idnits 2.17.1 draft-ietf-supa-generic-policy-data-model-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 1, 2016) is 2764 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: '2' is defined on line 3005, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 3007, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 3008, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 3010, but no explicit reference was found in the text == Unused Reference: '7' is defined on line 3011, but no explicit reference was found in the text == Unused Reference: '8' is defined on line 3013, but no explicit reference was found in the text == Outdated reference: A later version (-03) exists of draft-ietf-supa-generic-policy-info-model-01 Summary: 0 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group J. Halpern 2 Internet-Draft Ericsson 3 Intended status: Informational J. Strassner 4 Expires: April 3, 2017 Huawei Technologies 5 S. Van der Meer 6 Ericsson 7 October 1, 2016 9 Generic Policy Data Model for 10 Simplified Use of Policy Abstractions (SUPA) 11 draft-ietf-supa-generic-policy-data-model-01 13 Abstract 15 This document defines two YANG policy data modules. The first is a 16 generic policy model that is meant to be extended on an application- 17 specific basis. The second is an exemplary extension of the first 18 generic policy model, and defines rules as event-condition-action 19 policies. Both models are independent of the level of abstraction of 20 the content and meaning of a policy. 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current 30 Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six 33 months and may be updated, replaced, or obsoleted by other 34 documents at any time. It is inappropriate to use Internet-Drafts 35 as reference material or to cite them other than as "work in 36 progress." 38 This Internet-Draft will expire on April 3, 2017. 40 Copyright Notice 42 Copyright (c) 2016 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with 50 respect to this document. Code Components extracted from this 51 document must include Simplified BSD License text as described in 52 Section 4.e of the Trust Legal Provisions and are provided 53 without warranty as described in the Simplified BSD License. 55 Table of Contents 57 1. Overview ....................................................... 2 58 2. Conventions Used in This Document .............................. 2 59 3. Terminology .................................................... 3 60 3.1. Acronyms ................................................. 3 61 3.2. Definitions .............................................. 3 62 3.3. Symbology ................................................ 5 63 4. Design of the SUPA Policy Data Models ......................... 5 64 4.1. Objectives ............................................... 5 65 4.2 Yang Data Model Maintenance ................................ 5 66 4.3 YANG Data Model Overview ................................... 6 67 4.4. YANG Tree Diagram ........................................ 7 68 5. SUPA Policy Data Model YANG Module ............................ 11 69 6. IANA Considerations ........................................... 47 70 7. Security Considerations ....................................... 47 71 8. Acknowledgments ............................................... 47 72 9. References .................................................... 47 73 9.1. Normative References ..................................... 48 74 9.2. Informative References ................................... 48 75 Authors' Addresses ................................................ 48 77 1. Overview 79 This document defines two YANG [RFC6020] [RFC6991] policy data 80 models. The first is a generic policy model that is meant to be 81 extended on an application-specific basis. It is derived from the 82 Generic Policy Information Model (GPIM) defined in [1]. The second 83 is an exemplary extension of the first (generic policy) model, and 84 defines policy rules as event-condition-action tuples. Both models 85 are independent of the level of abstraction of the content and 86 meaning of a policy. 88 The GPIM defines a common framework as a set of model elements 89 (e.g., classes, attributes, and relationships) that specify a 90 common set of policy management concepts that are independent of the 91 type of policy (e.g., imperative, procedural, declarative, or 92 otherwise). The first YANG data model is a translation of the GPIM 93 to a YANG module. The ECA Policy Rule Information Model (EPRIM), 94 also defined in [1], extends the GPIM to represent policy rules that 95 use the Event-Condition-Action (ECA) paradigm. The second YANG data 96 model maps the EPRIM to YANG. The second YANG data model MAY be 97 used to augment the functionality of the first YANG data model. 99 2. Conventions Used in This Document 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 103 this document are to be interpreted as described in [RFC2119]. In 104 this document, these words will appear with that interpretation 105 only when in ALL CAPS. Lower case uses of these words are not to 106 be interpreted as carrying [RFC2119] significance. 108 3. Terminology 110 This section defines acronyms, terms, and symbology used in the 111 rest of this document. 113 3.1. Acronyms 115 CNF Conjunctive Normal Form 116 DNF Disjunctive Normal Form 117 ECA Event-Condition-Action 118 EPRIM (SUPA) ECA Policy Rule Information Model [1] 119 FQDN Fully Qualified Domain Name 120 FQPN Fully Qualified Path Name 121 GPIM (SUPA) Generic Policy Information Model [1] 122 GUID Globally Unique IDentifier 123 NETCONF Network Configuration protocol 124 OAM&P Operations, Administration, Management, and Provisioning 125 OCL Object Constraint Language {2] [3] 126 OID Object IDentifier 127 SUPA Simplified Use of Policy Abstractions 128 UML Unified Modeling Language 129 URI Uniform Resource Identifier 130 UUID Universally Unique IDentifier 132 3.2. Definitions 134 Action: a set of activities that have a set of associated behavior. 136 Boolean Clause: a logical statement that evaluates to either TRUE 137 or FALSE. Also called Boolean Expression. 139 Condition: a set of attributes, features, and/or values that are to 140 be compared with a set of known attributes, features, and/or 141 values in order to make a decision. A Condition, when used in 142 the context of a Policy Rule, is used to determine whether or not 143 the set of Actions in that Policy Rule can be executed or not. 145 Constraint: A constraint is a limitation or restriction. 146 Constraints may be added to any type of object (e.g., events, 147 conditions, and actions in Policy Rules). 149 Data Model: a data model is a representation of concepts of 150 interest to an environment in a form that is dependent on data 151 repository, data definition language, query language, 152 implementation language, and protocol (typically one or more of 153 these). This definition is taken from [1]. 155 ECA: Event - Condition - Action (a type of policy). 157 Event: an Event is defined as any important occurrence in time in 158 the system being managed, and/or in the environment of the system 159 being managed. An Event may represent the changing or maintaining 160 of the state of a managed object. An Event, when used in the 161 context of a Policy Rule, is used to determine whether the 162 Condition clause of an imperative (i.e., ECA) Policy Rule can be 163 evaluated or not. 165 FQPN (FUlly Qualified Path Name) 166 The specification of a path to a file in a system that 167 unambiguously resolves to only that specific file. In this 168 sense, "fully qualified" is independent of context. However, 169 in a distributed system, it may be dependent on the specific 170 format of an operating system. Hence, implementations should 171 consider such issues before allowing the use of FQPNs. 173 Information Model: an information model is a representation of 174 concepts of interest to an environment in a form that is 175 independent of data repository, data definition language, query 176 language, implementation language, and protocol. This definition 177 is taken from [1]. 179 Metadata: metadata is data that provides descriptive and/or 180 prescriptive information about the object(s) to which it is 181 associated. This enables structure and content of the object(s) 182 to which it applies, as well as usage and other information, to 183 be represented in an extensible manner. It avoids "burying" 184 common information in specific classes, and increases reuse. 186 SUPAPolicy: A SUPAPolicy is, in this version of this document, an ECA 187 policy rule that MUST contain an ECA policy rule, SHOULD contain 188 one or more SUPAPolicyMetadata objects, and MAY contain other 189 elements that define the semantics of the policy rule. An ECA 190 Policy Rule MUST contain an event clause, a condition clause, and 191 an action clause. Policies are generically defined as a means to 192 monitor and control the changing and/or maintaining of the state 193 of one or more managed objects. This definition is based on the 194 definition of SUPAPolicy in [1]. 196 3.3. Symbology 198 The following representation is used to describe YANG data modules 199 defined in this draft. 201 o Brackets "[" and "]" enclose list keys. 203 o Abbreviations before data node names: "rw" means configuration 204 data (read-write), and "ro" means state data (read-only). 206 o Symbols after data node names: "?" means an optional node, "!" 207 means a presence container, and "*" denotes a list and leaf-list. 209 o Parentheses enclose choice and case nodes, and case nodes are also 210 marked with a colon (":"). 212 o Ellipsis ("...") stands for contents of subtrees that are not 213 shown. 215 4. Design of the SUPA Policy Data Models 217 This section describes the design philosophy of the YANG data model, 218 and how they will be maintained. 220 4.1. Objectives 222 These Data Models are derived from the SUPA Generic Policy 223 Information Model [1]. The overall objective is to faithfully 224 transform that information model into a YANG data model that can 225 be used for communicating policy. The policy scope to be covered is 226 that defined by [1]; please refer to it for more details and 227 background information. 229 This model is an extensible framework that is independent of the 230 implementation approach for storing polices, as well as being 231 independent of the content and meaning of specific policies. These 232 models can be extended (generally by using the groupings here and 233 defining additional containers for concrete classes) to represent 234 domain- and/or application-specific policies. The ECA model in this 235 document is an example of extending the general policy model towards 236 specific policies. 238 By using this approach, different policy models will use common 239 semantics, enabling them to be more easily integrated. 241 One of the important goals of this work is for the semantics of 242 these models to align with those of the generic policy information 243 model. Thus, most of this model was generate by a quasi-algorithmic 244 transformation of the information model. This was done by hand. 245 Certain changes were made to reflect the fact that this is a YANG 246 data model, and therefore, does not need to generically allow for 247 all data modelling languages. Details of the process are described 248 below in section 4.3. 250 4.2 Yang Data Model maintenance 252 All model changes should be done to both the information model and 253 the data model in parallel. Care is being taken during development 254 of this model to ensure that is the case. 256 In general, structural changes will be applied to both the 257 information model and the data model, and then any necessary YANG 258 repairs taken to preserve the validity of the YANG data model. 260 4.3 YANG Data Model Overview 262 This YANG data model is generated by applying suitable YANG 263 constructs to represent the information in the information model. 265 There are three key information modeling concepts that this data 266 model needs to represent consistently. These are classes, class 267 inheritance (also known as subclassing) and associations. The 268 SUPA generic policy information model [1] makes extensive use of 269 these concepts. 271 Each class in the model is represented by a YANG identity and by a 272 YANG grouping. The use of groupings enables us to define these 273 classes abstractly. Each grouping begins with two leaves (either 274 defined in the grouping or inherited via a using clause), which 275 provide common functionality. One leaf is used for the system-wide 276 unique identifier for this instance. This is either named 277 supa-policy-ID (for the SUPAPolicyObject tree, which contains 278 everything EXCEPT metadata objects) or supa-policy-metadata-id (for 279 the SUPAPolicyMetadata tree, which ONLY contains metadata). All 280 associations use supa-policy-IDs. The second leaf is always called 281 the entity-class. It is an identityref which is set to the identity 282 of the instance. The default value for this leaf is always 283 correctly defined by the grouping. It is read-write in the YANG 284 formalism due to restrictions on the use of MUST clauses. 286 Class inheritance (or subclassing) is done by defining an identity 287 and a grouping for the new class. The identity is based on the 288 parent identity, and is given a new name to represent this class. 289 The new grouping uses the parent grouping. It refines the 290 entity-class of the parent, replacing the default value of the 291 entity-class with the correct value for this class. 293 Associations are represented by the use of instance-identifiers and 294 association classes. Association classes are classes, using the 295 above construction, which contain leaves representing the set of 296 instance-identifiers for each end of the association, along with 297 any other properties the information model assigns to the 298 association. The two associated classes each have a leaf with an 299 instance-identifier that points to the association class instance. 300 Each instance-identifier leaf is defined with a must clause. That 301 must clause references the entity-class of the target of the 302 instance-identifier, and specifies that the entity class type must 303 be the same as, or subclassed from, a specific named class. Thus, 304 associations can point to any instance of a selected class, or any 305 instance of any subclass of that target. 307 While not mandated by the YANG, it is expected that the xpath for 308 the instance-identifier will end with an array selection specifying 309 the supa-policy-ID or supa-policy-metadata-id of the target. This 310 enables us to construct the abstract class tree, with inheritance 311 and associations. It is noted and accepted that this process does 312 lose the distinction between containment, association, and 313 aggregation used by the information model. 315 The concrete class tree is constructed as follows. The YANG model 316 defines a container for each class that is defined as concrete by 317 the information model. That container contains a single list, 318 keyed by either the supa-policy-id or the supa-policy-metadata-id. 319 The content of the list is defined by a uses clause referencing the 320 grouping that defines the class. After this was done, certain 321 additional modifications were made. Specifically, any information 322 model constructs intended to represent lists of possible values 323 were recast as YANG enumerations. Where these lists are used more 324 than once, they are factored out into reusable enumerations. 326 Certain attributes that are not needed in the YANG (e.g., to 327 represent the range of choices different data models might use for 328 policy identification) were removed for simplicity and clarity. 330 4.4. YANG Tree Diagram 332 The YANG Tree Diagram starts on the next page. It uses the following 333 abbreviations for datatypes: 335 - B: Boolean 336 - E: enumeration 337 - II: instance-identifier 338 - IR: identityref 339 - PC: policy-constraint-language-list 340 - PD: policy-data-type-encoding-list 341 - S: string 342 - YD: yang:date-and-time 343 - UI: uint32 345 module: ietf-supa-policydatamodel 346 +--rw supa-encoding-clause-container 347 | +--rw supa-encoding-clause-list* [supa-policy-ID] 348 | +--rw supa-policy-ID S 349 | +--rw entity-class? IR 350 | +--rw supa-policy-name? S 351 | +--rw supa-policy-object-description? S 352 | +--rw supa-has-policy-metadata-agg-ptr* II 353 | +--rw supa-has-policy-component-decorator-part-ptr II 354 | +--rw supa-policy-clause-deploy-status E 355 | +--rw supa-has-policy-clause-part-ptr* II 356 I +--rw supa-encoded-clause-content S 357 I +--rw supa-encoded-clause-language E 358 +--rw supa-policy-variable-container 359 | +--rw supa-policy-variable-list* [supa-policy-ID] 360 | +--rw supa-policy-ID S 361 | +--rw entity-class? IR 362 | +--rw supa-policy-name? S 363 | +--rw supa-policy-object-description? S 364 | +--rw supa-has-policy-metadata-agg-ptr* II 365 | +--rw supa-has-policy-component-decorator-part-ptr II 366 | +--rw supa-has-policy-component-decorator-agg-ptr* II 367 | +--rw supa-decorator-constraints* S 368 | +--rw supa-has-decorator-constraint-encoding? PC 369 | +--rw supa-policy-term-is-negated? B 370 | +-rw supa-policy-variable-name? S 371 +--rw supa-policy-operator-container 372 | +--rw supa-policy-operator-list* [supa-policy-ID] 373 | +--rw supa-policy-ID S 374 | +--rw entity-class? IR 375 | +--rw supa-policy-name? S 376 | +--rw supa-policy-object-description? S 377 | +--rw supa-has-policy-metadata-agg-ptr* II 378 | +--rw supa-has-policy-component-decorator-part-ptr II 379 | +--rw supa-has-policy-component-decorator-agg-ptr* II 380 | +--rw supa-decorator-constraints* S 381 | +--rw supa-has-decorator-constraint-encoding? PC 382 | +--rw supa-policy-term-is-negated? B 383 | +--rw supa-policy-value-op-type E 384 +--rw supa-policy-value-container 385 | +--rw supa-policy-value-list* [supa-policy-ID] 386 | +--rw supa-policy-ID S 387 | +--rw entity-class? IR 388 | +--rw supa-policy-name? S 389 | +--rw supa-policy-object-description? S 390 | +--rw supa-has-policy-metadata-agg-ptr* II 391 | +--rw supa-has-policy-component-decorator-part-ptr II 392 | +--rw supa-has-policy-component-decorator-agg-ptr* II 393 | +--rw supa-decorator-constraints* S 394 | +--rw supa-has-decorator-constraint-encoding? PC 395 | +--rw supa-policy-term-is-negated? B 396 | +--rw supa-policy-value-content* S 397 | +--rw supa-policy-value-encoding? PD 398 +--rw supa-policy-generic-decorated-container 399 | +--rw supa-encoding-clause-list* [supa-policy-ID] 400 | +--rw supa-policy-ID S 401 | +--rw entity-class? IR 402 | +--rw supa-policy-name? S 403 | +--rw supa-policy-object-description? S 404 | +--rw supa-has-policy-metadata-agg-ptr* II 405 | +--rw supa-has-policy-component-decorator-part-ptr II 406 | +--rw supa-has-policy-component-decorator-agg-ptr* II 407 | +--rw supa-decorator-constraints* S 408 | +--rw supa-has-decorator-constraint-encoding? PC 409 | +--rw supa-policy-generic-decorated-content* S 410 | +--rw supa-policy-generic-decorated-encoding? PD 411 +--rw supa-policy-concrete-metadata-container 412 | +--rw supa-policy-concrete-metadata-list* 413 [supa-policy-metadata-ID] 414 | +--rw supa-policy-metadata-id S 415 | +--rw entity-class? IR 416 | +--rw supa-policy-metadata-description? S 417 | +--rw supa-policy-metadata-name? S 418 | +--rw supa-has-policy-metadata-part-ptr* II 419 | +--rw supa-has-policy-metadata-dec-part-ptr* II 420 | +--rw supa-policy-metadata-valid-period-end? YD 421 | +--rw supa-policy-metadata-valid-period-start? YD 422 +--rw supa-policy-metadata-decorator-access-container 423 | +--rw supa-policy-metadata-decorator-access-list* 424 [supa-policy-metadata-ID] 425 | +--rw supa-policy-metadata-id S 426 | +--rw entity-class? IR 427 | +--rw supa-policy-metadata-description? S 428 | +--rw supa-policy-metadata-name? S 429 | +--rw supa-has-policy-metadata-part-ptr* II 430 | +--rw supa-has-policy-metadata-dec-part-ptr* II 431 | +--rw supa-has-policy-metadata-dec-agg-ptr? II 432 +--rw supa-policy-metadata-decorator-version-container 433 | +--rw supa-policy-metadata-decorator-version-list* 434 [supa-policy-metadata-ID] 435 | +--rw supa-policy-metadata-ID S 436 | +--rw entity-class? IR 437 | +--rw supa-policy-metadata-description? S 438 | +--rw supa-policy-metadata-name? S 439 | +--rw supa-has-policy-metadata-part-ptr* II 440 | +--rw supa-has-policy-metadata-dec-part-ptr* II 441 | +--rw supa-has-policy-metadata-dec-agg-ptr? II 442 +--rw supa-policy-metadata-detail-container 443 | +--rw supa-policy-metadata-detail-list [supa-policy-ID] 444 | +--rw supa-policy-id S 445 | +--rw entity-class? IR 446 | +--rw supa-policy-name? S 447 | +--rw supa-policy-object-description? S 448 | +--rw supa-has-policy-metadata-agg-ptr* II 449 | +--rw supa-has-policy-metadata-detail-agg-ptr? II 450 | +--rw supa-has-policy-metadata-detail-part-ptr? II 451 | +--rw supa-policy-metadata-detail-is-applicable? B 452 | +--rw supa-policy-metadata-detail-constraint* S 453 | +--rw supa-policy-metadata-detail-constraint-encoding? PC 454 +--rw supa-policy-component-decorator-detail-container 455 | +--rw supa-policy-component-decorator-detail-list* 456 [supa-policy-ID] 457 | +--rw supa-policy-id S 458 | +--rw entity-class? IR 459 | +--rw supa-policy-name? S 460 | +--rw supa-policy-object-description? S 461 | +--rw supa-has-policy-metadata-agg-ptr* II 462 | +--rw supa-has-policy-component-decorator-agg-ptr? II 463 | +--rw supa-has-policy-component-decorator-part-ptr? II 464 | +--rw supa-has-decorator-constraint* S 465 | +--rw supa-has-decorator-constraint-encoding PC 466 +--rw supa-policy-source-detail-container 467 | +--rw supa-policy-source-detail-list* [supa-policy-ID] 468 | +--rw supa-policy-id S 469 | +--rw entity-class? IR 470 | +--rw supa-policy-name? S 471 | +--rw supa-policy-object-description? S 472 | +--rw supa-has-policy-metadata-agg-ptr* II 473 I +--rw supa-has-policy-source-detail-agg-ptr? II 474 I +--rw supa-has-policy-source-detail-part-ptr? II 475 I +--rw supa-policy-source-is-authenticated? B 476 I +--rw supa-policy-source-is-trusted? B 477 +--rw supa-policy-target-detail-container 478 | +--rw supa-policy-target-detail-list* [supa-policy-ID] 479 | +--rw supa-policy-id S 480 | +--rw entity-class? IR 481 | +--rw supa-policy-name? S 482 | +--rw supa-policy-object-description? S 483 | +--rw supa-has-policy-metadata-agg-ptr* II 484 I +--rw supa-has-policy-target-detail-agg-ptr? II 485 I +--rw supa-has-policy-target-detail-part-ptr? II 486 I +--rw supa-policy-target-is-authenticated? B 487 I +--rw supa-policy-target-is-enabled? B 488 +--rw supa-policy-clause-detail-container 489 | +--rw supa-policy-clause-detail-list* [supa-policy-ID] 490 | +--rw supa-policy-id S 491 | +--rw entity-class? IR 492 | +--rw supa-policy-name? S 493 | +--rw supa-policy-object-description? S 494 | +--rw supa-has-policy-metadata-agg-ptr* II 495 | +--rw supa-policy-admin-status E 496 | +--rw supa-policy-continuum-level? UI 497 | +--rw supa-policy-deploy-status E 498 | +--rw supa-policy-exec-fail-strategy E 499 | +--rw supa-has-policy-source-agg-ptr* II 500 | +--rw supa-has-policy-target-agg-ptr* II 501 | +--rw supa-has-policy-clause-agg-ptr* II 502 | +--rw supa-has-policy-exec-fail-action-agg-ptr* II 503 | +--rw supa-has-policy-exec-fail-action-part-ptr* II 504 | +--rw supa-has-policy-clause-detail-agg-ptr? II 505 | +--rw supa-has-policy-clause-detail-part-ptr? II 506 +--rw supa-policy-exec-fail-take-action-detail-container 507 | +--rw supa-policy-exec-fail-take-action-detail-list* 508 [supa-policy-ID] 509 | +--rw supa-policy-id S 510 | +--rw entity-class? IR 511 | +--rw supa-policy-name? S 512 | +--rw supa-policy-object-description? S 513 | +--rw supa-has-policy-metadata-agg-ptr* II 514 | +--rw supa-policy-admin-status E 515 | +--rw supa-policy-continuum-level? UI 516 | +--rw supa-policy-deploy-status E 517 | +--rw supa-policy-exec-fail-strategy E 518 | +--rw supa-has-policy-source-agg-ptr* II 519 | +--rw supa-has-policy-target-agg-ptr* II 520 | +--rw supa-has-policy-clause-agg-ptr* II 521 | +--rw supa-has-policy-exec-fail-action-agg-ptr* II 522 | +--rw supa-has-policy-exec-fail-action-part-ptr* II 523 | +--rw supa-has-exec-fail-action-detail-agg-ptr? II 524 | +--rw supa-has-exec-fail-action-detail-part-ptr? II 525 | +--rw supa-policy-exec-fail-take-action-name* S 526 +--rw supa-policy-metadata-decorator-detail-container 527 +--rw supa-policy-metadata-decorator-detail-list* 528 [supa-policy-metadata-ID] 529 +--rw supa-policy-metadata-id S 530 +--rw entity-class? IR 531 +--rw supa-policy-metadata-description? S 532 +--rw supa-policy-metadata-name? S 533 +--rw supa-has-policy-metadata-part-ptr* II 534 +--rw supa-has-policy-metadata-dec-part-ptr* II 535 +--rw supa-has-policy-metadata-detail-dec-agg-ptr? II 536 +--rw supa-has-policy-metadata-detail-dec-part-ptr? II 538 5. SUPA Policy Data Model YANG Module 540 The SUPA YANG data model module is divided into two main parts: 542 1) a set of containers that represent the objects that make 543 updated a Policy Rule and its Policy Rule Components 544 2) a set of containers that represent the objects that define and 545 apply metadata to Policy Rules and/or Policy Rule Components 547 [Editor's note] < This will be finished in version 02 > 548 file "ietf-supa-policydatamodel@2016-10-01.yang" 550 module ietf-supa-policydatamodel { 552 yang-version 1.1; 553 namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policydatamodel"; 554 prefix supa-pdm; 556 import ietf-yang-types { 557 prefix yang; 558 } 560 organization "IETF"; 561 contact 562 "Editor: Joel Halpern 563 email: jmh@joelhalpern.com; 564 Editor: John Strassner 565 email: strazpdj@gmail.com;"; 567 description 568 "This module defines a data model for generic high level 569 definition of policies to be applied to a network. 570 This module is derived from and aligns with 571 draft-ietf-supa-generic-policy-info-model-01. 572 Details on all classes, associations, and attributes 573 can be found there. 574 Copyright (c) 2015 IETF Trust and the persons identified 575 as the document authors. All rights reserved. 576 Redistribution and use in source and binary forms, with or 577 without modification, is permitted pursuant to, and 578 subject to the license terms contained in, the Simplified 579 BSD License set forth in Section 4.c of the IETF Trust's 580 Legal Provisions Relating to IETF Documents 581 (http://trustee.ietf.org/license-info)."; 583 revision "2016-10-01" { 584 description 585 "20161001: Minor edits in association definitions. 586 20160928: Generated yang tree. 587 20160924: Rewrote association documentation; rebuilt 588 how all classes are named for consistency. 589 20160904: Optimization of module by eliminating leaves 590 that are not needed; rewrote section 4. 591 20160824: Edits to sync data model to info model. 592 20160720: Conversion to WG draft. Fixed pyang 1.1 593 compilation errors. Fixed must clause derefencing 594 used in grouping statements. Reformatted and expanded 595 descriptions. Fixed various typos. 596 20160321: Initial version."; 597 reference 598 "draft-ietf-supa-policy-data-model-00"; 599 } 600 typedef policy-constraint-language-list { 601 type enumeration { 602 enum "error" { 603 description 604 "This signifies an error state. OAM&P Policies 605 SHOULD NOT use this SUPAPolicy if the value of 606 this attribute is error."; 607 } 608 enum "init" { 609 description 610 "This signifies a generic initialization state. A 611 suitable Policy Constraint Language (e.g., OCL [2] 612 or Alloy[4]) may now be defined."; 613 } 614 enum "OCL2.4" { 615 description 616 "Object Constraint Language v2.4 [2]. This is a 617 declarative language for describing rules for 618 defining constraints and query expressions."; 619 } 620 enum "OCL2.x" { 621 description 622 "Object Constraint Language, v2.0 through 2.3.1 623 [2]."; 624 } 625 enum "OCL1.x" { 626 description 627 "Object Constraint Language, any version prior 628 to v2.0 [3]."; 629 } 630 enum "QVT1.2R" { 631 description 632 "QVT Relational Language [5]."; 633 } 634 enum "QVT1.2O" { 635 description 636 "QVT Operational language [5]."; 637 } 638 enum "Alloy" { 639 description 640 "A language for defining structures and 641 and relations using constraints [4]."; 642 } 643 } 644 description 645 "The language used to encode the constraints 646 relevant to the relationship between the metadata 647 and the underlying policy object."; 648 } 649 typedef policy-data-type-id-encoding-list { 650 type enumeration { 651 enum "error" { 652 description 653 "This signifies an error state. OAM&P Policies 654 SHOULD NOT use this SUPAPolicy if the value of 655 this attribute is error."; 656 } 657 enum "init" { 658 description 659 "This signifies an initialization state."; 660 } 661 enum "primary_key" { 662 description 663 "This represents the primary key of a table, which 664 uniquely identifies each record in that table. 665 It MUST NOT be NULL. It MAY consist of a single 666 or multiple fields. Note that a YANG data model 667 implementation does NOT have to implement this 668 enumeration."; 669 } 670 enum "foreign_key" { 671 description 672 "This represents the foreign key, which is a set 673 or more fields in one table that uniquely 674 identify a row in another table. It MAY be 675 NULL. Note that a YANG data model implementation 676 does NOT have to implement this enumeration."; 677 } 678 enum "GUID" { 679 description 680 "The object is referenced by this GUID."; 681 } 682 enum "UUID" { 683 description 684 "The object is referenced by this UUID."; 685 } 686 enum "URI" { 687 description 688 "The object is referenced by this URI."; 689 } 690 enum "FQDN" { 691 description 692 "The object is referenced by this FQDN."; 693 } 694 enum "FQPN" { 695 description 696 "The object is referenced by this FQPN. Note that 697 FQPNs assume that all components can access a 698 single logical file repostory."; 699 } 700 enum "string_instance_id" { 701 description 702 "A string that is the canonical representation, 703 in ASCII, of an instance ID of this object."; 704 } 705 } 706 description 707 "The list of possible data types used to represent object 708 IDs in the SUPA policy hierarchy."; 709 } 711 typedef policy-data-type-encoding-list { 712 type enumeration { 713 enum "error" { 714 description 715 "This signifies an error state. OAM&P Policies 716 SHOULD NOT use this SUPAPolicy if the value of 717 this attribute is error."; 718 } 719 enum "init" { 720 description 721 "This signifies an initialization state."; 722 } 723 enum "string" { 724 description 725 "This represents a string data type."; 726 } 727 enum "integer" { 728 description 729 "This represents an integer data type."; 730 } 731 enum "boolean" { 732 description 733 "This represents a Boolean data type."; 734 } 735 enum "floating point" { 736 description 737 "This represents a floating point data type."; 738 } 739 enum "date-and-time" { 740 description 741 "This represents a data type that can specify 742 date and/or time."; 743 } 744 enum "GUID" { 745 description 746 "This represents a GUID data type."; 747 } 748 enum "UUID" { 749 description 750 "This represents a UUID data type."; 751 } 752 enum "URI" { 753 description 754 "This represents a URI data type."; 755 } 756 enum "DN" { 757 description 758 "This represents a DN data type."; 759 } 760 enum "FQDN" { 761 description 762 "The object is referenced by this FQDN."; 763 } 764 enum "FQPN" { 765 description 766 "The object is referenced by this FQPN. Note that 767 FQPNs assume that all components can access a 768 single logical file repostory."; 769 } 770 enum "NULL" { 771 description 772 "This represents a NULL data type. NULL means the 773 absence of an actual value. NULL is frequently 774 used to represent a missing or invalid value."; 775 } 776 enum "string_instance_id" { 777 description 778 "A string that is the canonical representation, 779 in ASCII, of an instance ID of this object."; 780 } 781 } 782 description 783 "The set of allowable data types used to encode 784 multi-valued SUPA Policy attributes."; 785 } 787 // Identities are used in this model as a means to provide simple 788 // introspection to allow an instance-identifier to be tested as to 789 // what class it represents. This allows must clauses to specify 790 // that the target of a particular instance-identifier leaf must be a 791 // specific class, or within a certain branch of the inheritance tree. 792 // This depends upon the ability to refine the entity class default 793 // value. The entity class should be read-only. However, as this is 794 // the target of a MUST condition, it cannot be config-false. Also, 795 // it appears that we cannot put a MUST condition on its definition, 796 // as the default (actual) value changes for each inherited object. 798 identity POLICY-OBJECT-TYPE { 799 description 800 "The identity corresponding to a SUPAPolicyObject 801 object instance."; 802 } 803 grouping supa-policy-object-type { 804 leaf supa-policy-ID { 805 type string; 806 mandatory true; 807 description 808 "The string identifier of this policy object, which 809 functions as the unique object identifier of this 810 object instance. This attribute MUST be unique within 811 the policy system. This attribute is named 812 supaObjectIDContent in [1], and is used with another 813 attribute (supaObjectIDEncoding); since the YANG data 814 model does not need this genericity, the 815 supaObjectIDContent attribute was renamed, and the 816 supaObjectIDEncoding attribute was not mapped."; 817 } 818 leaf entity-class { 819 type identityref { 820 base POLICY-OBJECT-TYPE; 821 } 822 default POLICY-OBJECT-TYPE; 823 description 824 "The identifier of the class of this grouping."; 825 } 826 leaf supa-policy-name { 827 type string; 828 description 829 "A human-readable name for this policy object. Note 830 that this is NOT the object ID."; 831 } 832 leaf supa-policy-object-description { 833 type string; 834 description 835 "A human-readable description of the characteristics 836 and behavior of this policy object."; 837 } 838 leaf-list supa-has-policy-metadata-agg-ptr { 839 type instance-identifier; 840 must "derived-from-or-self (deref(.)/entity-class, 841 SUPA-HAS-POLICY-METADATA-ASSOC)"; 842 description 843 "This leaf-list holds instance-identifiers that 844 reference a SUPAHasPolicyMetadata association [1]. 845 This association is represented by the grouping 846 supa-has-policy-metadata-detail. This association 847 describes how each SUPAPolicyMetadata instance is 848 related to a given SUPAPolicyObject instance. Since 849 this association class contains attributes, the 850 instance-identifier MUST point to an instance using 851 the grouping supa-has-policy-metadata-detail (which 852 includes subclasses of this association class)."; 853 } 854 description 855 "This represents the SUPAPolicyObject [1] class. It is the 856 superclass for all SUPA Policy objects (i.e., all objects 857 that are either Policies or components of Policies). Note 858 that SUPA Policy Metadata objects are NOT subclassed from 859 this class; they are instead subclassed from the 860 SUPAPolicyMetadata (i.e., supa-policy-metadata-type) 861 object. This class (supa-policy-object-type) is used to 862 define common attributes and relationships that all SUPA 863 Policy subclasses inherit. It MAY be augmented with a set 864 of zero or more SUPAPolicyMetadata objects using the 865 SUPAHasPolicyMetadata association, which is represented 866 by the supa-has-policy-metadata-agg leaf-list."; 867 } 869 identity POLICY-COMPONENT-TYPE { 870 base POLICY-OBJECT-TYPE; 871 description 872 "The identity corresponding to a 873 SUPAPolicyComponentStructure object instance."; 874 } 876 grouping supa-policy-component-structure-type { 877 uses supa-policy-object-type { 878 refine entity-class { 879 default POLICY-OBJECT-TYPE; 880 } 881 } 882 leaf supa-has-policy-component-decorator-part-ptr { 883 type instance-identifier; 884 must "derived-from-or-self (deref(.)/entity-class, 885 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 886 mandatory true; 887 description 888 "This leaf holds instance-identifiers that 889 reference a SUPAHasDecoratedPolicyComponent 890 association [1], and is represented by the grouping 891 supa-has-decorator-policy-component-detail. This 892 association describes how each 893 SUPAPolicyComponentStructure instance is related to a 894 given SUPAPolicyComponentDecorator instance. Multiple 895 SUPAPolicyComponentDecorator instances may be attached 896 to a SUPAPolicyComponentStructure instance that is 897 referenced in this association by using the Decorator 898 pattern [1]. Since this association class contains 899 attributes, the instance-identifier MUST point to an 900 instance using the grouping 901 supa-has-decorator-policy-component-detail (which 902 includes subclasses of this association class)."; 903 } 904 description 905 "This represents the SUPAPolicyComponent class [1], which is 906 the superclass for all objects that represent different 907 components of a Policy. Important subclasses include the 908 SUPAPolicyClause and the SUPAPolicyComponentDecorator. 909 This object is the root of the Decorator pattern [1]; as 910 such, it enables all of its concrete subclasses to be 911 wrapped with other concrete subclasses of the 912 SUPAPolicyComponentDecorator class."; 913 } 915 identity POLICY-COMPONENT-DECORATOR-TYPE { 916 base POLICY-COMPONENT-TYPE; 917 description 918 "The identity corresponding to a 919 SUPAPolicyComponentDecorator object instance."; 920 } 922 grouping supa-policy-component-decorator-type { 923 uses supa-policy-component-structure-type { 924 refine entity-class { 925 default POLICY-COMPONENT-TYPE; 926 } 927 } 928 leaf-list supa-has-policy-component-decorator-agg-ptr { 929 type instance-identifier; 930 must "derived-from-or-self (deref(.)/entity-class, 931 SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC)"; 932 min-elements 1; 933 description 934 "This leaf-list holds instance-identifiers that 935 reference a SUPAHasDecoratedPolicyComponent 936 association [1]. This association is represented by the 937 grouping supa-has-decorator-policy-component-detail. 938 This leaf-list helps implement the Decorator pattern 939 [1], which enables all or part of one or more object 940 instances to wrap another object instance. For 941 example, any concrete subclass of SUPAPolicyClause, 942 such as SUPAEncodedClause, may be wrapped by any 943 concrete subclass of SUPAPolicyComponentDecorator 944 (e.g., SUPAPolicyEvent). Since this association class 945 contains attributes, the instance-identifier MUST 946 point to an instance using the grouping 947 supa-has-decorator-policy-component-detail (which 948 includes subclasses of this association class)."; 949 } 950 leaf-list supa-decorator-constraints { 951 type string; 952 description 953 "This is a set of constraint expressions that are 954 applied to this decorator, allowing the specification 955 of details not captured in its subclasses, using an 956 appropriate constraint language that is specified in 957 the supa-has-decorator-constraint-encoding leaf."; 958 } 959 leaf supa-has-decorator-constraint-encoding { 960 type policy-constraint-language-list; 961 description 962 "The language in which the constraints on the 963 policy component decorator is expressed. Examples 964 include OCL 2.4 [2], Alloy [3], and English text."; 965 } 966 description 967 "This object implements the Decorator pattern [1], which 968 enables all or part of one or more concrete objects to 969 wrap another concrete object."; 970 } 972 identity POLICY-COMPONENT-CLAUSE-TYPE { 973 base POLICY-OBJECT-TYPE; 974 description 975 "The identity corresponding to a SUPAPolicyClause 976 object instance."; 977 } 979 grouping supa-policy-clause-type { 980 uses supa-policy-component-structure-type { 981 refine entity-class { 982 default POLICY-COMPONENT-CLAUSE-TYPE; 983 } 984 } 985 leaf supa-policy-clause-deploy-status { 986 type enumeration { 987 enum "error" { 988 description 989 "This signifies an error state. OAM&P Policies 990 SHOULD NOT use this SUPAPolicyClause if the 991 value of this attribute is error."; 992 } 993 enum "init" { 994 description 995 "This signifies an initialization state."; 996 } 997 enum "deployed and enabled" { 998 description 999 "This SUPAPolicyClause has been deployed in 1000 the system and is currently enabled."; 1001 } 1002 enum "deployed and in test" { 1003 description 1004 "This SUPAPolicyClause has been deployed in the 1005 system, but is currently in test and SHOULD 1006 NOT be used in OAM&P policies."; 1007 } 1008 enum "deployed but not enabled" { 1009 description 1010 "This SUPAPolicyClause has been deployed in the 1011 system, but has been administratively 1012 disabled."; 1013 } 1014 enum "ready to be deployed" { 1015 description 1016 "This SUPAPolicyClause has been properly 1017 initialized, and is now ready to be deployed."; 1018 } 1019 enum "cannot be deployed" { 1020 description 1021 "This SUPAPolicyClause has been administratively 1022 disabled, and SHOULD NOT be used as part of 1023 an OAM&P policy."; 1024 } 1025 } 1026 mandatory true; 1027 description 1028 "This defines whether this SUPAPolicy has been 1029 deployed and, if so, whether it is enabled and 1030 ready to be used or not."; 1031 } 1032 leaf-list supa-has-policy-clause-part-ptr { 1033 type instance-identifier; 1034 must "derived-from-or-self (deref(.)/entity-class, 1035 SUPA-HAS-POLICY-CLAUSE-ASSOC)"; 1036 min-elements 1; 1037 description 1038 "This leaf-list holds instance-identifiers that 1039 reference a SUPAHasPolicyClause association [1], 1040 and is represented by the grouping 1041 supa-has-policy-clause-detail. This association 1042 describes how each SUPAPolicyClause instance is 1043 related to this particular SUPAPolicyStructure 1044 instance. For example, this association may restrict 1045 which concrete subclasses of the SUPAPolicyStructure 1046 class can be associated with which contrete subclasses 1047 of the SUPAPolicyClause class. The set of 1048 SUPAPolicyClauses, identified by this leaf-list, 1049 define the content of this SUPAPolicyStructure. 1051 Since this association class contains attributes, the 1052 instance-identifier MUST point to an instance using 1053 the grouping supa-has-policy-clause-detail (which 1054 includes subclasses of this association class)."; 1055 } 1056 description 1057 "The parent class for all SUPA Policy Clauses. A 1058 SUPAPolicyClause is a fundamental building block for 1059 creating SUPA Policies. A SUPAPolicy is a set of 1060 statements, and a SUPAPolicyClause can be thought of as all 1061 or part of a statement. The Decorator pattern [1] is used, 1062 which enables the contents of a SUPAPolicyClause to be 1063 adjusted dynamically at runtime without affecting other 1064 objects of either type."; 1065 } 1067 identity POLICY-ENCODED-CLAUSE-TYPE { 1068 base POLICY-COMPONENT-CLAUSE-TYPE; 1069 description 1070 "The identity corresponding to a SUPAEncodedClause 1071 object instance."; 1072 } 1074 grouping supa-encoded-clause-type { 1075 uses supa-policy-clause-type { 1076 refine entity-class { 1077 default POLICY-ENCODED-CLAUSE-TYPE; 1078 } 1079 } 1080 leaf supa-encoded-clause-content { 1081 type string; 1082 mandatory true; 1083 description 1084 "This defines the content of this SUPAEncodedClause; the 1085 language used to express this content is defined by the 1086 supa-encoded-clause-language attribute."; 1087 } 1088 leaf supa-encoded-clause-language { 1089 type enumeration { 1090 enum "error" { 1091 description 1092 "This signifies an error state. OAM&P Policies 1093 SHOULD NOT use this SUPAEncodedClause if the 1094 value of this attribute is error."; 1095 } 1096 enum "init" { 1097 description 1098 "This signifies an initialization state."; 1099 } 1100 enum "YANG" { 1101 description 1102 "This defines the language used in this 1103 SUPAEncodedClause as a type of YANG. 1104 Additional details may be provided by 1105 attaching a SUPAPolicyMetadata object to 1106 this SUPAEncodedClause object instance."; 1107 } 1108 enum "XML" { 1109 description 1110 "This defines the language as a type of XML. 1111 Additional details may be provided by 1112 attaching a SUPAPolicyMetadata object to 1113 this SUPAEncodedClause object instance."; 1114 } 1115 enum "TL1" { 1116 description 1117 "This defines the language as a type of 1118 Transaction Language 1. Additional details may 1119 be provided by attaching a SUPAPolicyMetadata 1120 object to this SUPAEncodedClause object 1121 instance."; 1122 } 1123 enum "Text" { 1124 description 1125 "This is a textual string that can be used to 1126 define a language choice that is not listed 1127 by a specific enumerated value. This string 1128 MUST be parsed by the policy system to 1129 identify the language being used. A 1130 SUPAPolicyMetadata object (represented as a 1131 supa-policy-metadata-type leaf) can be used to 1132 provide further details about the language"; 1133 } 1134 } 1135 mandatory true; 1136 description 1137 "Indicates the language used for this SUPAEncodedClause 1138 object instance. Prescriptive and/or descriptive 1139 information about the usage of this SUPAEncodedClause 1140 may be provided by one or more SUPAPolicyMetadata 1141 objects, which are each attached to the object 1142 instance of this SUPAEncodedClause."; 1143 } 1144 description 1145 "This class refines the behavior of the supa-policy-clause 1146 by encoding the contents of the clause into the attributes 1147 of this object. This enables clauses that are not based on 1148 other SUPA objects to be modeled. For example, a POLICY 1149 Application could define a CLI or YANG configuration 1150 snippet and encode that snipped into a SUPAEncodedClause. 1152 Note that a SUPAEncodedClause simply defines the content 1153 of the clause. In particular, it does NOT provide a 1154 response. The policy engine that is parsing and evaluating 1155 the SUPAPolicy needs to assign a response to any 1156 SUPAEncodedClause that it encounters."; 1157 } 1159 container supa-encoding-clause-container { 1160 description 1161 "This is a container to collect all object instances of 1162 type SUPAEncodedClause."; 1163 list supa-encoding-clause-list { 1164 key supa-policy-ID; 1165 uses supa-encoded-clause-type; 1166 description 1167 "A list of all instances of supa-encoding-clause-type. 1168 If a module defines subclasses of the encoding clause, 1169 those will be stored in a separate container."; 1170 } 1171 } 1173 identity POLICY-COMPONENT-TERM-TYPE { 1174 base POLICY-COMPONENT-DECORATOR-TYPE; 1175 description 1176 "The identity corresponding to a SUPAPolicyTerm object 1177 instance."; 1178 } 1180 grouping supa-policy-term-type { 1181 uses supa-policy-component-decorator-type { 1182 refine entity-class { 1183 default POLICY-COMPONENT-TYPE; 1184 } 1185 } 1186 leaf supa-policy-term-is-negated { 1187 type boolean; 1188 description 1189 "If the value of this attribute is true, then 1190 this particular term is negated."; 1191 } 1192 description 1193 "This is the superclass of all SUPA policy objects that are 1194 used to test or set the value of a variable. It does this 1195 by defining a {variable-operator-value} three-tuple, where 1196 each element of the three-tuple is defined by a concrete 1197 subclass of the appropriate type (e.g., SUPAPolicyVariable, 1198 SUPAPolicyOperator, or SUPAPolicyVariable)."; 1199 } 1200 identity POLICY-COMPONENT-VARIABLE-TYPE { 1201 base POLICY-COMPONENT-TERM-TYPE; 1202 description 1203 "The identity corresponding to a SUPAPolicyVariable 1204 object instance."; 1205 } 1207 grouping supa-policy-variable-type { 1208 uses supa-policy-term-type { 1209 refine entity-class { 1210 default POLICY-COMPONENT-TYPE; 1211 } 1212 } 1214 leaf supa-policy-variable-name { 1215 type string; 1216 description 1217 "A human-readable name for this policy variable."; 1218 } 1219 description 1220 "This is one formulation of a SUPA Policy Clause. It uses 1221 the canonical form of an expression, which is a three-tuple 1222 in the form {variable, operator, value}. In this approach, 1223 each of the three terms can either be a subclass of the 1224 appropriate SUPAPolicyTerm class, or another object that 1225 plays the role (i.e., a variable) of that term. The 1226 attribute defined by the supa-policy-variable-name 1227 specifies the name of an attribute whose content should be 1228 compared to the value portion of a SUPAPolicyTerm, which is 1229 typically specified by a SUPAPolicyValue object."; 1230 } 1232 container supa-policy-variable-container { 1233 description 1234 "This is a container to collect all object instances of 1235 type SUPAPolicyVariable."; 1236 list supa-policy-variable-list { 1237 key supa-policy-ID; 1238 uses supa-policy-variable-type; 1239 description 1240 "List of all instances of supa-policy-variable-type. 1241 If a module defines subclasses of this class, 1242 those will be stored in a separate container."; 1243 } 1244 } 1246 identity POLICY-COMPONENT-OPERATOR-TYPE { 1247 base POLICY-COMPONENT-TERM-TYPE; 1248 description 1249 "The identity corresponding to a SUPAPolicyOperator 1250 object instance."; 1251 } 1252 grouping supa-policy-operator-type { 1253 uses supa-policy-term-type { 1254 refine entity-class { 1255 default POLICY-COMPONENT-TYPE; 1256 } 1257 } 1258 leaf supa-policy-value-op-type { 1259 type enumeration { 1260 enum "error" { 1261 description 1262 "This signifies an error state. OAM&P Policies 1263 SHOULD NOT use this SUPAPolicyOperator if the 1264 value of this attribute is error."; 1265 } 1266 enum "init" { 1267 description 1268 "This signifies an initialization state."; 1269 } 1270 enum "greater than" { 1271 description 1272 "A greater-than operator."; 1273 } 1274 enum "greater than or equal to" { 1275 description 1276 "A greater-than-or-equal-to operator."; 1277 } 1278 enum "less than" { 1279 description 1280 "A less-than operator."; 1281 } 1282 enum "less than or equal to" { 1283 description 1284 "A less-than-or-equal-to operator."; 1285 } 1286 enum "equal to" { 1287 description 1288 "An equal-to operator."; 1289 } 1290 enum "not equal to"{ 1291 description 1292 "A not-equal-to operator."; 1293 } 1294 enum "IN" { 1295 description 1296 "An operator that determines whether a given 1297 value of a variable in a SUPAPolicyTerm 1298 matches a value in a SUPAPolicyTerm."; 1299 } 1300 enum "NOT IN" { 1301 description 1302 "An operator that determines whether a given 1303 variable in a SUPAPolicyTerm does not match 1304 any of the specified values in a 1305 SUPAPolicyTerm."; 1306 } 1307 enum "SET" { 1308 description 1309 "An operator that makes the value of the 1310 result equal to the input value."; 1311 } 1313 enum "CLEAR"{ 1314 description 1315 "An operator that sets the value of the 1316 specified object to a value that is 0 for 1317 integer datatypes, an empty string for 1318 textual datatypes, and FALSE for Boolean 1319 datatypes. This value MUST NOT be NULL."; 1320 } 1321 enum "BETWEEN" { 1322 description 1323 "An operator that determines whether a given 1324 value is within a specified range of values. 1325 Note that this is an inclusive operator."; 1326 } 1327 } 1328 mandatory true; 1329 description 1330 "The type of operator used to compare the variable 1331 and value portions of this SUPAPolicyTerm."; 1332 } 1333 description 1334 "This is one formulation of a SUPA Policy Clause. It uses 1335 the canonical form of an expression, which is a three-tuple 1336 in the form {variable, operator, value}. In this approach, 1337 each of the three terms can either be a subclass of the 1338 appropriate SUPAPolicyTerm class, or another object that 1339 plays the role (i.e., an operator) of that term. 1340 The value of the supa-policy-value-op-type attribute 1341 specifies an operator that SHOULD be used to compare the 1342 variable and value portions of a SUPAPolicyTerm. This is 1343 typically specified by a SUPAPolicyOperator object."; 1344 } 1345 container supa-policy-operator-container { 1346 description 1347 "This is a container to collect all object instances of 1348 type SUPAPolicyOperator."; 1349 list supa-policy-operator-list { 1350 key supa-policy-ID; 1351 uses supa-policy-operator-type; 1352 description 1353 "List of all instances of supa-policy-operator-type. 1354 If a module defines subclasses of this class, 1355 those will be stored in a separate container."; 1356 } 1357 } 1359 identity POLICY-COMPONENT-VALUE-TYPE { 1360 base POLICY-COMPONENT-TERM-TYPE; 1361 description 1362 "The identity corresponding to a SUPAPolicyValue 1363 object instance."; 1364 } 1366 grouping supa-policy-value-type { 1367 uses supa-policy-term-type { 1368 refine entity-class { 1369 default POLICY-COMPONENT-TYPE; 1370 } 1371 } 1372 leaf-list supa-policy-value-content { 1373 type string; 1374 description 1375 "The content of the value portion of this SUPA Policy 1376 Clause. The data type of the content is specified in 1377 the supa-policy-value-encoding attribute."; 1378 } 1379 leaf supa-policy-value-encoding { 1380 type policy-data-type-encoding-list; 1381 description 1382 "The data type of the supa-policy-value-content 1383 attribute."; 1384 } 1385 description 1386 "This is one formulation of a SUPA Policy Clause. It uses 1387 the canonical form of an expression, which is a three-tuple 1388 in the form {variable, operator, value}. In this approach, 1389 each of the three terms can either be a subclass of the 1390 appropriate SUPAPolicyTerm class, or another object that 1391 plays the role (i.e., a value) of that term. The 1392 attribute defined by supa-policy-value-content specifies a 1393 a value (which is typically specified by a subclass of 1394 SUPAPolicyVariable) that should be compared to a value in 1395 the variable portion of the SUPAPolicyTerm."; 1396 } 1397 container supa-policy-value-container { 1398 description 1399 "This is a container to collect all object instances of 1400 type SUPAPolicyValue."; 1401 list supa-policy-value-list { 1402 key supa-policy-ID; 1403 uses supa-policy-value-type; 1404 description 1405 "List of all instances of supa-policy-value-type. 1406 If a module defines subclasses of this class, 1407 those will be stored in a separate container."; 1408 } 1409 } 1411 identity POLICY-GENERIC-DECORATED-TYPE { 1412 base POLICY-COMPONENT-DECORATOR-TYPE; 1413 description 1414 "The identity corresponding to a 1415 SUPAGenericDecoratedComponent object instance."; 1416 } 1418 grouping supa-policy-generic-decorated-type { 1419 uses supa-policy-component-decorator-type { 1420 refine entity-class { 1421 default POLICY-COMPONENT-TYPE; 1422 } 1423 } 1424 leaf-list supa-policy-generic-decorated-content { 1425 type string; 1426 description 1427 "The content of this SUPAGenericDecoratedComponent 1428 object instance. The data type of this attribute is 1429 specified in the leaf 1430 supa-policy-generic-decorated-encoding."; 1431 } 1432 leaf supa-policy-generic-decorated-encoding { 1433 type policy-data-type-encoding-list; 1434 description 1435 "The datatype of the 1436 supa-policy-generic-decorated-content attribute."; 1437 } 1438 description 1439 "This class enables a generic object to be defined and 1440 used as a decorator in a SUPA Policy Clause. This class 1441 should not be confused with the SUPAEncodedClause class. 1442 A SUPAGenericDecoratedComponent object represents a single, 1443 atomic object that defines a portion of the contents of a 1444 SUPAPolicyClause, whereas a SUPAPolicyEncodedClause 1445 represents the entire contents of a SUPAPolicyClause."; 1446 } 1447 container supa-policy-generic-decorated-container { 1448 description 1449 "This is a container to collect all object instances of 1450 type SUPAGenericDecoratedComponent."; 1451 list supa-encoding-clause-list { 1452 key supa-policy-ID; 1453 uses supa-policy-generic-decorated-type; 1454 description 1455 "List of all instances of 1456 supa-policy-generic-decorated-type. If a module 1457 defines subclasses of this class, those will be 1458 stored in a separate container."; 1459 } 1460 } 1462 identity POLICY-STRUCTURE-TYPE { 1463 base POLICY-OBJECT-TYPE; 1464 description 1465 "The identity corresponding to a SUPAPolicyStructure 1466 object instance."; 1467 } 1469 grouping supa-policy-structure-type { 1470 uses supa-policy-object-type { 1471 refine entity-class { 1472 default POLICY-STRUCTURE-TYPE; 1473 } 1474 } 1475 leaf supa-policy-admin-status { 1476 type enumeration { 1477 enum "error" { 1478 description 1479 "This signifies an error state. OAM&P Policies 1480 SHOULD NOT use this SUPAPolicy if the value 1481 of this attribute is error."; 1482 } 1483 enum "init" { 1484 description 1485 "This signifies an initialization state."; 1486 } 1487 enum "enabled" { 1488 description 1489 "This signifies that this SUPAPolicy has been 1490 administratively enabled."; 1491 } 1492 enum "disabled" { 1493 description 1494 "This signifies that this SUPAPolicy has been 1495 administratively disabled."; 1496 } 1497 enum "in test" { 1498 description 1499 "This signifies that this SUPAPolicy has been 1500 administratively placed into test mode, and 1501 SHOULD NOT be used as part of an operational 1502 policy rule."; 1503 } 1504 } 1505 mandatory true; 1506 description 1507 "The current admnistrative status of this SUPAPolicy."; 1508 } 1509 leaf supa-policy-continuum-level { 1510 type uint32; 1511 description 1512 "This is the current level of abstraction of this 1513 particular SUPAPolicyRule. By convention, the 1514 values 0 and 1 should be used for error and 1515 initialization states; a value of 2 is the most 1516 abstract level, and higher values denote more 1517 concrete levels."; 1518 } 1519 leaf supa-policy-deploy-status { 1520 type enumeration { 1521 enum "error" { 1522 description 1523 "This signifies an error state. OAM&P Policies 1524 SHOULD NOT use this SUPAPolicy if the value 1525 of this attribute is error."; 1526 } 1527 enum "init" { 1528 description 1529 "This signifies an initialization state."; 1530 } 1531 enum "deployed and enabled" { 1532 description 1533 "This SUPAPolicy has been deployed in the 1534 system and is currently enabled."; 1535 } 1536 enum "deployed and in test" { 1537 description 1538 "This SUPAPolicy has been deployed in the 1539 system, but is currently in test and SHOULD 1540 NOT be used in OAM&P policies."; 1541 } 1542 enum "deployed but not enabled" { 1543 description 1544 "This SUPAPolicy has been deployed in the 1545 system, but has been administratively 1546 disabled."; 1547 } 1548 enum "ready to be deployed" { 1549 description 1550 "This SUPAPolicy has been properly initialized, 1551 and is now ready to be deployed."; 1552 } 1553 enum "cannot be deployed" { 1554 description 1555 "This SUPAPolicy has been administratively 1556 disabled, and SHOULD NOT be used as part of 1557 an OAM&P policy."; 1558 } 1559 } 1560 mandatory true; 1561 description 1562 "This attribute defines whether this SUPAPolicy has 1563 been deployed and, if so, whether it is enabled and 1564 ready to be used or not."; 1565 } 1566 leaf supa-policy-exec-fail-strategy { 1567 type enumeration { 1568 enum "error" { 1569 description 1570 "This signifies an error state. OAM&P Policies 1571 SHOULD NOT use this SUPAPolicy if the value 1572 of this attribute is error."; 1573 } 1574 enum "init" { 1575 description 1576 "This signifies an initialization state."; 1577 } 1578 enum "rollback all" { 1579 description 1580 "This means that execution of this SUPAPolicy 1581 SHOULD be stopped, and rollback of all 1582 SUPAPolicyActions (whether they were 1583 successfully executed or not) performed by 1584 this particular SUPAPolicy is attempted. Also, 1585 all SUPAPolicies that otherwise would have 1586 been executed as a result of this SUPAPolicy 1587 are NOT executed."; 1588 } 1589 enum "rollback single" { 1590 description 1591 "This means that execution of this SUPAPolicy 1592 SHOULD be stopped, and rollback is attempted 1593 for ONLY the SUPAPolicyAction (belonging to 1594 this particular SUPAPolicy) that failed to 1595 execute correctly. All remaining actions 1596 including SUPAPolicyActions and SUPAPolicies 1597 that otherwise would have been executed as a 1598 result of this SUPAPolicy, are NOT executed."; 1599 } 1600 enum "stop execution" { 1601 description 1602 "This means that execution of this SUPAPolicy 1603 SHOULD be stopped without any other action 1604 being performed; this includes corrective 1605 actions, such as rollback, as well as any 1606 SUPAPolicyActions or SUPAPolicies that 1607 otherwise would have been executed."; 1608 } 1609 enum "ignore" { 1610 description 1611 "This means that any failures produced by this 1612 SUPAPolicy SHOULD be ignored, and hence, no 1613 corrective actions, such as rollback, will 1614 be performed at this time. Hence, any other 1615 SUPAPolicyActions or SUPAPolicies SHOULD 1616 continue to be executed."; 1617 } 1618 } 1619 mandatory true; 1620 description 1621 "This defines what actions, if any, should be taken by 1622 this particular SUPA Policy Rule if it fails to 1623 execute correctly. Some implementations may not be 1624 able to accommodate the rollback failure option; 1625 hence, this option may be skipped."; 1626 } 1627 leaf-list supa-has-policy-source-agg-ptr { 1628 type instance-identifier; 1629 must "derived-from-or-self (deref(.)/entity-class, 1630 SUPA-HAS-POLICY-SOURCE-ASSOC)"; 1631 description 1632 "This leaf-list holds instance-identifiers that 1633 reference SUPAHasPolicySource associations [1]. 1634 This association is represented by the grouping 1635 supa-has-policy-source-detail, and describes how 1636 this SUPAPolicyStructure instance is related to a 1637 set of SUPAPolicySource instances. Each 1638 SUPAPolicySource instance defines a set of 1639 unambiguous sources of this SUPAPolicy. Since 1640 this association class contains attributes, the 1641 instance-identifier MUST point to an instance using 1642 the grouping supa-has-policy-source-detail (which 1643 includes subclasses of this association class)."; 1644 } 1645 leaf-list supa-has-policy-target-agg-ptr { 1646 type instance-identifier; 1647 must "derived-from-or-self (deref(.)/entity-class, 1648 SUPA-HAS-POLICY-TARGET-ASSOC)"; 1650 description 1651 "This leaf-list holds instance-identifiers that 1652 reference SUPAHasPolicyTarget associations [1]. 1653 This association is represented by the grouping 1654 supa-has-policy-target-detail, and describes how 1655 this SUPAPolicyStructure instance is related to a 1656 set of SUPAPolicyTarget instances. Each 1657 SUPAPolicyTarget instance defines a set of 1658 unambiguous managed entities to which this 1659 SUPAPolicy will be applied to. Since this association 1660 class contains attributes, the instance-identifier 1661 MUST point to an instance using the grouping 1662 supa-has-policy-target-detail (which includes 1663 subclasses of this association class)."; 1664 } 1665 leaf-list supa-has-policy-clause-agg-ptr { 1666 type instance-identifier; 1667 must "derived-from-or-self (deref(.)/entity-class, 1668 SUPA-HAS-POLICY-CLAUSE-ASSOC)"; 1669 description 1670 "This leaf-list holds instance-identifiers that 1671 reference SUPAHasPolicyClause associations [1]. This 1672 association is represented by the grouping 1673 supa-has-policy-clause-detail. This association 1674 describes how this particular SUPAPolicyStructure 1675 instance is related to this set of SUPAPolicyClause 1676 instances. Since this association class contains 1677 attributes, the instance-identifier MUST point to an 1678 instance using the supa-has-policy-clause-detail 1679 (which includes subclasses of this association 1680 class)."; 1681 } 1682 leaf-list supa-has-policy-exec-fail-action-agg-ptr { 1683 type instance-identifier; 1684 must "derived-from-or-self (deref(.)/entity-class, 1685 SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; 1686 description 1687 "This leaf-list holds instance-identifiers that 1688 reference a SUPAHasPolExecFailtActionToTake 1689 association [1]. This association is represented by 1690 the supa-has-policy-exec-action-detail grouping. This 1691 association relates this SUPAPolicyStructure instance 1692 (the parent) to one or more SUPAPolicyStructure 1693 instances (the children), where each child 1694 SUPAPolicyStructure contains one or more 1695 SUPAPolicyActions to be executed if the parent 1696 SUPAPolicyStructure instance generates an error while 1697 it is executing. Since this association class contains 1698 attributes, the instance-identifier MUST point to an 1699 instance using the grouping 1700 supa-has-policy-exec-action-detail (which includes 1701 subclasses of this association class)."; 1702 } 1703 leaf-list supa-has-policy-exec-fail-action-part-ptr { 1704 type instance-identifier; 1705 must "derived-from-or-self (deref(.)/entity-class, 1706 SUPA-HAS-POLICY-EXEC-ACTION-ASSOC)"; 1707 min-elements 1; 1708 description 1709 "This leaf-list holds instance-identifiers that 1710 reference a SUPAHasPolExecFailtActionToTake 1711 association [1]. This association is represented by 1712 the supa-has-policy-exec-action-detail grouping. This 1713 association relates this SUPAPolicyStructure instance 1714 (the child) to another SUPAPolicyStructure instance 1715 (the parent). The child SUPAPolicyStructure contains 1716 one or more SUPAPolicyActions to be executed if the 1717 parent SUPAPolicyStructure instance generates an error 1718 while it is executing; the parent SUPAPolicyStructure 1719 contains one or more child SUPAPolicyStructure 1720 instances to enable it to choose how to handle each 1721 type of failure. Since this association class contains 1722 attributes, the instance-identifier MUST point to an 1723 instance using the grouping 1724 supa-has-policy-exec-action-detail (which includes 1725 subclasses of this association class)."; 1726 } 1727 description 1728 "A superclass for all objects that represent different types 1729 of SUPAPolicies. Currently, this is limited to a single 1730 type, which is the event-condition-action (ECA) Policy 1731 Rule. A SUPA Policy may be an individual policy, or a set 1732 of policies. Subclasses MAY support this feature by 1733 implementing the composite pattern."; 1734 } 1736 identity POLICY-SOURCE-TYPE { 1737 base POLICY-OBJECT-TYPE; 1738 description 1739 "The identity corresponding to a SUPAPolicySource 1740 object instance."; 1741 } 1743 grouping supa-policy-source-type { 1744 uses supa-policy-object-type { 1745 refine entity-class { 1746 default POLICY-SOURCE-TYPE; 1747 } 1748 } 1749 leaf-list supa-has-policy-source-part-ptr { 1750 type instance-identifier; 1751 must "derived-from-or-self (deref(.)/entity-class, 1752 SUPA-HAS-POLICY-SOURCE-ASSOC)"; 1753 description 1754 "This leaf-list holds the instance-identifiers that 1755 reference a SUPAHasPolicySource association [1], which 1756 is represented by the supa-has-policy-source-detail 1757 grouping. This association describes how each 1758 SUPAPolicySource instance is related to this 1759 particular SUPAPolicyStructure instance. Since 1760 this association class contains attributes, the 1761 instance-identifier MUST point to an instance using 1762 the grouping supa-has-policy-source-detail (which 1763 includes subclasses of this association class)."; 1764 } 1765 description 1766 "This object defines a set of managed entities that 1767 authored, or are otherwise responsible for, this 1768 SUPAPolicy. Note that a SUPAPolicySource does not evaluate 1769 or execute SUPAPolicies. Its primary use is for 1770 auditability and the implementation of deontic and/or 1771 alethic logic. It is expected that this grouping will be 1772 extended (i.e., subclassed) when used, so that the system 1773 can add specific information appropriate to sources of 1774 policy of that particular system."; 1775 } 1777 identity POLICY-TARGET-TYPE { 1778 base POLICY-OBJECT-TYPE; 1779 description 1780 "The identity corresponding to a SUPAPolicyTarget 1781 object instance."; 1782 } 1784 grouping supa-policy-target-type { 1785 uses supa-policy-object-type { 1786 refine entity-class { 1787 default POLICY-TARGET-TYPE; 1788 } 1789 } 1790 leaf-list supa-has-policy-target-part-ptr { 1791 type instance-identifier; 1792 must "derived-from-or-self (deref(.)/entity-class, 1793 SUPA-HAS-POLICY-TARGET-ASSOC)"; 1794 description 1795 "This leaf-list holds instance-identifiers that 1796 reference a SUPAHasPolicyTarget association. This is 1797 represented by the supa-has-policy-target-detail 1798 grouping. This association describes how each 1799 SUPAPolicyTarget instance is related to a particular 1800 SUPAPolicyStructure instance. For example, this 1801 association may restrict which SUPAPolicyTarget 1802 instances can be used by which SUPAPolicyStructure 1803 instances. The SUPAPolicyTarget defines a 1804 set of managed entities that this SUPAPolicyStructure 1805 will be applied to. Since this association class 1806 contains attributes, the instance-identifier MUST 1807 point to an instance using the grouping 1808 supa-has-policy-target-detail (which 1809 includes subclasses of this association class)."; 1810 } 1811 description 1812 "This object defines a set of managed entities that a 1813 SUPAPolicy is applied to. It is expected that this 1814 grouping will be extended (i.e., subclassed) when used, 1815 so that the system can add specific information 1816 appropriate to policy targets of that particular system."; 1817 } 1819 identity POLICY-METADATA-TYPE { 1820 description 1821 "The identity corresponding to a SUPAPolicyMetadata 1822 object instance."; 1823 } 1825 grouping supa-policy-metadata-type { 1826 leaf supa-policy-metadata-id { 1827 type string; 1828 mandatory true; 1829 description 1830 "This represents the object identifier of an instance 1831 of this class. This attribute is named 1832 supaPolMetadataIDContent in [1], and is used with 1833 another attribute (supaPolMetadataIDEncoding); since 1834 the YANG data model does not need this genericity, the 1835 supaPolMetadataIDContent attribute was renamed, and 1836 the supaPolMetadataIDEncoding attribute was 1837 not mapped."; 1838 } 1839 leaf entity-class { 1840 type identityref { 1841 base POLICY-METADATA-TYPE; 1842 } 1843 default POLICY-METADATA-TYPE; 1844 description 1845 "The identifier of the class of this grouping."; 1846 } 1847 leaf supa-policy-metadata-description { 1848 type string; 1849 description 1850 "This contains a free-form textual description of this 1851 metadata object (e.g., what it may be used for)."; 1852 } 1853 leaf supa-policy-metadata-name { 1854 type string; 1855 description 1856 "This contains a human-readable name for this 1857 metadata object."; 1858 } 1859 leaf-list supa-has-policy-metadata-part-ptr { 1860 type instance-identifier; 1861 must "derived-from-or-self (deref(.)/entity-class, 1862 SUPA-HAS-POLICY-METADATA-ASSOC)"; 1863 description 1864 "This leaf-list holds instance-identifiers that 1865 reference a SUPAHasPolicyMetadata association [1], 1866 which is represented by the grouping 1867 supa-has-policy-metadata-detail. Each instance- 1868 identifier defines a unique set of information that 1869 describe and/or prescribe additional information, 1870 provided by this SUPAPolicyMetadata instance, that can 1871 be associated with this SUPAPolicyObject instance. 1872 Multiple SUPAPolicyMetadata objects may be attached to 1873 a concrete subclass of the SUPAPolicyObject class that 1874 is referenced in this association by using the 1875 Decorator pattern [1]. For example, a 1876 SUPAPolicyVersionMetadataDef instance could wrap a 1877 SUPAECAPolicyRuleAtomic instance; this would define 1878 the version of this particular SUPAECAPolicyRuleAtomic 1879 instance. Since this association class contains 1880 attributes, the instance-identifier MUST point to an 1881 instance using the grouping 1882 supa-has-policy-metadata-detail (which includes 1883 subclasses of this association class)."; 1884 } 1885 leaf-list supa-has-policy-metadata-dec-part-ptr { 1886 type instance-identifier; 1887 must "derived-from-or-self (deref(.)/entity-class, 1888 SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)"; 1889 min-elements 1; 1890 description 1891 "This leaf-list holds instance-identifiers that 1892 reference a SUPAHasMetadaDecorator association [1]. 1893 This association is represented by the grouping 1894 supa-has-policy-metadata-dec-detail. This association 1895 describes how a SUPAPolicyMetadataDecorator instance 1896 wraps a given SUPAPolicyMetadata instance using the 1897 Decorator pattern [1]. Multiple concrete subclasses 1898 of SUPAPolicyMetadataDecorator may be used to wrap 1899 the same SUPAPolicyMetadata instance. Since this 1900 association class contains attributes, the 1901 instance-identifier MUST point to an instance using 1902 the grouping supa-has-policy-metadata-dec-detail (which 1903 includes subclasses of this association class)."; 1904 } 1905 description 1906 "This is the superclass of all metadata classes. Metadata 1907 is information that describes and/or prescribes the 1908 characteristics and behavior of another object that is 1909 not an inherent, distinguishing characteristics or 1910 behavior of that object."; 1911 } 1913 identity POLICY-METADATA-CONCRETE-TYPE { 1914 base POLICY-METADATA-TYPE; 1915 description 1916 "The identity corresponding to a SUPAPolicyConcreteMetadata 1917 object instance."; 1918 } 1920 grouping supa-policy-concrete-metadata-type { 1921 uses supa-policy-metadata-type { 1922 refine entity-class { 1923 default POLICY-METADATA-CONCRETE-TYPE; 1924 } 1925 } 1926 leaf supa-policy-metadata-valid-period-end { 1927 type yang:date-and-time; 1928 description 1929 "This defines the ending date and time that this 1930 metadata object is valid for."; 1931 } 1932 leaf supa-policy-metadata-valid-period-start { 1933 type yang:date-and-time; 1934 description 1935 "This defines the starting date and time that this 1936 metadata object is valid for."; 1937 } 1938 description 1939 "This is a concrete class that will be wrapped by concrete 1940 instances of the SUPA Policy Metadata Decorator class. It 1941 can be viewed as a container for metadata that will be 1942 attached to a subclass of SUPA Policy Object. It may 1943 contain all or part of one or more metadata subclasses."; 1944 } 1945 container supa-policy-concrete-metadata-container { 1946 description 1947 "This is a container to collect all object instances of 1948 type SUPAPolicyConcreteMetadata."; 1949 list supa-policy-concrete-metadata-list { 1950 key supa-policy-metadata-id; 1951 uses supa-policy-concrete-metadata-type; 1952 description 1953 "A list of all supa-policy-metadata instances in the 1954 system."; 1955 } 1956 } 1958 identity POLICY-METADATA-DECORATOR-TYPE { 1959 base POLICY-METADATA-TYPE; 1960 description 1961 "The identity corresponding to a 1962 SUPAPolicyMetadataDecorator object instance."; 1963 } 1965 grouping supa-policy-metadata-decorator-type { 1966 uses supa-policy-metadata-type { 1967 refine entity-class { 1968 default POLICY-METADATA-DECORATOR-TYPE; 1969 } 1970 } 1971 leaf supa-has-policy-metadata-dec-agg-ptr { 1972 type instance-identifier; 1973 must "derived-from-or-self (deref(.)/entity-class, 1974 SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC)"; 1975 description 1976 "This leaf-list holds instance-identifiers that 1977 reference a SUPAHasMetadaDecorator association [1]. 1978 This association is represented by the grouping 1979 supa-has-policy-metadata-dec-detail. This association 1980 describes how a SUPAPolicyMetadataDecorator instance 1981 wraps a given SUPAPolicyMetadata instance 1982 using the Decorator pattern [1]. Multiple concrete 1983 subclasses of SUPAPolicyMetadataDecorator may be used 1984 to wrap the same SUPAPolicyMetadata instance. Since 1985 this association class contains attributes, the 1986 instance-identifier MUST point to an instance using 1987 the grouping supa-has-policy-metadata-dec-detail (which 1988 includes subclasses of this association class)."; 1989 } 1990 description 1991 "This object implements the Decorator pattern [1] for SUPA, 1992 which is applied to SUPA metadata objects. This enables all 1993 or part of one or more metadata objects to wrap another 1994 concrete metadata object. The only concrete subclass of 1995 SUPAPolicyMetadata in this document is the 1996 SUPAPolicyConcreteMetadata class."; 1997 } 1999 identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { 2000 base POLICY-METADATA-DECORATOR-TYPE; 2001 description 2002 "The identity corresponding to a 2003 SUPAPolicyAccessMetadataDef object instance."; 2004 } 2006 grouping supa-policy-metadata-decorator-access-type { 2007 uses supa-policy-metadata-decorator-type { 2008 refine entity-class { 2009 default POLICY-METADATA-TYPE; 2010 } 2011 } 2012 leaf supa-policy-metadata-access-priv-def { 2013 type enumeration { 2014 enum "error" { 2015 description 2016 "This signifies an error state. OAM&P Policies 2017 SHOULD NOT use this SUPAPolicyAccessMetadataDef 2018 if the value of this attribute is error."; 2019 } 2020 enum "init" { 2021 description 2022 "This signifies an initialization state."; 2023 } 2024 enum "read only" { 2025 description 2026 "This defines access as read only for ALL 2027 SUPAPolicyObject objects that are adorned 2028 with this SUPAPolicyAccessMetadataDef object. 2029 As such, an explicit access control model, 2030 such as RBAC [7], is NOT present."; 2031 } 2032 enum "read write" { 2033 description 2034 "This defines access as read and/or write for 2035 ALL SUPAPolicyObject objects that are adorned 2036 with this SUPAPolicyAccessMetadataDef object. 2037 As such, an explicit access control model, 2038 such as RBAC [7], is NOT present."; 2039 } 2040 enum "specified by MAC" { 2041 description 2042 "This uses an external Mandatory Access Control 2043 (MAC) [7] model to define access control for 2044 ALL SUPAPolicyObject objects that are adorned 2045 with this SUPAPolicyAccessMetadataDef object. 2046 The name and location of this access control 2047 model are specified, respectively, in the 2048 supa-policy-metadata-access-priv-model-name 2049 and supa-policy-metadata-access-priv-model-ref 2050 attributes of this SUPAPolicyAccessMetadataDef 2051 object."; 2052 } 2053 enum "specified by DAC" { 2054 description 2055 "This uses an external Discretionary Access 2056 Control (DAC) [7] model to define access 2057 control for ALL SUPAPolicyObject objects that 2058 are adorned with this 2059 SUPAPolicyAccessMetadataDef object. The name 2060 and location of this access control model are 2061 specified, respectively, in the 2062 supa-policy-metadata-access-priv-model-name 2063 and supa-policy-metadata-access-priv-model-ref 2064 attributes of this SUPAPolicyAccessMetadataDef 2065 object."; 2066 } 2067 enum "specified by RBAC" { 2068 description 2069 "This uses an external Role-Based Access Control 2070 (RBAC) [7] model to define access control for 2071 ALL SUPAPolicyObject objects that are adorned 2072 with this SUPAPolicyAccessMetadataDef object. 2073 The name and location of this access control 2074 model are specified, respectively, in the 2075 supa-policy-metadata-access-priv-model-name 2076 and supa-policy-metadata-access-priv-model-ref 2077 attributes of this SUPAPolicyAccessMetadataDef 2078 object."; 2079 } 2080 enum "specified by ABAC" { 2081 description 2082 "This uses an external Attribute-Based Access 2083 Control (ABAC) [8] model to define access 2084 control for ALL SUPAPolicyObject objects that 2085 are adorned with this 2086 SUPAPolicyAccessMetadataDef object. The name 2087 and location of this access control model are 2088 specified, respectively, in the 2089 supa-policy-metadata-access-priv-model-name 2090 and supa-policy-metadata-access-priv-model-ref 2091 attributes of this SUPAPolicyAccessMetadataDef 2092 object."; 2093 } 2094 enum "specified by custom" { 2095 description 2096 "This uses an external Custom Access Control 2097 model to define access control for ALL 2098 SUPAPolicyObject objects that are adorned 2099 with this SUPAPolicyAccessMetadataDef object. 2100 The name and location of this access control 2101 model are specified, respectively, in the 2102 supa-policy-metadata-access-priv-model-name 2103 and supa-policy-metadata-access-priv-model-ref 2104 attributes of this SUPAPolicyAccessMetadataDef 2105 object."; 2106 } 2107 } 2108 description 2109 "This defines the type of access control model that is 2110 used by this SUPAPolicyObject object instance."; 2111 } 2112 leaf supa-policy-metadata-access-priv-model-name { 2113 type string; 2114 description 2115 "This contains the name of the access control model 2116 being used. If the value of the 2117 supa-policy-metadata-access-priv-model-ref is 2118 error, then this SUPAPolicyAccessMetadataDef object 2119 MUST NOT be used. If the value of the 2120 supa-policy-metadata-access-priv-model-ref is init, 2121 then this SUPAPolicyAccessMetadataDef object has been 2122 properly initialized, and is ready to be used. If the 2123 value of the supa-policy-metadata-access-priv-model-ref 2124 is read only or read write, then the value of this 2125 attribute is not applicable (because a type of model 2126 is NOT being defined; instead, the access control for 2127 all SUPAPolicyObjects is being defined). Otherwise, 2128 the text in this class attribute SHOULD be interpreted 2129 according to the value of the 2130 supa-policy-metadata-access-priv-model-ref class 2131 attribute."; 2132 } 2133 leaf supa-policy-metadata-access-priv-model-ref { 2134 type enumeration { 2135 enum "error" { 2136 description 2137 "This signifies an error state. OAM&P Policies 2138 SHOULD NOT use this SUPAPolicyAccessMetadataDef 2139 object if the value of this attribute is 2140 error."; 2141 } 2142 enum "init" { 2143 description 2144 "This signifies an initialization state."; 2145 } 2146 enum "URI" { 2147 description 2148 "The access control model is referenced by 2149 this URI."; 2150 } 2151 enum "GUID" { 2152 description 2153 "The access control model is referenced by 2154 this GUID."; 2155 } 2156 enum "UUID" { 2157 description 2158 "The access control model is referenced by 2159 this UUID."; 2160 } 2161 enum "FQDN" { 2162 description 2163 "The access control model is referenced by 2164 this FQDN."; 2165 } 2166 enum "FQPN" { 2167 description 2168 "The access control model is referenced by 2169 this FQPN."; 2170 } 2171 enum "string_instance_id" { 2172 description 2173 "A string that is the canonical representation, 2174 in ASCII, of an instance ID of this object."; 2175 } 2176 } 2177 description 2178 "This defines the data type of the 2179 supa-policy-metadata-access-priv-model-name 2180 attribute."; 2181 } 2182 description 2183 "This is a concrete class that defines metadata for access 2184 control information that can be added to any 2185 SUPAPolicyObject object instance. 2187 This is done using the SUPAHasPolicyMetadata association 2188 in conjunction with the Decorator pattern [1]."; 2189 } 2191 container supa-policy-metadata-decorator-access-container { 2192 description 2193 "This is a container to collect all object instances of 2194 type SUPAPolicyAccessMetadataDef."; 2195 list supa-policy-metadata-decorator-access-list { 2196 key supa-policy-metadata-id; 2197 uses supa-policy-metadata-decorator-type; 2198 description 2199 "A list of all supa-policy-metadata-decorator-access 2200 instances in the system. Instances of subclasses 2201 will be in a separate list."; 2202 } 2203 } 2205 identity POLICY-METADATA-DECORATOR-VERSION-TYPE { 2206 base POLICY-METADATA-DECORATOR-TYPE; 2207 description 2208 "The identity corresponding to a 2209 SUPAPolicyVersionMetadataDef object instance."; 2210 } 2212 grouping supa-policy-metadata-decorator-version-type { 2213 uses supa-policy-metadata-decorator-type { 2214 refine entity-class { 2215 default POLICY-METADATA-DECORATOR-VERSION-TYPE; 2216 } 2217 } 2218 leaf supa-policy-metadata-version-major { 2219 type string; 2220 description 2221 "This contains a string representation of an integer 2222 that is greater than or equal to zero. It indicates 2223 that a significant increase in functionality is present 2224 in this version. It MAY also indicate that this version 2225 has changes that are NOT backwards-compatible (the 2226 supa-policy-metadata-version-build class attribute is 2227 used to denote such changes). The string 0.1.0 2228 defines an initial version that MUST NOT be considered 2229 stable. Improvements to this initial version are 2230 denoted by incrementing the minor and patch class 2231 attributes (supa-policy-metadata-version-major and 2232 supa-policy-metadata-version-patch, respectively). The 2233 major version X (i.e., X.y.z, where X > 0) MUST be 2234 incremented if any backwards-incompatible changes are 2235 introduced. It MAY include minor and patch level 2236 changes. The minor and patch version numbers MUST be 2237 reset to 0 when the major version number is 2238 incremented."; 2239 } 2240 leaf supa-policy-metadata-version-minor { 2241 type string; 2242 description 2243 "This contains a string representation of an integer 2244 that is greater than or equal to zero. It indicates 2245 that this release contains a set of features and/or 2246 bug fixes that MUST be backwards-compatible. The 2247 minor version Y (i.e., x.Y.z, where x > 0) MUST be 2248 incremented if new, backwards-compatible changes are 2249 introduced. It MUST be incremented if any features are 2250 marked as deprecated. It MAY be incremented if new 2251 functionality or improvements are introduced, and MAY 2252 include patch level changes. The patch version number 2253 MUST be reset to 0 when the minor version number is 2254 incremented."; 2255 } 2256 leaf supa-policy-metadata-version-patch { 2257 type string; 2258 description 2259 "This contains a string representation of an integer 2260 that is greater than or equal to zero. It indicates 2261 that this version contains ONLY bug fixes. The patch 2262 version Z (i.e., x.y.Z, where x > 0) MUST be 2263 incremented if new, backwards-compatible changes are 2264 introduced. A bug fix is defined as an internal change 2265 that fixes incorrect behavior."; 2266 } 2267 leaf supa-policy-metadata-version-prerelease { 2268 type string; 2269 description 2270 "This contains a string that defines the pre-release 2271 version. A pre-release version MAY be denoted by 2272 appending a hyphen and a series of dot-separated 2273 identifiers immediately following the patch version. 2274 Identifiers MUST comprise only ASCII alphanumerics and 2275 a hyphen. Identifiers MUST NOT be empty. Numeric 2276 identifiers MUST NOT include leading zeroes. 2277 Pre-release versions have a lower precedence than the 2278 associated normal version. A pre-release version 2279 indicates that the version is unstable and might not 2280 satisfy the intended compatibility requirements as 2281 denoted by its associated normal version. Examples 2282 include: 1.0.0-alpha and 1.0.0-0.3.7."; 2283 } 2284 leaf supa-policy-metadata-version-build { 2285 type string; 2286 description 2287 "This contains a string that defines the metadata of 2288 this build. Build metadata is optional. If present, 2289 build metadata MAY be denoted by appending a plus 2290 (+) sign to the version, followed by a series of 2291 dot-separated identifiers. This may follow either 2292 the patch or pre-release portions of the version. 2293 If build metadata is present, then any identifiers 2294 that it uses MUST be made up of only ASCII 2295 alphanumerics and a hyphen. The identifier portion of 2296 the build metadata MUST NOT be empty. Build metadata 2297 SHOULD be ignored when determining version precedence. 2298 Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1, 2299 1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85."; 2300 } 2301 description 2302 "This is a concrete class that defines metadata for version 2303 control information that can be added to any 2304 SUPAPolicyObject. This is done using the 2305 SUPAHasPolicyMetadata association. This class uses the 2306 Semantic Versioning Specification [6] as follows: 2307 ..[][] 2308 where the first three components (major, minor, and patch) 2309 MUST be present, and the latter two components (pre-release 2310 and build-metadata) MAY be present. A version number MUST 2311 take the form .., where , 2312 , and are each non-negative integers that 2313 MUST NOT contain leading zeros. In addition, the value of 2314 each of these three elements MUST increase numerically. 2315 In this approach, supaVersionMajor denotes a new release; 2316 supaVersionMinor denotes a minor release; supaVersionPatch 2317 denotes a version that consists ONLY of bug fixes. Version 2318 precedence MUST be calculated by separating the version 2319 into major, minor, patch, and pre-release identifiers, in 2320 that order. See [1] for more information."; 2321 } 2323 container supa-policy-metadata-decorator-version-container { 2324 description 2325 "This is a container to collect all object instances of 2326 type SUPAPolicyVersionMetadataDef."; 2327 list supa-policy-metadata-decorator-version-list { 2328 key supa-policy-metadata-id; 2329 uses supa-policy-metadata-decorator-type; 2330 description 2331 "A list of all supa-policy-metadata-decorator-version 2332 instances in the system. Instances of subclasses 2333 will be in a separate list."; 2334 } 2335 } 2336 identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE { 2337 base POLICY-COMPONENT-TYPE; 2338 description 2339 "The identity corresponding to a 2340 SUPAHasPolicyMetadataDetail association class 2341 object instance."; 2342 } 2344 grouping supa-has-policy-metadata-detail { 2345 uses supa-policy-object-type { 2346 refine entity-class { 2347 default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE; 2348 } 2349 } 2350 leaf supa-has-policy-metadata-detail-agg-ptr { 2351 type instance-identifier; 2352 must "derived-from-or-self (deref(.)/entity-class, 2353 POLICY-OBJECT-TYPE)"; 2354 description 2355 "This leaf is an instance-identifier that references 2356 the SUPAPolicyObject instance end point of the 2357 association represented by this instance of the 2358 SUPAHasPolicyMetadata association [1]. The groupings 2359 supa-policy-object-type and supa-policy-metadata-type 2360 represent the SUPAPolicyObject and SUPAPolicyMetadata 2361 classes, respectively. Thus, the instance identified 2362 by this leaf is the SUPAPolicyObject instance that is 2363 associated by this association to the set of 2364 SUPAPolicyMetadata instances referenced by the 2365 supa-has-policy-metadata-detail-part-ptr leaf of 2366 this grouping."; 2367 } 2368 leaf supa-has-policy-metadata-detail-part-ptr { 2369 type instance-identifier; 2370 must "derived-from-or-self (deref(.)/entity-class, 2371 POLICY-METADATA-TYPE)"; 2372 description 2373 "This leaf is an instance-identifier that references 2374 the SUPAPolicyMetadata instance end point of the 2375 association represented by this instance of the 2376 SUPAHasPolicyMetadata association [1]. The groupings 2377 supa-policy-object-type and supa-policy-metadata-type 2378 represents the SUPAPolicyObject and SUPAPolicyMetadata 2379 classes, respectively. Thus, the instance 2380 identified by this leaf is the SUPAPolicyMetadata 2381 instance that is associated by this association to 2382 the set of SUPAPolicyObject instances referenced by 2383 the supa-has-policy-metadata-detail-agg-ptr leaf of 2384 this grouping."; 2385 } 2386 leaf supa-policy-metadata-detail-is-applicable { 2387 type boolean; 2388 description 2389 "This attribute controls whether the associated 2390 metadata is currently considered applicable to this 2391 SUPAPolicyObject; this enables metadata to be turned 2392 on and off when needed without disturbing the 2393 structure of the object that the metadata applies to, 2394 or affecting other objects in the system."; 2395 } 2396 leaf-list supa-policy-metadata-detail-constraint { 2397 type string; 2398 description 2399 "A list of constraints, expressed as strings, in 2400 the language defined by the 2401 supa-policy-metadata-detail-encoding attribute. 2402 If there are no constraints on using this 2403 SUPAPolicyMetadata object with this particular 2404 SUPAPolicyObject object, then this leaf-list will 2405 consist of a list of a single null string."; 2406 } 2407 leaf supa-policy-metadata-detail-constraint-encoding { 2408 type policy-constraint-language-list; 2409 description 2410 "The language used to encode the constraints relevant 2411 to the relationship between the SUPAPolicyMetadata 2412 object and the underlying SUPAPolicyObject."; 2413 } 2414 description 2415 "This is a concrete association class that defines the 2416 semantics of the SUPAHasPolicyMetadata association. This 2417 enables the attributes and relationships of the 2418 SUPAHasPolicyMetadataDetail class to be used to constrain 2419 which SUPAPolicyMetadata objects can be associated by 2420 this particular SUPAPolicyObject instance."; 2421 } 2423 container supa-policy-metadata-detail-container { 2424 description 2425 "This is a container to collect all object instances of 2426 type SUPAPolicyMetadataDetail."; 2427 list supa-policy-metadata-detail-list { 2428 key supa-policy-ID; 2429 uses supa-has-policy-metadata-detail; 2430 description 2431 "This is a list of all supa-policy-metadata-detail 2432 instances in the system. Instances of subclasses 2433 will be in a separate list. Note that this association 2434 class is made concrete for exemplary purposes. To be 2435 useful, it almost certainly needs refinement."; 2436 } 2437 } 2438 identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { 2439 base POLICY-COMPONENT-TYPE; 2440 description 2441 "The identity corresponding to a 2442 SUPAHasDecoratedPolicyComponentDetail association class 2443 object instance."; 2444 } 2446 grouping supa-has-decorator-policy-component-detail { 2447 uses supa-policy-object-type { 2448 refine entity-class { 2449 default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; 2450 } 2451 } 2452 leaf supa-has-policy-component-decorator-agg-ptr { 2453 type instance-identifier; 2454 must "derived-from-or-self (deref(.)/entity-class, 2455 POLICY-COMPONENT-DECORATOR-TYPE)"; 2456 description 2457 "This leaf is an instance-identifier that references 2458 the SUPAPolicyComponentDecorator instance end point of 2459 the association represented by this instance of the 2460 SUPAHasDecoratedPolicyComponent association [1]. The 2461 groupings supa-policy-component-decorator-type and 2462 supa-policy-component-structure-type represent the 2463 SUPAPolicyComponentDecorator and 2464 SUPAPolicyComponentStructure classes, respectively. 2465 Thus, the instance identified by this leaf is the 2466 SUPAPolicyComponentDecorator instance that is 2467 associated by this association to the set of 2468 SUPAPolicyComponentStructure instances referenced by 2469 the supa-has-policy-component-decorator-part-ptr leaf 2470 of this grouping."; 2471 } 2472 leaf supa-has-policy-component-decorator-part-ptr { 2473 type instance-identifier; 2474 must "derived-from-or-self (deref(.)/entity-class, 2475 POLICY-COMPONENT-TYPE)"; 2476 description 2477 "This leaf is an instance-identifier that references 2478 the SUPAPolicyComponentStructure instance end point of 2479 the association represented by this instance of the 2480 SUPAHasDecoratedPolicyComponent association [1]. The 2481 groupings supa-policy-component-decorator-type and 2482 supa-policy-component-structure-type represent the 2483 SUPAPolicyComponentDecorator and 2484 SUPAPolicyComponentStructure classes, respectively. 2485 Thus, the instance identified by this leaf is the 2486 SUPAPolicyComponentStructure instance that is 2487 associated by this association to the set of 2488 SUPAPolicyComponentStructure instances referenced by 2489 the supa-has-policy-component-decorator-agg-ptr leaf 2490 of this grouping."; 2491 } 2492 leaf-list supa-has-decorator-constraint { 2493 type string; 2494 description 2495 "A constraint expression applying to this association 2496 between a SUPAPolicyComponentDecorator and the 2497 decorated component (which is a concrete subclass of 2498 the SUPAPolicyComponentStructure class, such as 2499 SUPAEncodedClause or SUPABooleanClauseAtomic). The 2500 supa-has-decorator-constraint-encoding attribute 2501 specifies the language used to write the set of 2502 constraint expressions."; 2503 } 2504 leaf supa-has-decorator-constraint-encoding { 2505 type policy-constraint-language-list; 2506 description 2507 "The language used to encode the constraints relevant 2508 to the relationship between the 2509 SUPAPolicyComponentDecorator and the 2510 SUPAPolicyComponentStructure object instances."; 2511 } 2512 description 2513 "This is a concrete association class that defines the 2514 semantics of the SUPAHasDecoratedPolicyComponent 2515 association. The purpose of this class is to use the 2516 Decorator pattern [1] to detemine which 2517 SUPAPolicyComponentDecorator object instances, if any, 2518 are required to augment the functionality of a concrete 2519 subclass of SUPAPolicyClause that is being used."; 2520 } 2522 container supa-policy-component-decorator-detail-container { 2523 description 2524 "This is a container to collect all object instances of 2525 type SUPAPolicyComponentDecoratorDetail."; 2526 list supa-policy-component-decorator-detail-list { 2527 key supa-policy-ID; 2528 uses supa-has-decorator-policy-component-detail; 2529 description 2530 "This is a list of all 2531 supa-policy-component-decorator-details."; 2532 } 2533 } 2534 identity SUPA-HAS-POLICY-SOURCE-ASSOC { 2535 base POLICY-OBJECT-TYPE; 2536 description 2537 "The identity corresponding to a SUPAHasPolicySource 2538 association class object instance."; 2539 } 2541 grouping supa-has-policy-source-detail { 2542 uses supa-policy-object-type { 2543 refine entity-class { 2544 default SUPA-HAS-POLICY-SOURCE-ASSOC; 2545 } 2546 } 2547 leaf supa-has-policy-source-detail-agg-ptr { 2548 type instance-identifier; 2549 must "derived-from-or-self (deref(.)/entity-class, 2550 POLICY-STRUCTURE-TYPE)"; 2551 description 2552 "This leaf is an instance-identifier that references 2553 a SUPAPolicyStructure instance end point of the 2554 association represented by this instance of the 2555 SUPAHasPolicySource association [1]. The grouping 2556 supa-has-policy-source-detail represents the 2557 SUPAHasPolicySourceDetail class. Thus, the instance 2558 identified by this leaf is the SUPAPolicyStructure 2559 instance that is associated by this association to the 2560 SUPAPolicySource instance referenced by the 2561 supa-has-policy-source-detail-part-ptr leaf of 2562 this grouping."; 2563 } 2564 leaf supa-has-policy-source-detail-part-ptr { 2565 type instance-identifier; 2566 must "derived-from-or-self (deref(.)/entity-class, 2567 POLICY-SOURCE-TYPE)"; 2568 description 2569 "This leaf is an instance-identifier that references 2570 a SUPAPolicySource instance end point of the 2571 association represented by this instance of the 2572 SUPAHasPolicySource association [1]. The grouping 2573 supa-has-policy-source-detail represents the 2574 SUPAHasPolicySourceDetail class. Thus, the instance 2575 identified by this leaf is the SUPAPolicySource 2576 instance that is associated by this association to the 2577 SUPAPolicyStructure instance referenced by the 2578 supa-has-policy-source-detail-agg-ptr leaf of 2579 this grouping."; 2580 } 2581 leaf supa-policy-source-is-authenticated { 2582 type boolean; 2583 description 2584 "If the value of this attribute is true, then this 2585 SUPAPolicySource object has been authenticated by 2586 a policy engine or application that is executing this 2587 particular SUPAPolicyStructure object."; 2588 } 2589 leaf supa-policy-source-is-trusted { 2590 type boolean; 2591 description 2592 "If the value of this attribute is true, then this 2593 SUPAPolicySource object has been verified to be 2594 trusted by a policy engine or application that is 2595 executing this particular SUPAPolicyStructure object."; 2596 } 2597 description 2598 "This is an association class, and defines the semantics of 2599 the SUPAHasPolicySource association. The attributes and 2600 relationships of this class can be used to define which 2601 SUPAPolicySource objects can be attached to which 2602 particular set of SUPAPolicyStructure objects. Note that a 2603 SUPAPolicySource object is NOT responsible for evaluating 2604 or executing SUPAPolicies; rather, it identifies the set 2605 of entities that are responsible for managing this 2606 SUPAPolicySource object. Its primary uses are for 2607 auditability, as well as processing deontic logic. This 2608 object represents the semantics of associating a 2609 SUPAPolicySource to a SUPAPolicyTarget."; 2610 } 2612 container supa-policy-source-detail-container { 2613 description 2614 "This is a container to collect all object instances of 2615 type SUPAPolicySourceDetail."; 2616 list supa-policy-source-detail-list { 2617 key supa-policy-ID; 2618 uses supa-has-policy-source-detail; 2619 description 2620 "This is a list of all supa-policy-source-detail 2621 objects."; 2622 } 2623 } 2625 identity SUPA-HAS-POLICY-TARGET-ASSOC { 2626 base POLICY-OBJECT-TYPE; 2627 description 2628 "The identity corresponding to a SUPAHasPolicyTarget 2629 association class object instance."; 2630 } 2631 grouping supa-has-policy-target-detail { 2632 uses supa-policy-object-type { 2633 refine entity-class { 2634 default SUPA-HAS-POLICY-TARGET-ASSOC; 2635 } 2636 } 2637 leaf supa-has-policy-target-detail-agg-ptr { 2638 type instance-identifier; 2639 must "derived-from-or-self (deref(.)/entity-class, 2640 POLICY-STRUCTURE-TYPE)"; 2641 description 2642 "This leaf is an instance-identifier that references 2643 a SUPAPolicyStructure instance end point of the 2644 association represented by this instance of the 2645 SUPAHasPolicyTarget association [1]. The grouping 2646 supa-has-policy-target-detail represents the 2647 SUPAHasPolicyTargetDetail class. Thus, the instance 2648 identified by this leaf is the SUPAPolicyStructure 2649 instance that is associated by this association to the 2650 SUPAPolicyTarget instance referenced by the 2651 supa-has-policy-target-detail-part-ptr leaf of 2652 this grouping."; 2653 } 2654 leaf supa-has-policy-target-detail-part-ptr { 2655 type instance-identifier; 2656 must "derived-from-or-self (deref(.)/entity-class, 2657 POLICY-TARGET-TYPE)"; 2658 description 2659 "This leaf is an instance-identifier that references 2660 a SUPAPolicyTarget instance end point of the 2661 association represented by this instance of the 2662 SUPAHasPolicyTarget association [1]. The grouping 2663 supa-has-policy-target-detail represents the 2664 SUPAHasPolicyTargetDetail class. Thus, the instance 2665 identified by this leaf is the SUPAPolicyTarget 2666 instance that is associated by this association to the 2667 SUPAPolicyStructure instance referenced by the 2668 supa-has-policy-source-detail-agg-ptr leaf of 2669 this grouping."; 2670 } 2671 leaf supa-policy-target-is-authenticated { 2672 type boolean; 2673 description 2674 "If the value of this attribute is true, then this 2675 SUPAPolicyTarget object has been authenticated by 2676 a policy engine or application that is executing this 2677 particular SUPAPolicyStructure object."; 2678 } 2679 leaf supa-policy-target-is-enabled { 2680 type boolean; 2681 description 2682 "If the value of this attribute is true, then each 2683 SUPAPolicyTarget object that is referenced by this 2684 SUPAHasPolicyTarget aggregation is able to be used as 2685 a SUPAPolicyTarget by the SUPAPolicyStructure object 2686 that is referenced by this SUPAHasPolicyTarget 2687 aggregation. This means that this SUPAPolicyTarget has 2688 agreed to: 1) have SUPAPolicies applied to it, and 2) 2689 process (directly or with the aid of a proxy) one or 2690 more SUPAPolicies, or receive the results of a 2691 processed SUPAPolicy and apply those results to 2692 itself."; 2693 } 2694 description 2695 "This is an association class, and defines the semantics of 2696 the SUPAHasPolicyTarget association. The attributes and 2697 relationships of this class can be used to define which 2698 SUPAPolicyTarget objects can be attached to which 2699 particular set of SUPAPolicyStructure objects. Note that a 2700 SUPAPolicyTarget is used to identify a set of managed 2701 entities to which a SUPAPolicy should be applied; this 2702 object represents the semantics of applying a SUPAPolicy 2703 to a SUPAPolicyTarget."; 2704 } 2706 container supa-policy-target-detail-container { 2707 description 2708 "This is a container to collect all object instances of 2709 type SUPAPolicyTargetDetail."; 2710 list supa-policy-target-detail-list { 2711 key supa-policy-ID; 2712 uses supa-has-policy-target-detail; 2713 description 2714 "This is a list of all supa-policy-target-detail 2715 objects."; 2716 } 2717 } 2719 identity SUPA-HAS-POLICY-CLAUSE-ASSOC { 2720 base POLICY-STRUCTURE-TYPE; 2721 description 2722 "The identity corresponding to a SUPAHasPolicyClause 2723 association class object instance."; 2724 } 2725 grouping supa-has-policy-clause-detail { 2726 uses supa-policy-structure-type { 2727 refine entity-class { 2728 default SUPA-HAS-POLICY-CLAUSE-ASSOC; 2729 } 2730 } 2731 leaf supa-has-policy-clause-detail-agg-ptr { 2732 type instance-identifier; 2733 must "derived-from-or-self (deref(.)/entity-class, 2734 POLICY-STRUCTURE-TYPE)"; 2735 description 2736 "This leaf is an instance-identifier that references 2737 a concrete subclass of the SUPAPolicyStructure class 2738 end point of the association represented by this 2739 instance of the SUPAHasPolicyClause association [1]. 2740 The grouping supa-has-policy-clause-detail represents 2741 the SUPAHasPolicyClauseDetail association class. Thus, 2742 the instance identified by this leaf is the 2743 SUPAPolicyStructure instance that is associated by 2744 this association to the set of SUPAPolicyClause 2745 instances referenced by the 2746 supa-has-policy-clause-detail-part-ptr leaf of this 2747 grouping."; 2748 } 2749 leaf supa-has-policy-clause-detail-part-ptr { 2750 type instance-identifier; 2751 must "derived-from-or-self (deref(.)/entity-class, 2752 POLICY-CLAUSE-TYPE)"; 2753 description 2754 "This leaf is an instance-identifier that references 2755 a concrete subclass of the SUPAPolicyClause class 2756 end point of the association represented by this 2757 instance of the SUPAHasPolicyClause association [1]. 2758 The grouping supa-has-policy-clause-detail represents 2759 the SUPAHasPolicyClauseDetail association class. Thus, 2760 the instance identified by this leaf is the 2761 SUPAPolicyClause instance that is associated by this 2762 association to the set of SUPAPolicyStructure 2763 instances referenced by the 2764 supa-has-policy-clause-detail-agg-ptr leaf of this 2765 grouping."; 2766 } 2767 description 2768 "This is an association class, and defines the semantics of 2769 the SUPAHasPolicyClause association. The attributes and 2770 relationships of this class can be used to define which 2771 SUPAPolicyTarget objects can be used by which particular 2772 set of SUPAPolicyStructure objects. Every 2773 SUPAPolicyStructure instance MUST aggregate at 2774 least one SUPAPolicyClause instance. However, the 2775 converse is NOT true. For example, a SUPAPolicyStructure 2776 instance MUST aggregate at least one SUPAPolicyClause 2777 instance. However, a SUPAPolicyClause object could be 2778 instantiated and then stored for later use in a policy 2779 repository."; 2780 } 2782 container supa-policy-clause-detail-container { 2783 description 2784 "This is a container to collect all object instances of 2785 type SUPAPolicyClauseDetail."; 2786 list supa-policy-clause-detail-list { 2787 key supa-policy-ID; 2788 uses supa-has-policy-clause-detail; 2789 description 2790 "This is a list of all supa-policy-clause-detail 2791 objects."; 2792 } 2793 } 2795 identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { 2796 base POLICY-STRUCTURE-TYPE; 2797 description 2798 "The identity corresponding to a 2799 SUPAHasPolExecFailActionToTake association class 2800 object instance."; 2801 } 2803 grouping supa-has-policy-exec-action-detail { 2804 uses supa-policy-structure-type { 2805 refine entity-class { 2806 default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; 2807 } 2808 } 2809 leaf supa-has-exec-fail-action-detail-agg-ptr { 2810 type instance-identifier; 2811 must "derived-from-or-self (deref(.)/entity-class, 2812 POLICY-STRUCTURE-TYPE)"; 2813 description 2814 "This leaf is an instance-identifier that references 2815 a SUPAPolicyStructure instance end point of the 2816 association represented by this instance of the 2817 SUPAHasPolExecFailActionToTake association [1] that 2818 was executing a SUPAPolicy. This SUPAPolicyStructure 2819 is referred to as the 'parent' SUPAPolicyStructure 2820 instance, while the other instance end point of this 2821 association is called the 'child' SUPAPolicyStructure. 2822 The grouping supa-policy-structure-type represents the 2823 SUPAPolicyStructure class. Thus, the instance 2824 identified by this leaf is the parent 2825 SUPAPolicyStructure instance that is associated by this 2826 association to the child SUPAPolicyStructure instance 2827 referenced by the 2828 supa-has-exec-fail-action-detail-part-ptr leaf of this 2829 grouping."; 2830 } 2831 leaf supa-has-exec-fail-action-detail-part-ptr { 2832 type instance-identifier; 2833 must "derived-from-or-self (deref(.)/entity-class, 2834 POLICY-STRUCTURE-TYPE)"; 2835 description 2836 "This leaf is an instance-identifier that references 2837 a SUPAPolicyStructure instance end point of the 2838 association represented by this instance of the 2839 SUPAHasPolExecFailActionToTake association [1] that 2840 was NOT currently executing a SUPAPolicy. This 2841 SUPAPolicyStructure is referred to as the 'child' 2842 SUPAPolicyStructure instance, while the other instance 2843 end point of this association is called the 'parent' 2844 SUPAPolicyStructure. The grouping 2845 supa-policy-structure-type represents the 2846 SUPAPolicyStructure class. Thus, the instance 2847 identified by this leaf is the child 2848 SUPAPolicyStructure instance that is associated by 2849 this association to the child SUPAPolicyStructure 2850 instance referenced by the 2851 supa-has-exec-fail-action-detail-part-ptr leaf of 2852 this grouping."; 2853 } 2854 leaf-list supa-policy-exec-fail-take-action-name { 2855 type string; 2856 description 2857 "This is a list that contains the set of names for 2858 SUPAPolicyActions to use if the SUPAPolicyStructure 2859 object that owns this association failed to execute 2860 properly. This association defines a set of child 2861 SUPAPolicyStructure objects to use if this (the parent) 2862 SUPAPolicyStructure object fails to execute correctly. 2863 Each child SUPAPolicyStructure object has one or more 2864 SUPAPolicyActions; this attribute defines the name(s) 2865 of each SUPAPolicyAction in each child 2866 SUPAPolicyStructure that should be used to try and 2867 remediate the failure."; 2868 } 2869 description 2870 "This is an association class, and defines the semantics of 2871 the SUPAHasPolExecFailTakeAction association. The 2872 attributes and relationships of this class can be used to 2873 determine which SUPAPolicyAction objects are executed in 2874 response to a failure of the SUPAPolicyStructure object 2875 instance that owns this association."; 2876 } 2878 container supa-policy-exec-fail-take-action-detail-container { 2879 description 2880 "This is a container to collect all object instances of 2881 type SUPAPolExecFailActionToTakeDetail."; 2882 list supa-policy-exec-fail-take-action-detail-list { 2883 key supa-policy-ID; 2884 uses supa-has-policy-exec-action-detail; 2885 description 2886 "This is a list of all 2887 supa-has-policy-exec-action-detail objects."; 2888 } 2889 } 2891 identity SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC { 2892 base POLICY-METADATA-TYPE; 2893 description 2894 "The identity corresponding to a 2895 SUPAHasMetadataDecoratorDetail association class 2896 object instance."; 2897 } 2899 grouping supa-has-policy-metadata-dec-detail { 2900 uses supa-policy-metadata-type { 2901 refine entity-class { 2902 default SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC; 2903 } 2904 } 2905 leaf supa-has-policy-metadata-detail-dec-agg-ptr { 2906 type instance-identifier; 2907 must "derived-from-or-self (deref(.)/entity-class, 2908 POLICY-METADATA-TYPE)"; 2909 description 2910 "This leaf is an instance-identifier that references 2911 a SUPAPolicyMetadataDecorator instance end point of 2912 the association represented by this instance of the 2913 SUPAHasMetadataDecorator association [1]. The 2914 grouping supa-has-policy-metadata-detail represents 2915 the SUPAHasMetadataDecoratorDetail association class. 2917 Thus, the instance identified by this leaf is the 2918 SUPAPolicyMetadataDecorator instance that is 2919 associated by this association to the set of 2920 SUPAPolicyMetadata instances referenced by the 2921 supa-has-policy-metadata-detail-dec-part-ptr leaf of 2922 this grouping."; 2923 } 2924 leaf supa-has-policy-metadata-detail-dec-part-ptr { 2925 type instance-identifier; 2926 must "derived-from-or-self (deref(.)/entity-class, 2927 POLICY-METADATA-TYPE)"; 2928 description 2929 "This leaf is an instance-identifier that references 2930 a SUPAPolicyMetadata instance end point of the 2931 association represented by this instance of the 2932 SUPAHasMetadataDecorator association [1]. The 2933 grouping supa-has-policy-metadata-detail represents 2934 the SUPAHasMetadataDecoratorDetail association class. 2935 Thus, the instance identified by this leaf is the 2936 SUPAPolicyMetadata instance that is associated by 2937 this association to the set of 2938 SUPAPolicyMetadataDecorator instances referenced by 2939 the supa-has-policy-metadata-detail-dec-agg-ptr leaf 2940 of this grouping."; 2941 } 2942 description 2943 "This is an association class, and defines the semantics of 2944 the SUPAHasMetadataDecorator association. The attributes 2945 and relationships of this class can be used to define which 2946 concrete subclasses of the SUPAPolicyMetadataDecorator 2947 class can be used to wrap which concrete subclasses of the 2948 SUPAPolicyMetadata class."; 2949 } 2951 container supa-policy-metadata-decorator-detail-container { 2952 description 2953 "This is a container to collect all object instances of 2954 type SUPAHasMetadaDecoratorDetail."; 2955 list supa-policy-metadata-decorator-detail-list { 2956 key supa-policy-metadata-id; 2957 uses supa-has-policy-metadata-dec-detail; 2958 description 2959 "This is a list of all supa-policy-metadata-detail 2960 objects."; 2961 } 2962 } 2963 } 2965 2966 6. IANA Considerations 2968 No IANA considerations exist for this document. 2970 7. Security Considerations 2972 TBD 2974 8. Acknowledgments 2976 This document has benefited from reviews, suggestions, comments 2977 and proposed text provided by the following members, listed in 2978 alphabetical order: 2980 Qin Wu 2982 9. References 2984 This section defines normative and informative references for this 2985 document. 2987 9.1. Normative References 2989 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2990 Requirement Levels", BCP 14, RFC 2119, March 1997. 2992 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for 2993 the Network Configuration Protocol (NETCONF)", 2994 RFC 6020, October 2010. 2996 [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, 2997 July 2013. 2999 9.2. Informative References 3001 [1] Strassner, J., Halpern, J., Coleman, J., "Generic 3002 Policy Information Model for Simplified Use of Policy 3003 Abstractions (SUPA)", March 21, 2016, 3004 draft-ietf-supa-generic-policy-info-model-01 3005 [2] http://www.omg.org/spec/OCL/ 3006 [3] http://doc.omg.org/formal/2002-04-03.pdf 3007 [4] http://alloy.mit.edu/alloy/ 3008 [5] http://www.omg.org/spec/QVT/ 3010 [6] http://semver.org/ 3011 [7] Definitions of DAC, MAC, and RBAC may be found here: 3012 http://csrc.nist.gov/groups/SNS/rbac/faq.html#03 3013 [8] ABAC is described here: 3014 http://csrc.nist.gov/groups/SNS/rbac/index.html 3016 Authors' Addresses 3018 Joel Halpern 3019 Ericsson 3020 P. O. Box 6049 3021 Leesburg, VA 20178 3022 Email: joel.halpern@ericsson.com 3024 John Strassner 3025 Huawei Technologies 3026 2330 Central Expressway 3027 Santa Clara, CA 95138 USA 3028 Email: john.sc.strassner@huawei.com 3030 Sven van der Meer 3031 LM Ericsson Ltd. 3032 Ericsson Software Campus 3033 Garrycastle 3034 Athlone 3035 N37 PV44 3036 Ireland 3037 Email: sven.van.der.meer@ericsson.com