. The name 1607 and location of this model are specified in the 1608 supa-policy-metadata-access-priv-model-name 1609 and supa-policy-metadata-access-priv-model-ref 1610 attributes of this metadata object."; 1611 } 1612 enum "specified by custom" { 1613 description 1614 "This defines access as defined by an external 1615 Custom Access Control model. The name and 1616 location of this model are specified in the 1617 supa-policy-metadata-access-priv-model-name 1618 and supa-policy-metadata-access-priv-model-ref 1619 attributes of this metadata object."; 1620 } 1621 } 1622 description 1623 "This defines the type of access control model that is 1624 used by this object instance."; 1625 } 1626 leaf supa-policy-metadata-access-priv-model-name { 1627 type string; 1628 description 1629 "This contains the name of the access control model 1630 being used. If the value of the 1631 supa-policy-metadata-access-priv-model-ref is 0-2, 1632 then the value of this attribute is not applicable. 1633 Otherwise, the text in this class attribute should be 1634 interpreted according to the value of the 1635 supa-policy-metadata-access-priv-model-ref class 1636 attribute."; 1637 } 1638 leaf supa-policy-metadata-access-priv-model-ref { 1639 type enumeration { 1640 enum "undefined" { 1641 description 1642 "This can be used for either initialization 1643 or for signifying an error."; 1644 } 1645 enum "URI" { 1646 description 1647 "The clause is referenced by this URI."; 1648 } 1649 enum "GUID" { 1650 description 1651 "The clause is referenced by this GUID."; 1652 } 1653 enum "UUID" { 1654 description 1655 "The clause is referenced by this UUID."; 1656 } 1657 enum "FQDN" { 1658 description 1659 "The clause is referenced by this FQDN."; 1660 } 1661 } 1662 description 1663 "This defines the data type of the 1664 supa-policy-metadata-access-priv-model-name 1665 attribute."; 1666 } 1667 description 1668 "This is a concrete class that defines metadata for access 1669 control information that can be added to a SUPA Policy 1670 object. This is done using the SUPAHasPolicyMetadata 1671 aggregation."; 1672 } 1673 container supa-policy-metadata-decorator-access-container { 1674 description 1675 "This is a container to collect all object instances of 1676 type SUPAPolicyAccessMetadataDef."; 1677 list supa-policy-metadata-decorator-access-list { 1678 key supa-policy-metadata-id; 1679 uses supa-policy-metadata-decorator-type; 1680 description 1681 "A list of all supa-policy-metadata-decorator-access 1682 instances in the system. Instances of subclasses 1683 will be in a separate list."; 1684 } 1685 } 1687 identity POLICY-METADATA-DECORATOR-VERSION-TYPE { 1688 base POLICY-METADATA-DECORATOR-TYPE; 1689 description 1690 "The identity corresponding to a 1691 SUPAPolicyVersionMetadataDef object instance."; 1692 } 1694 grouping supa-policy-metadata-decorator-version-type { 1695 uses supa-policy-metadata-decorator-type { 1696 refine entity-class { 1697 default POLICY-METADATA-DECORATOR-VERSION-TYPE; 1698 } 1699 } 1700 leaf supa-policy-metadata-version-major { 1701 type string; 1702 description 1703 "This contains a string (typically representing an 1704 integer in the overall version format) that indicates 1705 a significant increase in functionality is present in 1706 this version."; 1707 } 1708 leaf supa-policy-metadata-version-minor { 1709 type string; 1710 description 1711 "This contains a string (typically representing an 1712 integer in the overall version format) that indicates 1713 that this release contains a set of features and/or bug 1714 fixes that collectively do not warrant incrementing the 1715 supa-policy-metadata-version-major attribute."; 1716 } 1717 leaf supa-policy-metadata-version-rel-type { 1718 type enumeration { 1719 enum "undefined" { 1720 description 1721 "This can be used for either initialization 1722 or for signifying an error."; 1723 } 1724 enum "internal" { 1725 description 1726 "This indicates that this version should only 1727 be used for internal (development) purposes."; 1728 } 1729 enum "alpha" { 1730 description 1731 "This indicates that this version is considered 1732 to be alpha quality."; 1733 } 1734 enum "beta" { 1735 description 1736 "This indicates that this version is considered 1737 to be beta quality."; 1738 } 1739 enum "release candidate" { 1740 description 1741 "This indicates that this version is considered 1742 to be a candidate for full production."; 1743 } 1744 enum "release production" { 1745 description 1746 "This indicates that this version is considered 1747 to be ready for full production."; 1748 } 1749 enum "maintenance" { 1750 description 1751 "This indicates that this version is considered 1752 to be for maintenance purposes."; 1753 } 1754 } 1755 description 1756 "This defines the type of this version's release."; 1757 } 1758 leaf supa-policy-metadata-version-rel-type-num { 1759 type string; 1760 description 1761 "This contains a string (typically representing an 1762 integer in the overall version format) that indicates 1763 a significant increase in functionality is present in 1764 this version."; 1765 } 1766 description 1767 "This is a concrete class that defines metadata for version 1768 control information that can be added to a SUPA Policy 1769 object. This is done using the SUPAHasPolicyMetadata 1770 aggregation."; 1771 } 1772 container supa-policy-metadata-decorator-version-container { 1773 description 1774 "This is a container to collect all object instances of 1775 type SUPAPolicyVersionMetadataDef."; 1776 list supa-policy-metadata-decorator-version-list { 1777 key supa-policy-metadata-id; 1778 uses supa-policy-metadata-decorator-type; 1779 description 1780 "A list of all supa-policy-metadata-decorator-version 1781 instances in the system. Instances of subclasses 1782 will be in a separate list."; 1783 } 1784 } 1786 identity SUPA-HAS-POLICY-METADATA-ASSOC { 1787 description 1788 "The identity corresponding to a 1789 SUPAHasPolicyMetadataDetail association class 1790 object instance."; 1791 } 1793 grouping supa-has-policy-metadata-detail { 1794 leaf supa-policy-ID { 1795 type string; 1796 description 1797 "This is a globally unique ID for this association 1798 instance in the overall policy system."; 1799 } 1800 leaf entity-class { 1801 type identityref { 1802 base SUPA-HAS-POLICY-METADATA-ASSOC; 1803 } 1804 default SUPA-HAS-POLICY-METADATA-ASSOC; 1805 description 1806 "The identifier of the class of this assocation."; 1807 } 1808 leaf supa-has-policy-metadata-object-ptr { 1809 type instance-identifier; 1810 must "derived-from-or-self (deref(.)/entity-class, 1811 POLICY-OBJECT-TYPE)"; 1812 description 1813 "This is a reference from the SUPAPolicyObject object 1814 instance that is aggregating SUPAPolicyMetadata object 1815 instances using the SUPAHasPolicyMetadata aggregation. 1816 This SUPAPolicyMetadataDetail association class is 1817 used to define part of the semantics of the 1818 SUPAHasPolicyMetadata aggregation. For example, it can 1819 define which SUPAPolicyMetadata object instances can 1820 be aggregated by this particular SUPAPolicyObject 1821 object instance."; 1822 } 1823 leaf supa-has-policy-metadata-ptr { 1824 type instance-identifier; 1825 must "derived-from-or-self (deref(.)/entity-class, 1826 POLICY-METADATA-TYPE)"; 1827 description 1828 "This is a reference from the SUPAPolicyMetadata object 1829 instance(s) that are being aggregated by this 1830 SUPAPolicyObject object instance using the 1831 SUPAHasPolicyMetadata aggregation. The class 1832 SUPAPolicyMetadataDetail association class is used to 1833 define part of the semantics of the 1834 SUPAHasPolicyMetadata aggregation. For example, it can 1835 define which SUPAPolicyMetadata object instances can 1836 be aggregated by this particular SUPAPolicyObject 1837 object instance."; 1838 } 1839 leaf supa-policy-metadata-detail-is-applicable { 1840 type boolean; 1841 description 1842 "This attributes controls whether the associated 1843 metadata is currently considered applciable to this 1844 policy object; this enables metadata to be turned on 1845 and off when needed without disturbing the structure 1846 of the object that the metadata applies to."; 1847 } 1848 leaf-list supa-policy-metadata-detail-constraint { 1849 type string; 1850 description 1851 "A list of constraints, expressed as strings 1852 in the language defined by the 1853 supa-policy-metadata-detail-encoding."; 1854 } 1855 leaf supa-policy-metadata-detail-encoding { 1856 type string; 1857 description 1858 "The langauge used to encode the constraints 1859 relevant to the relationship between the metadata 1860 and the underlying policy object."; 1861 } 1862 description 1863 "This is a concrete association class that defines the 1864 semantics of the SUPAPolicyMetadata aggregation. This 1865 enables the attributes and relationships of the 1866 SUPAPolicyMetadataDetail class to be used to constrain 1867 which SUPAPolicyMetadata objects can be aggregated by 1868 this particular SUPAPolicyObject instance."; 1869 } 1870 container supa-policy-metadata-detail-container { 1871 description 1872 "This is a container to collect all object instances of 1873 type SUPAPolicyMetadataDetail."; 1874 list supa-policy-metadata-detail-list { 1875 key supa-policy-ID; 1876 uses supa-has-policy-metadata-detail; 1877 description 1878 "This is a list of all supa-policy-metadata-detail 1879 instances in the system. Instances of subclasses 1880 will be in a separate list. 1881 Note that this policy is made concrete for exemplary 1882 purposes. To be useful, it almost certainly needs 1883 refinement."; 1884 } 1885 } 1887 identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { 1888 description 1889 "The identity corresponding to a SUPAHasMetadataDecorator 1890 association class object instance."; 1891 } 1893 grouping supa-has-decorator-policy-component-detail { 1894 leaf supa-policy-ID { 1895 type string; 1896 description 1897 "This is a globally unique ID for this association 1898 instance in the overall policy system."; 1899 } 1900 leaf entity-class { 1901 type identityref { 1902 base SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; 1903 } 1904 default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; 1905 description 1906 "The identifier of the class of this assocation."; 1907 } 1908 leaf supa-policy-component-decorator-ptr { 1909 type instance-identifier; 1910 must "derived-from-or-self (deref(.)/entity-class, 1911 SUPA-POLICY-COMPONENT-DECORATOR-TYPE)"; 1912 description 1913 "This associates the SUPAPolicyComponentStructure 1914 object instance participating in a 1915 SUPAHasDecoratedPolicyComponent aggregation to the 1916 SUPAHasDecoratedPolicyComponentDetail association 1917 class that provides the semantics of this aggregation. 1918 This defines the object class that this 1919 instance-identifier points to."; 1920 } 1921 leaf supa-policy-component-ptr { 1922 type instance-identifier; 1923 must "derived-from-or-self (deref(.)/entity-class, 1924 SUPA-POLICY-COMPONENT-TYPE)"; 1925 description 1926 "This associates the SUPAPolicyComponentDecorator 1927 object instance participating in a 1928 SUPAHasDecoratedPolicyComponent aggregation to the 1929 SUPAHasDecoratedPolicyComponentDetail association 1930 class that provides the semantics of this aggregation. 1931 This defines the object class that this 1932 instance-identifier points to."; 1933 } 1934 leaf-list supa-has-decorator-constraint { 1935 type string; 1936 description 1937 "A constraint expression applying to this association 1938 between a policy component decorator and the 1939 decorated component."; 1940 } 1941 leaf supa-has-decorator-constraint-encoding { 1942 type string; 1943 description 1944 "The language in which the constraints on the 1945 policy component-decoration is expressed."; 1946 } 1947 description 1948 "This is a concrete association class that defines the 1949 semantics of the SUPAHasDecoratedPolicyComponent 1950 aggregation. The purpose of this class is to use the 1951 Decorator pattern to detemine which 1952 SUPAPolicyComponentDecorator object instances, if any, 1953 are required to augment the functionality of the concrete 1954 subclass of SUPAPolicyClause that is being used."; 1955 } 1957 container supa-policy-component-decorator-detail-container { 1958 description 1959 "This is a container to collect all object instances of 1960 type SUPAPolicyComponentDecoratorDetail."; 1961 list supa-policy-component-decorator-detail-list { 1962 key supa-policy-ID; 1963 uses supa-has-decorator-policy-component-detail; 1964 description 1965 "This is a list of all 1966 supa-policy-component-decorator-details."; 1967 } 1968 } 1969 identity SUPA-HAS-POLICY-SOURCE-ASSOC { 1970 description 1971 "The identity corresponding to a SUPAHasPolicySource 1972 association class object instance."; 1973 } 1975 grouping supa-has-policy-source-detail { 1976 leaf supa-policy-ID { 1977 type string; 1978 description 1979 "This is a globally unique ID for this association 1980 instance in the overall policy system."; 1981 } 1982 leaf entity-class { 1983 type identityref { 1984 base SUPA-HAS-POLICY-SOURCE-ASSOC; 1985 } 1986 default SUPA-HAS-POLICY-SOURCE-ASSOC; 1987 description 1988 "The identifier of the class of this assocation."; 1989 } 1990 leaf supa-policy-source-structure-ptr { 1991 type instance-identifier; 1992 must "derived-from-or-self (deref(.)/entity-class, 1993 POLICY-STRUCTURE-TYPE)"; 1994 description 1995 "This associates the SUPAPolicyStructure object 1996 instance participating in a SUPAHasPolicySource 1997 aggregation to the SUPAHasPolicySourceDetail 1998 association class that provides the semantics of 1999 this aggregation. This defines the object class 2000 that this instance-identifier points to."; 2001 } 2002 leaf supa-policy-source-ptr { 2003 type instance-identifier; 2004 must "derived-from-or-self (deref(.)/entity-class, 2005 SUPA-POLICY-SOURCE-TYPE)"; 2006 description 2007 "This associates the SUPAPolicySource object 2008 instance participating in a SUPAHasPolicySource 2009 aggregation to the SUPAHasPolicySourceDetail 2010 association class that provides the semantics of 2011 this aggregation. This defines the object class 2012 that this instance-identifier points to."; 2013 } 2014 leaf supa-policy-source-is-authenticated { 2015 type boolean; 2016 description 2017 "If the value of this attribute is true, then this 2018 SUPAPolicySource object has been authenticated by 2019 this particular SUPAPolicyStructure object."; 2020 } 2021 leaf supa-policy-source-is-trusted { 2022 type boolean; 2023 description 2024 "If the value of this attribute is true, then this 2025 SUPAPolicySource object has been verified to be 2026 trusted by this particular SUPAPolicyStructure 2027 object."; 2028 } 2029 description 2030 "This is an association class, and defines the semantics of 2031 the SUPAHasPolicySource aggregation. The attributes and 2032 relationships of this class can be used to define which 2033 SUPAPolicySource objects can be attached to which 2034 particular set of SUPAPolicyStructure objects."; 2035 } 2037 container supa-policy-source-detail-container { 2038 description 2039 "This is a container to collect all object instances of 2040 type SUPAPolicySourceDetail."; 2041 list supa-policy-source-detail-list { 2042 key supa-policy-ID; 2043 uses supa-has-policy-source-detail; 2044 description 2045 "This is a list of all supa-policy-source-detail 2046 objects."; 2047 } 2048 } 2050 identity SUPA-HAS-POLICY-TARGET-ASSOC { 2051 description 2052 "The identity corresponding to a SUPAHasPolicyTarget 2053 association class object instance."; 2054 } 2056 grouping supa-has-policy-target-detail { 2057 leaf supa-policy-ID { 2058 type string; 2059 description 2060 "This is a globally unique ID for this association 2061 instance in the overall policy system."; 2062 } 2063 leaf entity-class { 2064 type identityref { 2065 base SUPA-HAS-POLICY-TARGET-ASSOC; 2066 } 2067 default SUPA-HAS-POLICY-TARGET-ASSOC; 2068 description 2069 "The identifier of the class of this assocation."; 2070 } 2071 leaf supa-policy-target-structure-ptr { 2072 type instance-identifier; 2073 must "derived-from-or-self (deref(.)/entity-class, 2074 POLICY-STRUCTURE-TYPE)"; 2075 description 2076 "This associates the SUPAPolicyStructure object 2077 instance participating in a SUPAHasPolicyTarget 2078 aggregation to the SUPAHasPolicyTargetDetail 2079 association class that provides the semantics of 2080 this aggregation. This defines the object class 2081 that this instance-identifier points to."; 2082 } 2083 leaf supa-policy-target-ptr { 2084 type instance-identifier; 2085 must "derived-from-or-self (deref(.)/entity-class, 2086 SUPA-POLICY-TARGET-TYPE)"; 2087 description 2088 "This associates the SUPAPolicyTarget object 2089 instance participating in a SUPAHasPolicyTarget 2090 aggregation to the SUPAHasPolicyTargetDetail 2091 association class that provides the semantics of 2092 this aggregation. This defines the object class 2093 that this instance-identifier points to."; 2094 } 2095 leaf supa-policy-source-is-authenticated { 2096 type boolean; 2097 description 2098 "If the value of this attribute is true, then this 2099 SUPAPolicyTarget object has been authenticated by 2100 this particular SUPAPolicyStructure object."; 2101 } 2102 leaf supa-policy-source-is-enabled { 2103 type boolean; 2104 description 2105 "If the value of this attribute is true, then this 2106 SUPAPolicyTarget object is able to be used as a 2107 SUPAPolicyTarget. This means that it has agreed to 2108 play the role of a SUPAPolicyTarget, and that it is 2109 able to either process (directly or with the aid of a 2110 proxy) SUPAPolicies, or receive the results of a 2111 processed SUPAPolicy and apply those results to 2112 itself."; 2113 } 2114 description 2115 "This is an association class, and defines the semantics of 2116 the SUPAHasPolicyTarget aggregation. The attributes and 2117 relationships of this class can be used to define which 2118 SUPAPolicyTarget objects can be attached to which 2119 particular set of SUPAPolicyStructure objects."; 2120 } 2121 container supa-policy-target-detail-container { 2122 description 2123 "This is a container to collect all object instances of 2124 type SUPAPolicyTargetDetail."; 2125 list supa-policy-target-detail-list { 2126 key supa-policy-ID; 2127 uses supa-has-policy-target-detail; 2128 description 2129 "This is a list of all supa-policy-target-detail 2130 objects."; 2131 } 2132 } 2134 identity SUPA-HAS-POLICY-CLAUSE-ASSOC { 2135 description 2136 "The identity corresponding to a SUPAHasPolicyClause 2137 association class object instance."; 2138 } 2140 grouping supa-has-policy-clause-detail { 2141 leaf supa-policy-ID { 2142 type string; 2143 description 2144 "This is a globally unique ID for this association 2145 instance in the overall policy system."; 2146 } 2147 leaf entity-class { 2148 type identityref { 2149 base SUPA-HAS-POLICY-CLAUSE-ASSOC; 2150 } 2151 default SUPA-HAS-POLICY-CLAUSE-ASSOC; 2152 description 2153 "The identifier of the class of this assocation."; 2154 } 2155 leaf supa-policy-clause-structure-ptr { 2156 type instance-identifier; 2157 must "derived-from-or-self (deref(.)/entity-class, 2158 POLICY-STRUCTURE-TYPE)"; 2159 description 2160 "This associates the SUPAPolicyStructure object 2161 instance participating in a SUPAHasPolicyClause 2162 aggregation to the SUPAHasPolicyClauseDetail 2163 association class that provides the semantics of 2164 this aggregation. This defines the object class 2165 that this instance-identifier points to."; 2166 } 2167 leaf supa-policy-clause-ptr { 2168 type instance-identifier; 2169 must "derived-from-or-self (deref(.)/entity-class, 2170 SUPA-POLICY-CLAUSE-TYPE)"; 2172 description 2173 "This associates the SUPAPolicyClause object 2174 instance participating in a SUPAHasPolicyClause 2175 aggregation to the SUPAHasPolicyClauseDetail 2176 association class that provides the semantics of 2177 this aggregation. This defines the object class 2178 that this instance-identifier points to."; 2179 } 2180 description 2181 "This is an association class, and defines the semantics of 2182 the SUPAHasPolicyClause aggregation. The attributes and 2183 relationships of this class can be used to define which 2184 SUPAPolicyTarget objects can be attached to which 2185 particular set of SUPAPolicyStructure objects. 2186 Every SUPAPolicyStructure object instance MUST aggregate 2187 at least one SUPAPolicyClause object instance. However, 2188 the converse is NOT true. For example, a SUPAPolicyClause 2189 could be instantiated and then stored for later use in a 2190 policy repository."; 2191 } 2193 container supa-policy-clause-detail-container { 2194 description 2195 "This is a container to collect all object instances of 2196 type SUPAPolicyClauseDetail."; 2197 list supa-policy-clause-detail-list { 2198 key supa-policy-ID; 2199 uses supa-has-policy-clause-detail; 2200 description 2201 "This is a list of all supa-policy-clause-detail 2202 objects."; 2203 } 2204 } 2206 identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { 2207 description 2208 "The identity corresponding to a 2209 SUPAHasPolExecFailActionToTake association class 2210 object instance."; 2211 } 2213 grouping supa-has-policy-exec-action-detail { 2214 leaf supa-policy-ID { 2215 type string; 2216 description 2217 "This is a globally unique ID for this association 2218 instance in the overall policy system."; 2219 } 2220 leaf entity-class { 2221 type identityref { 2222 base SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; 2223 } 2224 default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; 2225 description 2226 "The identifier of the class of this assocation."; 2227 } 2228 leaf supa-policy-structure-action-src-ptr { 2229 type instance-identifier; 2230 must "derived-from-or-self (deref(.)/entity-class, 2231 POLICY-STRUCTURE-TYPE)"; 2232 description 2233 "This associates the SUPAPolicyStructure object 2234 instance participating in a 2235 SUPAHasPolExecFailActionToTake association to the 2236 SUPAHasPolExecFailActionToTakeDetail association 2237 class that provides the semantics of this 2238 aggregation. This defines the object class that 2239 this instance-identifier points to."; 2240 } 2241 leaf supa-policy-structure-action-dst-ptr { 2242 type instance-identifier; 2243 must "derived-from-or-self (deref(.)/entity-class, 2244 POLICY-STRUCTURE-TYPE)"; 2245 description 2246 "This associates a SUPAPolicyAction object 2247 instance participating in a 2248 SUPAHasPolExecFailActionToTake association to the 2249 SUPAHasPolExecFailActionToTakeDetail association 2250 class that provides the semantics of this 2251 aggregation. This defines the object class that 2252 this instance-identifier points to."; 2253 } 2254 leaf supa-policy-exec-fail-take-action-encoding { 2255 type policy-data-type-id-encoding-list; 2256 description 2257 "This defines how to find the set of SUPA Policy 2258 Action objects contained in each element of the 2259 supa-policy-exec-fail-take-action-name attribute 2260 object."; 2261 } 2262 leaf-list supa-policy-exec-fail-take-action-name { 2263 type string; 2264 description 2265 "This identifies the set of SUPA Policy Actions to take 2266 if the SUPAPolicyStructure object that owns this 2267 association failed to execute properly. The 2268 interpretation of this string attribute is defined by 2269 the supa-policy-exec-fail-take-action-encoding class 2270 attribute."; 2271 } 2272 description 2273 "This is an association class, and defines the semantics of 2274 the SUPAHasPolExecFailTakeAction association. The 2275 attributes and relationships of this class can be used to 2276 determine which SUPA Policy Action objects are executed in 2277 response to a failure of the SUPAPolicyStructure object 2278 instance that owns this association."; 2279 } 2281 container supa-policy-exec-fail-take-action-detail-container { 2282 description 2283 "This is a container to collect all object instances of 2284 type SUPAPolExecFailActionToTakeDetail."; 2285 list supa-policy-exec-fail-take-action-detail-list { 2286 key supa-policy-ID; 2287 uses supa-has-policy-exec-action-detail; 2288 description 2289 "This is a list of all 2290 supa-has-policy-exec-action-detail objects."; 2291 } 2292 } 2293 } 2295 2297 6. IANA Considerations 2299 No IANA considerations exist for this document. 2301 7. Security Considerations 2303 TBD 2305 8. Acknowledgments 2307 This document has benefited from reviews, suggestions, comments 2308 and proposed text provided by the following members, listed in 2309 alphabetical order: Qin Wu. 2311 9. References 2313 This section defines normative and informative references for this 2314 document. 2316 9.1. Normative References 2318 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2319 Requirement Levels", BCP 14, RFC 2119, March 1997. 2321 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for 2322 the Network Configuration Protocol (NETCONF)", 2323 RFC 6020, October 2010. 2325 [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, 2326 July 2013. 2328 9.2. Informative References 2330 [1] Strassner, J., Halpern, J., Coleman, J., "Generic 2331 Policy Information Model for Simplified Use of Policy 2332 Abstractions (SUPA)", 2333 draft-strassner-supa-generic-policy-info-model-05 2334 March 21, 2016 2336 Authors' Addresses 2338 Joel Halpern 2339 Ericsson 2340 P. O. Box 6049 2341 Leesburg, VA 20178 2342 Email: joel.halpern@ericsson.com 2344 John Strassner 2345 Huawei Technologies 2346 2330 Central Expressway 2347 Santa Clara, CA 95138 USA 2348 Email: john.sc.strassner@huawei.com