idnits 2.17.1 draft-ietf-supa-generic-policy-data-model-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 15, 2017) is 2560 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC7950' is defined on line 3050, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 3059, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 3061, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 3062, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 3064, but no explicit reference was found in the text == Unused Reference: '7' is defined on line 3065, but no explicit reference was found in the text == Unused Reference: '8' is defined on line 3067, but no explicit reference was found in the text == Outdated reference: A later version (-03) exists of draft-ietf-supa-generic-policy-info-model-02 Summary: 0 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group J. Halpern 2 Internet-Draft Ericsson 3 Intended status: Informational J. Strassner 4 Expires: October 15, 2017 Huawei Technologies 5 S. Van der Meer 6 Ericsson 7 April 15, 2017 9 Generic Policy Data Model for 10 Simplified Use of Policy Abstractions (SUPA) 11 draft-ietf-supa-generic-policy-data-model-03 13 Abstract 15 This document defines two YANG policy data modules. The first is a 16 generic policy model that is meant to be extended on an application- 17 specific basis. The second is an exemplary extension of the first 18 generic policy model, and defines rules as event-condition-action 19 policies. Both models are independent of the level of abstraction of 20 the content and meaning of a policy. 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current 30 Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six 33 months and may be updated, replaced, or obsoleted by other 34 documents at any time. It is inappropriate to use Internet-Drafts 35 as reference material or to cite them other than as "work in 36 progress." 38 This Internet-Draft will expire on April 15, 2017. 40 Copyright Notice 42 Copyright (c) 2017 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with 50 respect to this document. Code Components extracted from this 51 document must include Simplified BSD License text as described in 52 Section 4.e of the Trust Legal Provisions and are provided 53 without warranty as described in the Simplified BSD License. 55 Table of Contents 57 1. Overview ....................................................... 2 58 2. Conventions Used in This Document .............................. 2 59 3. Terminology .................................................... 3 60 3.1. Acronyms ................................................. 3 61 3.2. Definitions .............................................. 3 62 3.3. Symbology ................................................ 5 63 4. Design of the SUPA Policy Data Models ......................... 5 64 4.1. Objectives ............................................... 5 65 4.2 Yang Data Model Maintenance ................................ 5 66 4.3 YANG Data Model Overview ................................... 6 67 4.4. YANG Tree Diagram ........................................ 7 68 5. SUPA Policy Data Model YANG Module ............................ 11 69 6. IANA Considerations ........................................... 63 70 7. Security Considerations ....................................... 63 71 8. Acknowledgments ............................................... 63 72 9. References .................................................... 63 73 9.1. Normative References ..................................... 63 74 9.2. Informative References ................................... 63 75 Authors' Addresses ................................................ 64 77 1. Overview 79 This document defines two YANG [RFC6020] [RFC6991] policy data 80 models. The first is a generic policy model that is meant to be 81 extended on an application-specific basis. It is derived from the 82 Generic Policy Information Model (GPIM) defined in [1]. The second 83 is an exemplary extension of the first (generic policy) model, and 84 defines policy rules as event-condition-action tuples. Both models 85 are independent of the level of abstraction of the content and 86 meaning of a policy. 88 The GPIM defines a common framework as a set of model elements 89 (e.g., classes, attributes, and relationships) that specify a 90 common set of policy management concepts that are independent of the 91 type of policy (e.g., imperative, procedural, declarative, or 92 otherwise). The first YANG data model is a translation of the GPIM 93 to a YANG module. The ECA Policy Rule Information Model (EPRIM), 94 also defined in [1], extends the GPIM to represent policy rules that 95 use the Event-Condition-Action (ECA) paradigm. The second YANG data 96 model maps the EPRIM to YANG. The second YANG data model MAY be 97 used to augment the functionality of the first YANG data model. 99 2. Conventions Used in This Document 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 103 this document are to be interpreted as described in [RFC2119]. In 104 this document, these words will appear with that interpretation 105 only when in ALL CAPS. Lower case uses of these words are not to 106 be interpreted as carrying [RFC2119] significance. 108 3. Terminology 110 This section defines acronyms, terms, and symbology used in the 111 rest of this document. 113 3.1. Acronyms 115 CNF Conjunctive Normal Form 116 DNF Disjunctive Normal Form 117 ECA Event-Condition-Action 118 EPRIM (SUPA) ECA Policy Rule Information Model [1] 119 FQDN Fully Qualified Domain Name 120 FQPN Fully Qualified Path Name 121 GPIM (SUPA) Generic Policy Information Model [1] 122 GUID Globally Unique IDentifier 123 NETCONF Network Configuration protocol 124 OAM&P Operations, Administration, Management, and Provisioning 125 OCL Object Constraint Language {2] [3] 126 OID Object IDentifier 127 SUPA Simplified Use of Policy Abstractions 128 UML Unified Modeling Language 129 URI Uniform Resource Identifier 130 UUID Universally Unique IDentifier 132 3.2. Definitions 134 Action: a set of activities that have a set of associated behavior. 136 Boolean Clause: a logical statement that evaluates to either TRUE 137 or FALSE. Also called Boolean Expression. 139 Condition: a set of attributes, features, and/or values that are to 140 be compared with a set of known attributes, features, and/or 141 values in order to make a decision. A Condition, when used in 142 the context of a Policy Rule, is used to determine whether or not 143 the set of Actions in that Policy Rule can be executed or not. 145 Constraint: A constraint is a limitation or restriction. 146 Constraints may be added to any type of object (e.g., events, 147 conditions, and actions in Policy Rules). 149 Data Model: a data model is a representation of concepts of 150 interest to an environment in a form that is dependent on data 151 repository, data definition language, query language, 152 implementation language, and protocol (typically one or more of 153 these). This definition is taken from [1]. 155 ECA: Event - Condition - Action (a type of policy). 157 Event: an Event is defined as any important occurrence in time in 158 the system being managed, and/or in the environment of the system 159 being managed. An Event may represent the changing or maintaining 160 of the state of a managed object. An Event, when used in the 161 context of a Policy Rule, is used to determine whether the 162 Condition clause of an imperative (i.e., ECA) Policy Rule can be 163 evaluated or not. 165 FQPN (FUlly Qualified Path Name) 166 The specification of a path to a file in a system that 167 unambiguously resolves to only that specific file. In this 168 sense, "fully qualified" is independent of context. However, 169 in a distributed system, it may be dependent on the specific 170 format of an operating system. Hence, implementations should 171 consider such issues before allowing the use of FQPNs. 173 Information Model: an information model is a representation of 174 concepts of interest to an environment in a form that is 175 independent of data repository, data definition language, query 176 language, implementation language, and protocol. This definition 177 is taken from [1]. 179 Metadata: metadata is data that provides descriptive and/or 180 prescriptive information about the object(s) to which it is 181 associated. This enables structure and content of the object(s) 182 to which it applies, as well as usage and other information, to 183 be represented in an extensible manner. It avoids "burying" 184 common information in specific classes, and increases reuse. 186 SUPAPolicy: A SUPAPolicy is, in this version of this document, an ECA 187 policy rule that MUST contain an ECA policy rule, SHOULD contain 188 one or more SUPAPolicyMetadata objects, and MAY contain other 189 elements that define the semantics of the policy rule. An ECA 190 Policy Rule MUST contain an event clause, a condition clause, and 191 an action clause. Policies are generically defined as a means to 192 monitor and control the changing and/or maintaining of the state 193 of one or more managed objects. This definition is based on the 194 definition of SUPAPolicy in [1]. 196 3.3. Symbology 198 The following representation is used to describe YANG data modules 199 defined in this draft. 201 o Brackets "[" and "]" enclose list keys. 203 o Abbreviations before data node names: "rw" means configuration 204 data (read-write), and "ro" means state data (read-only). 206 o Symbols after data node names: "?" means an optional node, "!" 207 means a presence container, and "*" denotes a list and leaf-list. 209 o Parentheses enclose choice and case nodes, and case nodes are also 210 marked with a colon (":"). 212 o Ellipsis ("...") stands for contents of subtrees that are not 213 shown. 215 4. Design of the SUPA Policy Data Models 217 This section describes the design philosophy of the YANG data model, 218 and how they will be maintained. 220 4.1. Objectives 222 These Data Models are derived from the SUPA Generic Policy 223 Information Model [1]. The overall objective is to faithfully 224 transform that information model into a YANG data model that can 225 be used for communicating policy. The policy scope to be covered is 226 that defined by [1]; please refer to it for more details and 227 background information. 229 This model is an extensible framework that is independent of the 230 implementation approach for storing polices, as well as being 231 independent of the content and meaning of specific policies. These 232 models can be extended (generally by using the groupings here and 233 defining additional containers for concrete classes) to represent 234 domain- and/or application-specific policies. The ECA model in this 235 document is an example of extending the general policy model towards 236 specific policies. 238 By using this approach, different policy models will use common 239 semantics, enabling them to be more easily integrated. 241 One of the important goals of this work is for the semantics of 242 these models to align with those of the generic policy information 243 model. Thus, most of this model was generate by a quasi-algorithmic 244 transformation of the information model. This was done by hand. 245 Certain changes were made to reflect the fact that this is a YANG 246 data model, and therefore, does not need to generically allow for 247 all data modelling languages. Details of the process are described 248 below in section 4.3. 250 4.2 Yang Data Model maintenance 252 All model changes should be done to both the information model and 253 the data model in parallel. Care is being taken during development 254 of this model to ensure that is the case. 256 In general, structural changes will be applied to both the 257 information model and the data model, and then any necessary YANG 258 repairs taken to preserve the validity of the YANG data model. 260 4.3 YANG Data Model Overview 262 This YANG data model is generated by applying suitable YANG 263 constructs to represent the information in the information model. 265 There are three key information modeling concepts that this data 266 model needs to represent consistently. These are classes, class 267 inheritance (also known as subclassing) and associations. The 268 SUPA generic policy information model [1] makes extensive use of 269 these concepts. 271 Each class in the model is represented by a YANG identity and by a 272 YANG grouping. The use of groupings enables us to define these 273 classes abstractly. Each grouping begins with two leaves (either 274 defined in the grouping or inherited via a uses clause), which 275 provide common functionality. One leaf is used for the system-wide 276 unique identifier for this instance. This is either named 277 supa-policy-ID (for the SUPAPolicyObject tree, which contains 278 everything EXCEPT metadata objects) or supa-policy-metadata-id (for 279 the SUPAPolicyMetadata tree, which ONLY contains metadata). All 280 associations use supa-policy-IDs. The second leaf is always called 281 the entity-class. It is an identityref which is set to the identity 282 of the instance. The default value for this leaf is always 283 correctly defined by the grouping. It is read-write in the YANG 284 formalism due to restrictions on the use of MUST clauses. 286 Class inheritance (or subclassing) is done by defining an identity 287 and a grouping for the new class. The identity is based on the 288 parent identity, and is given a new name to represent this class. 289 The new grouping uses the parent grouping. It refines the 290 entity-class of the parent, replacing the default value of the 291 entity-class with the correct value for this class. 293 Associations are represented by the use of instance-identifiers and 294 association classes. Association classes are classes, using the 295 above construction, which contain leaves representing the set of 296 instance-identifiers for each end of the association, along with 297 any other properties the information model assigns to the 298 association. The two associated classes each have a leaf with an 299 instance-identifier that points to the association class instance. 300 Each instance-identifier leaf is defined with a must clause. That 301 must clause references the entity-class of the target of the 302 instance-identifier, and specifies that the entity class type must 303 be the same as, or subclassed from, a specific named class. Thus, 304 associations can point to any instance of a selected class, or any 305 instance of any subclass of that target. 307 While not mandated by the YANG, it is expected that the xpath for 308 the instance-identifier will end with an array selection specifying 309 the supa-policy-ID or supa-policy-metadata-id of the target. This 310 enables us to construct the abstract class tree, with inheritance 311 and associations. It is noted and accepted that this process does 312 lose the distinction between containment, association, and 313 aggregation used by the information model. 315 The concrete class tree is constructed as follows. The YANG model 316 defines a container for each class that is defined as concrete by 317 the information model. That container contains a single list, 318 keyed by either the supa-policy-id or the supa-policy-metadata-id. 319 The content of the list is defined by a uses clause referencing the 320 grouping that defines the class. After this was done, certain 321 additional modifications were made. Specifically, any information 322 model constructs intended to represent lists of possible values 323 were recast as YANG enumerations. Where these lists are used more 324 than once, they are factored out into reusable enumerations. 326 Certain attributes that are not needed in the YANG (e.g., to 327 represent the range of choices different data models might use for 328 policy identification) were removed for simplicity and clarity. 330 4.4. YANG Tree Diagram 332 The YANG Tree Diagram starts on the next page. It uses the following 333 abbreviations for datatypes: 335 - B: Boolean 336 - E: enumeration 337 - II: instance-identifier 338 - IR: identityref 339 - PC: policy-constraint-language-list 340 - PD: policy-data-type-encoding-list 341 - S: string 342 - YD: yang:date-and-time 343 - UI: uint32 345 module: ietf-supa-policy 346 +--rw supa-encoding-clause-container 347 | +--rw supa-encoding-clause-list* [supa-policy-ID] 348 | +--rw entity-class? IR 349 | +--rw supa-policy-ID S 350 | +--rw supa-policy-name? S 351 | +--rw supa-policy-object-description? S 352 | +--rw supa-has-policy-metadata-agg-ptr* II 353 | +--rw supa-has-policy-component-decorator-part-ptr II 354 | +--rw supa-policy-clause-deploy-status E 355 | +--rw supa-has-policy-clause-part-ptr* II 356 I +--rw supa-encoded-clause-content S 357 I +--rw supa-encoded-clause-language E 358 +--rw supa-policy-variable-container 359 | +--rw supa-policy-variable-list* [supa-policy-ID] 360 | +--rw entity-class? IR 361 | +--rw supa-policy-ID S 362 | +--rw supa-policy-name? S 363 | +--rw supa-policy-object-description? S 364 | +--rw supa-has-policy-metadata-agg-ptr* II 365 | +--rw supa-has-policy-component-decorator-part-ptr II 366 | +--rw supa-has-policy-component-decorator-agg-ptr* II 367 | +--rw supa-decorator-constraints* S 368 | +--rw supa-has-decorator-constraint-encoding? PC 369 | +--rw supa-policy-term-is-negated? B 370 | +-rw supa-policy-variable-name? S 371 +--rw supa-policy-operator-container 372 | +--rw supa-policy-operator-list* [supa-policy-ID] 373 | +--rw entity-class? IR 374 | +--rw supa-policy-ID S 375 | +--rw supa-policy-name? S 376 | +--rw supa-policy-object-description? S 377 | +--rw supa-has-policy-metadata-agg-ptr* II 378 | +--rw supa-has-policy-component-decorator-part-ptr II 379 | +--rw supa-has-policy-component-decorator-agg-ptr* II 380 | +--rw supa-decorator-constraints* S 381 | +--rw supa-has-decorator-constraint-encoding? PC 382 | +--rw supa-policy-term-is-negated? B 383 | +--rw supa-policy-value-op-type E 384 +--rw supa-policy-value-container 385 | +--rw supa-policy-value-list* [supa-policy-ID] 386 | +--rw entity-class? IR 387 | +--rw supa-policy-ID S 388 | +--rw supa-policy-name? S 389 | +--rw supa-policy-object-description? S 390 | +--rw supa-has-policy-metadata-agg-ptr* II 391 | +--rw supa-has-policy-component-decorator-part-ptr II 392 | +--rw supa-has-policy-component-decorator-agg-ptr* II 393 | +--rw supa-decorator-constraints* S 394 | +--rw supa-has-decorator-constraint-encoding? PC 395 | +--rw supa-policy-term-is-negated? B 396 | +--rw supa-policy-value-content* S 397 | +--rw supa-policy-value-encoding? PD 398 +--rw supa-policy-generic-decorated-container 399 | +--rw supa-encoding-clause-list* [supa-policy-ID] 400 | +--rw entity-class? IR 401 | +--rw supa-policy-ID S 402 | +--rw supa-policy-name? S 403 | +--rw supa-policy-object-description? S 404 | +--rw supa-has-policy-metadata-agg-ptr* II 405 | +--rw supa-has-policy-component-decorator-part-ptr II 406 | +--rw supa-has-policy-component-decorator-agg-ptr* II 407 | +--rw supa-decorator-constraints* S 408 | +--rw supa-has-decorator-constraint-encoding? PC 409 | +--rw supa-policy-generic-decorated-content* S 410 | +--rw supa-policy-generic-decorated-encoding? PD 411 +--rw supa-policy-source-container 412 | +--rw supa-source-list* [supa-policy-ID] 413 | +--rw entity-class? IR 414 | +--rw supa-policy-ID S 415 | +--rw supa-policy-name? S 416 | +--rw supa-policy-object-description? S 417 | +--rw supa-has-policy-metadata-agg-ptr* II 418 | +--rw supa-has-policy-source-part-ptr II 419 +--rw supa-policy-target-container 420 | +--rw supa-target-list* [supa-policy-ID] 421 | +--rw entity-class? IR 422 | +--rw supa-policy-ID S 423 | +--rw supa-policy-name? S 424 | +--rw supa-policy-object-description? S 425 | +--rw supa-has-policy-metadata-agg-ptr* II 426 | +--rw supa-has-policy-target-part-ptr II 427 +--rw supa-policy-concrete-metadata-container 428 | +--rw supa-policy-concrete-metadata-list* 429 [supa-policy-metadata-id] 430 | +--rw entity-class? IR 431 | +--rw supa-policy-metadata-id S 432 | +--rw supa-policy-metadata-description? S 433 | +--rw supa-policy-metadata-name? S 434 | +--rw supa-has-policy-metadata-part-ptr* II 435 | +--rw supa-has-policy-metadata-dec-part-ptr* II 436 | +--rw supa-policy-metadata-valid-period-end? YD 437 | +--rw supa-policy-metadata-valid-period-start? YD 438 +--rw supa-policy-metadata-decorator-access-container 439 | +--rw supa-policy-metadata-decorator-access-list* 440 [supa-policy-metadata-id] 441 | +--rw entity-class? IR 442 | +--rw supa-policy-metadata-id S 443 | +--rw supa-policy-metadata-description? S 444 | +--rw supa-policy-metadata-name? S 445 | +--rw supa-has-policy-metadata-part-ptr* II 446 | +--rw supa-has-policy-metadata-dec-part-ptr* II 447 | +--rw supa-has-policy-metadata-dec-agg-ptr? II 448 +--rw supa-policy-metadata-decorator-version-container 449 | +--rw supa-policy-metadata-decorator-version-list* 450 [supa-policy-metadata-id] 451 | +--rw entity-class? IR 452 | +--rw supa-policy-metadata-id S 453 | +--rw supa-policy-metadata-description? S 454 | +--rw supa-policy-metadata-name? S 455 | +--rw supa-has-policy-metadata-part-ptr* II 456 | +--rw supa-has-policy-metadata-dec-part-ptr* II 457 | +--rw supa-has-policy-metadata-dec-agg-ptr? II 458 +--rw supa-policy-metadata-detail-container 459 | +--rw supa-policy-metadata-detail-list [supa-policy-ID] 460 | +--rw entity-class? IR 461 | +--rw supa-policy-ID S 462 | +--rw supa-policy-name? S 463 | +--rw supa-policy-object-description? S 464 | +--rw supa-has-policy-metadata-agg-ptr* II 465 | +--rw supa-has-policy-metadata-detail-agg-ptr? II 466 | +--rw supa-has-policy-metadata-detail-part-ptr? II 467 | +--rw supa-policy-metadata-detail-is-applicable? B 468 | +--rw supa-policy-metadata-detail-constraint* S 469 | +--rw supa-policy-metadata-detail-constraint-encoding? PC 470 +--rw supa-policy-component-decorator-detail-container 471 | +--rw supa-policy-component-decorator-detail-list* 472 [supa-policy-ID] 473 | +--rw entity-class? IR 474 | +--rw supa-policy-ID S 475 | +--rw supa-policy-name? S 476 | +--rw supa-policy-object-description? S 477 | +--rw supa-has-policy-metadata-agg-ptr* II 478 | +--rw supa-has-policy-component-decorator-agg-ptr? II 479 | +--rw supa-has-policy-component-decorator-part-ptr? II 480 | +--rw supa-has-decorator-constraint* S 481 | +--rw supa-has-decorator-constraint-encoding PC 482 +--rw supa-policy-source-detail-container 483 | +--rw supa-policy-source-detail-list* [supa-policy-ID] 484 | +--rw entity-class? IR 485 | +--rw supa-policy-ID S 486 | +--rw supa-policy-name? S 487 | +--rw supa-policy-object-description? S 488 | +--rw supa-has-policy-metadata-agg-ptr* II 489 I +--rw supa-has-policy-source-detail-agg-ptr? II 490 I +--rw supa-has-policy-source-detail-part-ptr? II 491 I +--rw supa-policy-source-is-authenticated? B 492 I +--rw supa-policy-source-is-trusted? B 493 +--rw supa-policy-target-detail-container 494 | +--rw supa-policy-target-detail-list* [supa-policy-ID] 495 | +--rw entity-class? IR 496 | +--rw supa-policy-ID S 497 | +--rw supa-policy-name? S 498 | +--rw supa-policy-object-description? S 499 | +--rw supa-has-policy-metadata-agg-ptr* II 500 I +--rw supa-has-policy-target-detail-agg-ptr? II 501 I +--rw supa-has-policy-target-detail-part-ptr? II 502 I +--rw supa-policy-target-is-authenticated? B 503 I +--rw supa-policy-target-is-enabled? B 504 +--rw supa-policy-clause-detail-container 505 | +--rw supa-policy-clause-detail-list* [supa-policy-ID] 506 | +--rw entity-class? IR 507 | +--rw supa-policy-ID S 508 | +--rw supa-policy-name? S 509 | +--rw supa-policy-object-description? S 510 | +--rw supa-has-policy-metadata-agg-ptr* II 511 | +--rw supa-has-policy-clause-detail-agg-ptr? II 512 | +--rw supa-has-policy-clause-detail-part-ptr? II 513 +--rw supa-policy-exec-fail-take-action-detail-container 514 | +--rw supa-policy-exec-fail-take-action-detail-list* 515 [supa-policy-ID] 516 | +--rw entity-class? IR 517 | +--rw supa-policy-ID S 518 | +--rw supa-policy-name? S 519 | +--rw supa-policy-object-description? S 520 | +--rw supa-has-policy-metadata-agg-ptr* II 521 | +--rw supa-has-exec-fail-action-detail-agg-ptr? II 522 | +--rw supa-has-exec-fail-action-detail-part-ptr? II 523 | +--rw supa-policy-exec-fail-take-action-name* S 524 +--rw supa-policy-metadata-decorator-detail-container 525 +--rw supa-policy-metadata-decorator-detail-list* 526 [supa-policy-metadata-id] 527 +--rw entity-class? IR 528 +--rw supa-policy-metadata-id S 529 +--rw supa-policy-metadata-description? S 530 +--rw supa-policy-metadata-name? S 531 +--rw supa-has-policy-metadata-part-ptr* II 532 +--rw supa-has-policy-metadata-dec-part-ptr* II 533 +--rw supa-has-policy-metadata-detail-dec-agg-ptr? II 534 +--rw supa-has-policy-metadata-detail-dec-part-ptr? II 536 5. SUPA Policy Data Model YANG Module 538 The SUPA YANG data model module is divided into two main parts: 540 1) a set of containers that represent the objects that make 541 updated a Policy Rule and its Policy Rule Components 542 2) a set of containers that represent the objects that define and 543 apply metadata to Policy Rules and/or Policy Rule Components 545 Editor's note: This will be described in more detail in version 03 546 file "ietf-supa-policy@2016-10-10.yang" 548 module ietf-supa-policy { 550 yang-version 1.1; 551 namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policy"; 552 prefix supa-pdm; 554 import ietf-yang-types { 555 prefix yang; 556 } 558 organization "IETF"; 559 contact 560 "Editor: Joel Halpern 561 email: jmh@joelhalpern.com; 562 Editor: John Strassner 563 email: strazpdj@gmail.com;"; 565 description 566 "This module defines a data model for generic high level 567 definition of policies to be applied to a network. 568 This module is derived from and aligns with 569 draft-ietf-supa-generic-policy-info-model-01. 570 Details on all classes, associations, and attributes 571 can be found there. 572 Copyright (c) 2015 IETF Trust and the persons identified 573 as the document authors. All rights reserved. 574 Redistribution and use in source and binary forms, with or 575 without modification, is permitted pursuant to, and 576 subject to the license terms contained in, the Simplified 577 BSD License set forth in Section 4.c of the IETF Trust's 578 Legal Provisions Relating to IETF Documents 579 (http://trustee.ietf.org/license-info)."; 581 revision "2017-04-15" { 582 description 583 "20170415: Updated SUPABooleanClause based on 584 implementation experience from SNMPO example; 585 reworded definitions of supaPolMetadataID and 586 supaEncodedClauseEncoding attribute. 587 20170117: updated class and attribute names in the YANG 588 to match those in the IM, except where noted. 589 20161210: Incorporated input from IISOMI 590 20161010: Changed back to transitive identities (to 591 enforce inheritance) after determining that 592 errors were from a confdc bug. 593 20161008: Fixed errors found in latest pyang compiler 594 and from YANG Doctors. 595 20161001: Minor edits in association definitions. 596 20160928: Generated yang tree. 598 20160924: Rewrote association documentation; rebuilt 599 how all classes are named for consistency. 600 20160904: Optimization of module by eliminating leaves 601 that are not needed; rewrote section 4. 602 20160824: Edits to sync data model to info model. 603 20160720: Conversion to WG draft. Fixed pyang 1.1 604 compilation errors. Fixed must clause 605 derefencing used in grouping statements. 606 Reformatted and expanded descriptions. 607 Fixed various typos. 608 20160321: Initial version."; 609 reference 610 "draft-ietf-supa-policy-data-model-02"; 611 } 613 typedef policy-constraint-language-list { 614 type enumeration { 615 enum "error" { 616 description 617 "This signifies an error state."; 618 } 619 enum "init" { 620 description 621 "This signifies a generic initialization state."; 622 } 623 enum "OCL2.4" { 624 description 625 "Object Constraint Language v2.4 [2]. This is a 626 declarative language for describing rules for 627 defining constraints and query expressions."; 628 } 629 enum "OCL2.x" { 630 description 631 "Object Constraint Language, v2.0 through 2.3.1 632 [2]."; 633 } 634 enum "OCL1.x" { 635 description 636 "Object Constraint Language, any version prior 637 to v2.0 [3]."; 638 } 639 enum "QVT1.2 Relational Language" { 640 description 641 "QVT Relational Language [5]."; 642 } 643 enum "QVT1.2 Operational Language" { 644 description 645 "QVT Operational Language [5]."; 646 } 647 enum "Alloy" { 648 description 649 "A language for defining structures and 650 and relations using constraints [4]."; 651 } 652 enum "Text" { 653 description 654 "The constraints are written in plain text."; 655 } 656 } 657 description 658 "The language used to encode the constraints that 659 relevant to the relationship between the metadata 660 and the underlying policy object."; 661 } 663 typedef policy-data-type-id-encoding-list { 664 type enumeration { 665 enum "error" { 666 description 667 "This signifies an error state."; 668 } 669 enum "init" { 670 description 671 "This signifies a generic initialization state."; 672 } 673 enum "primary_key" { 674 description 675 "This represents the primary key of a table, which 676 uniquely identifies each record in that table. 677 It MUST NOT be NULL. It MAY consist of a single 678 or multiple fields. Note that a YANG data model 679 implementation does NOT have to implement this 680 enumeration."; 681 } 682 enum "foreign_key" { 683 description 684 "This represents the foreign key, which is a set 685 or more fields in one table that uniquely 686 identify a row in another table. It MAY be 687 NULL. Note that a YANG data model implementation 688 does NOT have to implement this enumeration."; 689 } 690 enum "GUID" { 691 description 692 "The object is referenced by this GUID."; 693 } 694 enum "UUID" { 695 description 696 "The object is referenced by this UUID."; 697 } 698 enum "URI" { 699 description 700 "The object is referenced by this URI."; 701 } 702 enum "FQDN" { 703 description 704 "The object is referenced by this FQDN."; 705 } 706 enum "FQPN" { 707 description 708 "The object is referenced by this FQPN. Note that 709 FQPNs assume that all components can access a 710 single logical file repostory."; 711 } 712 enum "string_instance_id" { 713 description 714 "A string that is the canonical representation, 715 in ASCII, of an instance ID of this object."; 716 } 717 } 718 description 719 "The list of possible data types used to represent object 720 IDs for all SUPA object instances."; 721 } 723 typedef policy-data-type-encoding-list { 724 type enumeration { 725 enum "error" { 726 description 727 "This signifies an error state."; 728 } 729 enum "init" { 730 description 731 "This signifies an initialization state."; 732 } 733 enum "string" { 734 description 735 "This represents a string data type."; 736 } 737 enum "integer" { 738 description 739 "This represents an integer data type."; 740 } 741 enum "boolean" { 742 description 743 "This represents a Boolean data type."; 744 } 745 enum "floating point" { 746 description 747 "This represents a floating point data type."; 748 } 749 enum "date-and-time" { 750 description 751 "This represents a data type that can specify 752 date and/or time."; 753 } 754 enum "GUID" { 755 description 756 "This represents a GUID data type."; 757 } 758 enum "UUID" { 759 description 760 "This represents a UUID data type."; 761 } 762 enum "URI" { 763 description 764 "This represents a URI data type."; 765 } 766 enum "DN" { 767 description 768 "This represents a DN data type."; 769 } 770 enum "FQDN" { 771 description 772 "The object is referenced by this FQDN."; 773 } 774 enum "FQPN" { 775 description 776 "The object is referenced by this FQPN. Note that 777 FQPNs assume that all components can access a 778 single logical file repostory."; 779 } 780 enum "NULL" { 781 description 782 "This represents a NULL data type. NULL means the 783 absence of an actual value. NULL is frequently 784 used to represent a missing or invalid value."; 785 } 786 enum "string_instance_id" { 787 description 788 "A string that is the canonical representation, 789 in ASCII, of an instance ID of this object."; 790 } 791 } 792 description 793 "The set of allowable data types used to encode 794 multi-valued SUPA Policy attributes."; 795 } 797 // Identities are used in this model as a means to provide simple 798 // introspection to allow an instance-identifier to be tested as to 799 // what class it represents. This allows must clauses to specify 800 // that the target of a particular instance-identifier leaf must be a 801 // specific class, or within a certain branch of the inheritance tree. 802 // This depends upon the ability to refine the entity class default 803 // value. The entity class should be read-only. However, as this is 804 // the target of a MUST condition, it cannot be config-false. Also, 805 // it appears that we cannot put a MUST condition on its definition, 806 // as the default (actual) value changes for each inherited object. 807 // Finally, note that since identities are irreflexive, we define a 808 // parent identitym called SUPA-ROOT-TYPE, to serve as the single root 809 // from which all identity statements are derived. 811 identity SUPA-ROOT-TYPE { 812 description 813 "The identity corresponding to a single root for all 814 identities in the SUPA Data Model. Note that section 815 7.18.2 in [RFC7950] says that identity derivation is 816 irreflexive (i.e., an identity cannot be derived 817 from itself."; 818 } 820 identity POLICY-OBJECT-TYPE { 821 base SUPA-ROOT-TYPE; 822 description 823 "The identity corresponding to a SUPAPolicyObject 824 object instance."; 825 } 827 grouping supa-policy-object-type { 828 leaf entity-class { 829 type identityref { 830 base SUPA-ROOT-TYPE; 831 } 832 default POLICY-OBJECT-TYPE; 833 description 834 "The identifier of the class of this grouping."; 835 } 836 leaf supa-policy-ID { 837 type string; 838 mandatory true; 839 description 840 "The string identifier of this policy object, which 841 functions as the unique object identifier of this 842 object instance. This attribute MUST be unique within 843 the policy system. This attribute is named 844 supaPolObjIDContent in [1], and is used with another 845 attribute (supaPolObIDEncoding); since the YANG data 846 model does not need this genericity, the 847 supaPolObjIDContent attribute was renamed, and the 848 supaObjectIDEncoding attribute was removed."; 849 } 850 leaf supa-policy-name { 851 type string; 852 description 853 "A human-readable name for this policy object. Note 854 that this is NOT the object ID."; 855 } 856 leaf supa-policy-object-description { 857 type string; 858 description 859 "A human-readable description of the characteristics 860 and behavior of this policy object."; 861 } 862 leaf-list supa-has-policy-metadata-agg-ptr { 863 type instance-identifier; 864 must "derived-from-or-self (deref(.)/entity-class, 865 'SUPA-HAS-POLICY-METADATA-ASSOC')"; 866 description 867 "This leaf-list holds instance-identifiers that 868 reference a SUPAHasPolicyMetadata association [1]. 869 This association is represented by the grouping 870 supa-has-policy-metadata-detail. This association 871 describes how each SUPAPolicyMetadata instance is 872 related to a given SUPAPolicyObject instance. Since 873 this association class contains attributes, the 874 instance-identifier MUST point to an instance using 875 the grouping supa-has-policy-metadata-detail (which 876 includes subclasses of this association class)."; 877 } 878 description 879 "This represents the SUPAPolicyObject [1] class. It is the 880 superclass for all SUPA Policy objects (i.e., all objects 881 that are either Policies or components of Policies). Note 882 that SUPA Policy Metadata objects are NOT subclassed from 883 this class; they are instead subclassed from the 884 SUPAPolicyMetadata (i.e., supa-policy-metadata-type) 885 object. This class (supa-policy-object-type) is used to 886 define common attributes and relationships that all SUPA 887 Policy subclasses inherit. It MAY be augmented with a set 888 of zero or more SUPAPolicyMetadata objects using the 889 SUPAHasPolicyMetadata association, which is represented 890 by the supa-has-policy-metadata-agg leaf-list."; 891 } 892 identity POLICY-COMPONENT-TYPE { 893 base POLICY-OBJECT-TYPE; 894 description 895 "The identity corresponding to a 896 SUPAPolicyComponentStructure object instance."; 897 } 899 grouping supa-policy-component-structure-type { 900 uses supa-policy-object-type { 901 refine entity-class { 902 default POLICY-COMPONENT-TYPE; 903 } 904 } 905 leaf supa-has-policy-component-decorator-part-ptr { 906 type instance-identifier; 907 must "derived-from-or-self (deref(.)/entity-class, 908 'SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC')"; 909 mandatory true; 910 description 911 "This leaf holds instance-identifiers that 912 reference a SUPAHasDecoratedPolicyComponent 913 association [1], and is represented by the grouping 914 supa-has-decorator-policy-component-detail. This 915 association describes how each 916 SUPAPolicyComponentStructure instance is related to a 917 given SUPAPolicyComponentDecorator instance. Multiple 918 SUPAPolicyComponentDecorator instances may be attached 919 to a SUPAPolicyComponentStructure instance that is 920 referenced in this association by using the Decorator 921 pattern [1]. Since this association class contains 922 attributes, the instance-identifier MUST point to an 923 instance using the grouping 924 supa-has-decorator-policy-component-detail (which 925 includes subclasses of this association class)."; 926 } 927 description 928 "This represents the SUPAPolicyComponent class [1], which is 929 the superclass for all objects that represent different 930 components of a Policy. Important subclasses include the 931 SUPAPolicyClause and the SUPAPolicyComponentDecorator. 932 This object is the root of the Decorator pattern [1]; as 933 such, it enables all of its concrete subclasses to be 934 wrapped with other concrete subclasses of the 935 SUPAPolicyComponentDecorator class."; 936 } 938 identity POLICY-COMPONENT-DECORATOR-TYPE { 939 base POLICY-COMPONENT-TYPE; 940 description 941 "The identity corresponding to a 942 SUPAPolicyComponentDecorator object instance."; 943 } 944 grouping supa-policy-component-decorator-type { 945 uses supa-policy-component-structure-type { 946 refine entity-class { 947 default POLICY-COMPONENT-DECORATOR-TYPE; 948 } 949 } 950 leaf-list supa-has-policy-component-decorator-agg-ptr { 951 type instance-identifier; 952 must "derived-from-or-self (deref(.)/entity-class, 953 'SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC')"; 954 min-elements 1; 955 description 956 "This leaf-list holds instance-identifiers that 957 reference a SUPAHasDecoratedPolicyComponent 958 association [1]. This association is represented by the 959 grouping supa-has-decorator-policy-component-detail. 960 This leaf-list helps implement the Decorator pattern 961 [1], which enables all or part of one or more object 962 instances to wrap another object instance. For 963 example, any concrete subclass of SUPAPolicyClause, 964 such as SUPAEncodedClause, may be wrapped by any 965 concrete subclass of SUPAPolicyComponentDecorator 966 (e.g., SUPAPolicyEvent). Since this association class 967 contains attributes, the instance-identifier MUST 968 point to an instance using the grouping 969 supa-has-decorator-policy-component-detail (which 970 includes subclasses of this association class)."; 971 } 972 leaf-list supa-decorator-constraints { 973 type string; 974 description 975 "This is a set of constraint expressions that are 976 applied to this decorator, allowing the specification 977 of details not captured in its subclasses, using an 978 appropriate constraint language that is specified in 979 the supa-has-decorator-constraint-encoding leaf."; 980 } 981 leaf supa-has-decorator-constraint-encoding { 982 type policy-constraint-language-list; 983 description 984 "The language in which the constraints on the 985 policy component decorator is expressed. Examples 986 include OCL 2.4 [2], Alloy [3], and English text."; 987 } 988 description 989 "This object implements the Decorator pattern [1], which 990 enables all or part of one or more concrete objects to 991 wrap another concrete object."; 992 } 993 identity POLICY-COMPONENT-CLAUSE-TYPE { 994 base POLICY-COMPONENT-TYPE; 995 description 996 "The identity corresponding to a SUPAPolicyClause 997 object instance."; 998 } 1000 grouping supa-policy-clause-type { 1001 uses supa-policy-component-structure-type { 1002 refine entity-class { 1003 default POLICY-COMPONENT-CLAUSE-TYPE; 1004 } 1005 } 1006 leaf supa-policy-clause-deploy-status { 1007 type enumeration { 1008 enum "error" { 1009 description 1010 "This signifies an error state. OAM&P Policies 1011 SHOULD NOT use this SUPAPolicyClause if the 1012 value of this attribute is error."; 1013 } 1014 enum "init" { 1015 description 1016 "This signifies an initialization state."; 1017 } 1018 enum "deployed and enabled" { 1019 description 1020 "This SUPAPolicyClause has been deployed in 1021 the system and is currently enabled."; 1022 } 1023 enum "deployed and in test" { 1024 description 1025 "This SUPAPolicyClause has been deployed in the 1026 system, but is currently in a test state and 1027 SHOULD NOT be used in OAM&P policies."; 1028 } 1029 enum "deployed but not enabled" { 1030 description 1031 "This SUPAPolicyClause has been deployed in the 1032 system, but has been administratively 1033 disabled. Therefore, it MUST NOT be used in 1034 OAM&P Policies."; 1035 } 1036 enum "ready to be deployed" { 1037 description 1038 "This SUPAPolicyClause has been properly 1039 initialized, and is now ready to be deployed."; 1040 } 1041 enum "cannot be deployed" { 1042 description 1043 "This SUPAPolicyClause has been administratively 1044 disabled, and MUST NOT be used as part of 1045 an OAM&P policy."; 1046 } 1047 } 1048 mandatory true; 1049 description 1050 "This defines whether this SUPAPolicy has been 1051 deployed and, if so, whether it is enabled and 1052 ready to be used or not."; 1053 } 1054 leaf-list supa-has-policy-clause-part-ptr { 1055 type instance-identifier; 1056 must "derived-from-or-self (deref(.)/entity-class, 1057 'SUPA-HAS-POLICY-CLAUSE-ASSOC')"; 1058 min-elements 1; 1059 description 1060 "This leaf-list holds instance-identifiers that 1061 reference a SUPAHasPolicyClause association [1], 1062 and is represented by the grouping 1063 supa-has-policy-clause-detail. This association 1064 describes how each SUPAPolicyClause instance is 1065 related to this particular SUPAPolicyStructure 1066 instance. For example, this association may restrict 1067 which concrete subclasses of the SUPAPolicyStructure 1068 class can be associated with which contrete subclasses 1069 of the SUPAPolicyClause class. The set of 1070 SUPAPolicyClauses, identified by this leaf-list, 1071 define the content of this SUPAPolicyStructure. 1072 Since this association class contains attributes, the 1073 instance-identifier MUST point to an instance using 1074 the grouping supa-has-policy-clause-detail (which 1075 includes subclasses of this association class)."; 1076 } 1077 description 1078 "The parent class for all SUPA Policy Clauses. A 1079 SUPAPolicyClause is a fundamental building block for 1080 creating SUPA Policies. A SUPAPolicy is a set of 1081 statements, and a SUPAPolicyClause can be thought of as all 1082 or part of a statement. The Decorator pattern [1] is used, 1083 which enables the contents of a SUPAPolicyClause to be 1084 adjusted dynamically at runtime without affecting other 1085 objects of either type."; 1086 } 1087 identity POLICY-ENCODED-CLAUSE-TYPE { 1088 base POLICY-COMPONENT-CLAUSE-TYPE; 1089 description 1090 "The identity corresponding to a SUPAEncodedClause 1091 object instance."; 1092 } 1094 grouping supa-encoded-clause-type { 1095 uses supa-policy-clause-type { 1096 refine entity-class { 1097 default POLICY-ENCODED-CLAUSE-TYPE; 1098 } 1099 } 1100 leaf supa-encoded-clause-content { 1101 type string; 1102 mandatory true; 1103 description 1104 "This defines the content of this SUPAEncodedClause. 1105 Since the target is YANG, the supaEncodedClauseEncoding 1106 attribute is NOT required, and therefore, not mapped."; 1107 } 1108 leaf supa-encoded-clause-language { 1109 type enumeration { 1110 enum "error" { 1111 description 1112 "This signifies an error state. OAM&P Policies 1113 SHOULD NOT use this SUPAEncodedClause if the 1114 value of this attribute is error."; 1115 } 1116 enum "init" { 1117 description 1118 "This signifies an initialization state."; 1119 } 1120 enum "YANG" { 1121 description 1122 "This defines the language used in this 1123 SUPAEncodedClause as a type of YANG. 1124 Additional details may be provided by 1125 attaching a SUPAPolicyMetadata object to 1126 this SUPAEncodedClause object instance."; 1127 } 1128 enum "XML" { 1129 description 1130 "This defines the language as a type of XML. 1131 Additional details may be provided by 1132 attaching a SUPAPolicyMetadata object to 1133 this SUPAEncodedClause object instance."; 1134 } 1135 enum "TL1" { 1136 description 1137 "This defines the language as a type of 1138 Transaction Language 1. Additional details may 1139 be provided by attaching a SUPAPolicyMetadata 1140 object to this SUPAEncodedClause object 1141 instance."; 1142 } 1144 enum "Text" { 1145 description 1146 "This is a textual string that can be used to 1147 define a language choice that is not listed 1148 by a specific enumerated value. This string 1149 MUST be parsed by the policy system to 1150 identify the language being used. A 1151 SUPAPolicyMetadata object (represented as a 1152 supa-policy-metadata-type leaf) can be used to 1153 provide further details about the language"; 1154 } 1155 } 1156 mandatory true; 1157 description 1158 "Indicates the language used for this SUPAEncodedClause 1159 object instance. Prescriptive and/or descriptive 1160 information about the usage of this SUPAEncodedClause 1161 may be provided by one or more SUPAPolicyMetadata 1162 objects, which are each attached to the object 1163 instance of this SUPAEncodedClause."; 1164 } 1165 description 1166 "This class refines the behavior of the supa-policy-clause 1167 by encoding the contents of the clause into the attributes 1168 of this object. This enables clauses that are not based on 1169 other SUPA objects to be modeled. For example, a POLICY 1170 Application could define a CLI or YANG configuration 1171 snippet and encode that snipped into a SUPAEncodedClause. 1172 Note that a SUPAEncodedClause simply defines the content 1173 of the clause. In particular, it does NOT provide a 1174 response. The policy engine that is parsing and evaluating 1175 the SUPAPolicy needs to assign a response to any 1176 SUPAEncodedClause that it encounters."; 1177 } 1179 container supa-encoding-clause-container { 1180 description 1181 "This is a container to collect all object instances of 1182 type SUPAEncodedClause."; 1184 list supa-encoding-clause-list { 1185 key supa-policy-ID; 1186 uses supa-encoded-clause-type; 1187 description 1188 "A list of all instances of supa-encoding-clause-type. 1189 If a module defines subclasses of the encoding clause, 1190 those will be stored in a separate container."; 1191 } 1192 } 1194 identity POLICY-COMPONENT-TERM-TYPE { 1195 base POLICY-COMPONENT-DECORATOR-TYPE; 1196 description 1197 "The identity corresponding to a SUPAPolicyTerm object 1198 instance."; 1199 } 1201 grouping supa-policy-term-type { 1202 uses supa-policy-component-decorator-type { 1203 refine entity-class { 1204 default POLICY-COMPONENT-TERM-TYPE; 1205 } 1206 } 1207 leaf supa-policy-term-is-negated { 1208 type boolean; 1209 description 1210 "If the value of this attribute is true, then 1211 this particular term is negated."; 1212 } 1213 description 1214 "This is the superclass of all SUPA policy objects that are 1215 used to test or set the value of a variable. It does this 1216 by defining a {variable-operator-value} three-tuple, where 1217 each element of the three-tuple is defined by a concrete 1218 subclass of the appropriate type (e.g., SUPAPolicyVariable, 1219 SUPAPolicyOperator, or SUPAPolicyVariable)."; 1220 } 1222 identity POLICY-COMPONENT-VARIABLE-TYPE { 1223 base POLICY-COMPONENT-TERM-TYPE; 1224 description 1225 "The identity corresponding to a SUPAPolicyVariable 1226 object instance."; 1227 } 1229 grouping supa-policy-variable-type { 1230 uses supa-policy-term-type { 1231 refine entity-class { 1232 default POLICY-COMPONENT-VARIABLE-TYPE; 1233 } 1234 } 1235 leaf supa-policy-variable-name { 1236 type string; 1237 description 1238 "A human-readable name for this policy variable."; 1239 } 1240 description 1241 "This is one formulation of a SUPA Policy Clause. It uses 1242 the canonical form of an expression, which is a three-tuple 1243 in the form {variable, operator, value}. In this approach, 1244 each of the three terms can either be a subclass of the 1245 appropriate SUPAPolicyTerm class, or another object that 1246 plays the role (i.e., a variable) of that term. The 1247 attribute defined by the supa-policy-variable-name 1248 specifies the name of an attribute whose content should be 1249 compared to the value portion of a SUPAPolicyTerm, which is 1250 typically specified by a SUPAPolicyValue object."; 1251 } 1253 container supa-policy-variable-container { 1254 description 1255 "This is a container to collect all object instances of 1256 type SUPAPolicyVariable."; 1257 list supa-policy-variable-list { 1258 key supa-policy-ID; 1259 uses supa-policy-variable-type; 1260 description 1261 "List of all instances of supa-policy-variable-type. 1262 If a module defines subclasses of this class, 1263 those will be stored in a separate container."; 1264 } 1265 } 1267 identity POLICY-COMPONENT-OPERATOR-TYPE { 1268 base POLICY-COMPONENT-TERM-TYPE; 1269 description 1270 "The identity corresponding to a SUPAPolicyOperator 1271 object instance."; 1272 } 1274 grouping supa-policy-operator-type { 1275 uses supa-policy-term-type { 1276 refine entity-class { 1277 default POLICY-COMPONENT-OPERATOR-TYPE; 1278 } 1279 } 1280 leaf supa-policy-value-op-type { 1281 type enumeration { 1282 enum "error" { 1283 description 1284 "This signifies an error state."; 1285 } 1286 enum "init" { 1287 description 1288 "This signifies an initialization state."; 1289 } 1290 enum "greater than" { 1291 description 1292 "A greater-than operator."; 1293 } 1294 enum "greater than or equal to" { 1295 description 1296 "A greater-than-or-equal-to operator."; 1297 } 1298 enum "less than" { 1299 description 1300 "A less-than operator."; 1301 } 1302 enum "less than or equal to" { 1303 description 1304 "A less-than-or-equal-to operator."; 1305 } 1306 enum "equal to" { 1307 description 1308 "An equal-to operator."; 1309 } 1310 enum "not equal to"{ 1311 description 1312 "A not-equal-to operator."; 1313 } 1314 enum "IN" { 1315 description 1316 "An operator that determines whether a given 1317 value of a variable in a SUPAPolicyTerm 1318 matches a value in a SUPAPolicyTerm."; 1319 } 1320 enum "NOT IN" { 1321 description 1322 "An operator that determines whether a given 1323 variable in a SUPAPolicyTerm does not match 1324 any of the specified values in a 1325 SUPAPolicyTerm."; 1326 } 1327 enum "SET" { 1328 description 1329 "An operator that makes the value of the 1330 result equal to the input value."; 1331 } 1332 enum "CLEAR"{ 1333 description 1334 "An operator that sets the value of the 1335 specified object to a value that is 0 for 1336 integer datatypes, an empty string for 1337 textual datatypes, and FALSE for Boolean 1338 datatypes. This value MUST NOT be NULL."; 1339 } 1340 enum "BETWEEN" { 1341 description 1342 "An operator that determines whether a given 1343 value is within a specified range of values. 1344 Note that this is an inclusive operator."; 1345 } 1346 } 1347 mandatory true; 1348 description 1349 "The type of operator used to compare the variable 1350 and value portions of this SUPAPolicyTerm."; 1351 } 1352 description 1353 "This is one formulation of a SUPA Policy Clause. It uses 1354 the canonical form of an expression, which is a three-tuple 1355 in the form {variable, operator, value}. In this approach, 1356 each of the three terms can either be a subclass of the 1357 appropriate SUPAPolicyTerm class, or another object that 1358 plays the role (i.e., an operator) of that term. 1359 The value of the supa-policy-value-op-type attribute 1360 specifies an operator that SHOULD be used to compare the 1361 variable and value portions of a SUPAPolicyTerm. This is 1362 typically specified by a SUPAPolicyOperator object."; 1363 } 1365 container supa-policy-operator-container { 1366 description 1367 "This is a container to collect all object instances of 1368 type SUPAPolicyOperator."; 1369 list supa-policy-operator-list { 1370 key supa-policy-ID; 1371 uses supa-policy-operator-type; 1372 description 1373 "List of all instances of supa-policy-operator-type. 1374 If a module defines subclasses of this class, 1375 those will be stored in a separate container."; 1376 } 1377 } 1378 identity POLICY-COMPONENT-VALUE-TYPE { 1379 base POLICY-COMPONENT-TERM-TYPE; 1380 description 1381 "The identity corresponding to a SUPAPolicyValue 1382 object instance."; 1383 } 1385 grouping supa-policy-value-type { 1386 uses supa-policy-term-type { 1387 refine entity-class { 1388 default POLICY-COMPONENT-VALUE-TYPE; 1389 } 1390 } 1391 leaf-list supa-policy-value-content { 1392 type string; 1393 description 1394 "The content of the value portion of this SUPA Policy 1395 Clause. The data type of the content is specified in 1396 the supa-policy-value-encoding attribute."; 1397 } 1398 leaf supa-policy-value-encoding { 1399 type policy-data-type-encoding-list; 1400 description 1401 "The data type of the supa-policy-value-content 1402 attribute."; 1403 } 1404 description 1405 "This is one formulation of a SUPA Policy Clause. It uses 1406 the canonical form of an expression, which is a three-tuple 1407 in the form {variable, operator, value}. In this approach, 1408 each of the three terms can either be a subclass of the 1409 appropriate SUPAPolicyTerm class, or another object that 1410 plays the role (i.e., a value) of that term. The 1411 attribute defined by supa-policy-value-content specifies a 1412 a value (which is typically specified by a subclass of 1413 SUPAPolicyVariable) that should be compared to a value in 1414 the variable portion of the SUPAPolicyTerm."; 1415 } 1417 container supa-policy-value-container { 1418 description 1419 "This is a container to collect all object instances of 1420 type SUPAPolicyValue."; 1421 list supa-policy-value-list { 1422 key supa-policy-ID; 1423 uses supa-policy-value-type; 1424 description 1425 "List of all instances of supa-policy-value-type. 1426 If a module defines subclasses of this class, 1427 those will be stored in a separate container."; 1428 } 1429 } 1430 identity POLICY-GENERIC-DECORATED-TYPE { 1431 base POLICY-COMPONENT-DECORATOR-TYPE; 1432 description 1433 "The identity corresponding to a 1434 SUPAGenericDecoratedComponent object instance."; 1435 } 1436 grouping supa-policy-generic-decorated-type { 1437 uses supa-policy-component-decorator-type { 1438 refine entity-class { 1439 default POLICY-GENERIC-DECORATED-TYPE; 1440 } 1441 } 1442 leaf-list supa-policy-generic-decorated-content { 1443 type string; 1444 description 1445 "The content of this SUPAGenericDecoratedComponent 1446 object instance. The data type of this attribute is 1447 specified in the leaf 1448 supa-policy-generic-decorated-encoding."; 1449 } 1450 leaf supa-policy-generic-decorated-encoding { 1451 type policy-data-type-encoding-list; 1452 description 1453 "The datatype of the 1454 supa-policy-generic-decorated-content attribute."; 1455 } 1456 description 1457 "This class enables a generic object to be defined and 1458 used as a decorator in a SUPA Policy Clause. This class 1459 should not be confused with the SUPAEncodedClause class. 1460 A SUPAGenericDecoratedComponent object represents a single, 1461 atomic object that defines a portion of the contents of a 1462 SUPAPolicyClause, whereas a SUPAPolicyEncodedClause 1463 represents the entire contents of a SUPAPolicyClause."; 1464 } 1466 container supa-policy-generic-decorated-container { 1467 description 1468 "This is a container to collect all object instances of 1469 type SUPAGenericDecoratedComponent."; 1470 list supa-encoding-clause-list { 1471 key supa-policy-ID; 1472 uses supa-policy-generic-decorated-type; 1473 description 1474 "List of all instances of 1475 supa-policy-generic-decorated-type. If a module 1476 defines subclasses of this class, those will be 1477 stored in a separate container."; 1478 } 1479 } 1480 identity POLICY-STRUCTURE-TYPE { 1481 base POLICY-OBJECT-TYPE; 1482 description 1483 "The identity corresponding to a SUPAPolicyStructure 1484 object instance."; 1485 } 1487 grouping supa-policy-structure-type { 1488 uses supa-policy-object-type { 1489 refine entity-class { 1490 default POLICY-STRUCTURE-TYPE; 1491 } 1492 } 1493 leaf supa-policy-admin-status { 1494 type enumeration { 1495 enum "error" { 1496 description 1497 "This signifies an error state. OAM&P Policies 1498 SHOULD NOT use this SUPAPolicy if the value 1499 of this attribute is error."; 1500 } 1501 enum "init" { 1502 description 1503 "This signifies an initialization state."; 1504 } 1505 enum "enabled" { 1506 description 1507 "This signifies that this SUPAPolicy has been 1508 administratively enabled."; 1509 } 1510 enum "disabled" { 1511 description 1512 "This signifies that this SUPAPolicy has been 1513 administratively disabled."; 1514 } 1515 enum "in test" { 1516 description 1517 "This signifies that this SUPAPolicy has been 1518 administratively placed into test mode, and 1519 SHOULD NOT be used as part of an operational 1520 policy rule."; 1521 } 1522 } 1523 mandatory true; 1524 description 1525 "The current admnistrative status of this SUPAPolicy."; 1526 } 1527 leaf supa-policy-continuum-level { 1528 type uint32; 1529 description 1530 "This is the current level of abstraction of this 1531 particular SUPAPolicyRule. By convention, the 1532 values 0 and 1 should be used for error and 1533 initialization states; a value of 2 is the most 1534 abstract level, and higher values denote more 1535 concrete levels."; 1536 } 1537 leaf supa-policy-deploy-status { 1538 type enumeration { 1539 enum "error" { 1540 description 1541 "This signifies an error state."; 1542 } 1543 enum "init" { 1544 description 1545 "This signifies an initialization state."; 1546 } 1547 enum "deployed and enabled" { 1548 description 1549 "This SUPAPolicy has been deployed in the 1550 system and is currently enabled."; 1551 } 1552 enum "deployed and in test" { 1553 description 1554 "This SUPAPolicy has been deployed in the 1555 system, but is currently in test and SHOULD 1556 NOT be used in OAM&P policies."; 1557 } 1558 enum "deployed but not enabled" { 1559 description 1560 "This SUPAPolicy has been deployed in the 1561 system, but has been administratively 1562 disabled."; 1563 } 1564 enum "ready to be deployed" { 1565 description 1566 "This SUPAPolicy has been properly initialized, 1567 and is now ready to be deployed."; 1568 } 1569 enum "cannot be deployed" { 1570 description 1571 "This SUPAPolicy has been administratively 1572 disabled, and SHOULD NOT be used as part of 1573 an OAM&P policy."; 1574 } 1575 } 1576 mandatory true; 1577 description 1578 "This attribute defines whether this SUPAPolicy has 1579 been deployed and, if so, whether it is enabled and 1580 ready to be used or not."; 1581 } 1582 leaf supa-policy-exec-fail-strategy { 1583 type enumeration { 1584 enum "error" { 1585 description 1586 "This signifies an error state."; 1587 } 1588 enum "init" { 1589 description 1590 "This signifies an initialization state."; 1591 } 1592 enum "rollback all" { 1593 description 1594 "This means that execution of this SUPAPolicy 1595 SHOULD be stopped, and rollback of all 1596 SUPAPolicyActions (whether they were 1597 successfully executed or not) performed by 1598 this particular SUPAPolicy is attempted. Also, 1599 all SUPAPolicies that otherwise would have 1600 been executed as a result of this SUPAPolicy 1601 SHOULD NOT be executed."; 1602 } 1603 enum "rollback single" { 1604 description 1605 "This means that execution of this SUPAPolicy 1606 SHOULD be stopped, and rollback is attempted 1607 for ONLY the SUPAPolicyAction (belonging to 1608 this particular SUPAPolicy) that failed to 1609 execute correctly. All remaining actions 1610 including SUPAPolicyActions and SUPAPolicies 1611 that otherwise would have been executed as a 1612 result of this SUPAPolicy, SHOULD NOT 1613 be executed."; 1614 } 1615 enum "stop execution" { 1616 description 1617 "This means that execution of this SUPAPolicy 1618 SHOULD be stopped without any other action 1619 being performed; this includes corrective 1620 actions, such as rollback, as well as any 1621 SUPAPolicyActions or SUPAPolicies that 1622 otherwise would have been executed."; 1623 } 1624 enum "ignore" { 1625 description 1626 "This means that any failures produced by this 1627 SUPAPolicy SHOULD be ignored, and hence, no 1628 corrective actions, such as rollback, will 1629 be performed at this time. Hence, any other 1630 SUPAPolicyActions or SUPAPolicies SHOULD 1631 continue to be executed."; 1632 } 1633 } 1634 mandatory true; 1635 description 1636 "This defines what actions, if any, should be taken by 1637 this particular SUPA Policy Rule if it fails to 1638 execute correctly. Some implementations may not be 1639 able to accommodate the rollback failure options; 1640 hence, these options may be skipped."; 1641 } 1642 leaf-list supa-has-policy-source-agg-ptr { 1643 type instance-identifier; 1644 must "derived-from-or-self (deref(.)/entity-class, 1645 'SUPA-HAS-POLICY-SOURCE-ASSOC')"; 1646 description 1647 "This leaf-list holds instance-identifiers that 1648 reference SUPAHasPolicySource associations [1]. 1649 This association is represented by the grouping 1650 supa-has-policy-source-detail, and describes how 1651 this SUPAPolicyStructure instance is related to a 1652 set of SUPAPolicySource instances. Each 1653 SUPAPolicySource instance defines a set of 1654 unambiguous sources of this SUPAPolicy. Since 1655 this association class contains attributes, the 1656 instance-identifier MUST point to an instance using 1657 the grouping supa-has-policy-source-detail (which 1658 includes subclasses of this association class)."; 1659 } 1660 leaf-list supa-has-policy-target-agg-ptr { 1661 type instance-identifier; 1662 must "derived-from-or-self (deref(.)/entity-class, 1663 'SUPA-HAS-POLICY-TARGET-ASSOC')"; 1664 description 1665 "This leaf-list holds instance-identifiers that 1666 reference SUPAHasPolicyTarget associations [1]. 1667 This association is represented by the grouping 1668 supa-has-policy-target-detail, and describes how 1669 this SUPAPolicyStructure instance is related to a 1670 set of SUPAPolicyTarget instances. 1672 Each SUPAPolicyTarget instance defines a set of 1673 unambiguous managed entities to which this 1674 SUPAPolicy will be applied to. Since this association 1675 class contains attributes, the instance-identifier 1676 MUST point to an instance using the grouping 1677 supa-has-policy-target-detail (which includes 1678 subclasses of this association class)."; 1679 } 1680 leaf-list supa-has-policy-clause-agg-ptr { 1681 type instance-identifier; 1682 must "derived-from-or-self (deref(.)/entity-class, 1683 'SUPA-HAS-POLICY-CLAUSE-ASSOC')"; 1684 description 1685 "This leaf-list holds instance-identifiers that 1686 reference SUPAHasPolicyClause associations [1]. This 1687 association is represented by the grouping 1688 supa-has-policy-clause-detail. This association 1689 describes how this particular SUPAPolicyStructure 1690 instance is related to this set of SUPAPolicyClause 1691 instances. Since this association class contains 1692 attributes, the instance-identifier MUST point to an 1693 instance using the supa-has-policy-clause-detail 1694 (which includes subclasses of this association 1695 class)."; 1696 } 1697 leaf-list supa-has-policy-exec-fail-action-agg-ptr { 1698 type instance-identifier; 1699 must "derived-from-or-self (deref(.)/entity-class, 1700 'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')"; 1701 description 1702 "This leaf-list holds instance-identifiers that 1703 reference a SUPAHasPolExecFailtActionToTake 1704 association [1]. This association is represented by 1705 the supa-has-policy-exec-action-detail grouping. This 1706 association relates this SUPAPolicyStructure instance 1707 (the parent) to one or more SUPAPolicyStructure 1708 instances (the children), where each child 1709 SUPAPolicyStructure contains one or more 1710 SUPAPolicyActions to be executed if the parent 1711 SUPAPolicyStructure instance generates an error while 1712 it is executing. Since this association class contains 1713 attributes, the instance-identifier MUST point to an 1714 instance using the grouping 1715 supa-has-policy-exec-action-detail (which includes 1716 subclasses of this association class)."; 1717 } 1718 leaf-list supa-has-policy-exec-fail-action-part-ptr { 1719 type instance-identifier; 1720 must "derived-from-or-self (deref(.)/entity-class, 1721 'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')"; 1722 min-elements 1; 1723 description 1724 "This leaf-list holds instance-identifiers that 1725 reference a SUPAHasPolExecFailtActionToTake 1726 association [1]. This association is represented by 1727 the supa-has-policy-exec-action-detail grouping. This 1728 association relates this SUPAPolicyStructure instance 1729 (the child) to another SUPAPolicyStructure instance 1730 (the parent). The child SUPAPolicyStructure contains 1731 one or more SUPAPolicyActions to be executed if the 1732 parent SUPAPolicyStructure instance generates an error 1733 while it is executing; the parent SUPAPolicyStructure 1734 contains one or more child SUPAPolicyStructure 1735 instances to enable it to choose how to handle each 1736 type of failure. Since this association class contains 1737 attributes, the instance-identifier MUST point to an 1738 instance using the grouping 1739 supa-has-policy-exec-action-detail (which includes 1740 subclasses of this association class)."; 1741 } 1742 description 1743 "A superclass for all objects that represent different types 1744 of SUPAPolicies. Currently, this is limited to a single 1745 type, which is the event-condition-action (ECA) Policy 1746 Rule. A SUPA Policy may be an individual policy, or a set 1747 of policies. Subclasses MAY support this feature by 1748 implementing the composite pattern."; 1749 } 1751 identity POLICY-SOURCE-TYPE { 1752 base POLICY-OBJECT-TYPE; 1753 description 1754 "The identity corresponding to a SUPAPolicySource 1755 object instance."; 1756 } 1758 grouping supa-policy-source-type { 1759 uses supa-policy-object-type { 1760 refine entity-class { 1761 default POLICY-SOURCE-TYPE; 1762 } 1763 } 1764 leaf-list supa-has-policy-source-part-ptr { 1765 type instance-identifier; 1766 must "derived-from-or-self (deref(.)/entity-class, 1767 'SUPA-HAS-POLICY-SOURCE-ASSOC')"; 1768 description 1769 "This leaf-list holds the instance-identifiers that 1770 reference a SUPAHasPolicySource association [1], which 1771 is represented by the supa-has-policy-source-detail 1772 grouping. This association describes how each 1773 SUPAPolicySource instance is related to this 1774 particular SUPAPolicyStructure instance. 1776 Since this association class contains attributes, the 1777 instance-identifier MUST point to an instance using 1778 the grouping supa-has-policy-source-detail (which 1779 includes subclasses of this association class)."; 1780 } 1781 description 1782 "This object defines a set of managed entities that 1783 authored, or are otherwise responsible for, this 1784 SUPAPolicy. Note that a SUPAPolicySource does NOT evaluate 1785 or execute SUPAPolicies. Its primary use is for 1786 auditability and the implementation of deontic logic (i.e., 1787 how concepts such as obligation and permission work) and/or 1788 alethic logic (i.e., how concepts such as necessity, 1789 possibility, and contigency work). It is expected that this 1790 grouping will be extended (i.e., subclassed) when used, so 1791 that the system an add specific information appropriate to 1792 sources of policy of that particular system."; 1793 } 1795 container supa-policy-source-container { 1796 description 1797 "This is a container to collect all object instances of 1798 type SUPAPolicySource."; 1799 list supa-policy-source-list { 1800 key supa-policy-ID; 1801 uses supa-policy-source-type; 1802 description 1803 "A list of all supa-policy-source instances in the 1804 system."; 1805 } 1806 } 1808 identity POLICY-TARGET-TYPE { 1809 base POLICY-OBJECT-TYPE; 1810 description 1811 "The identity corresponding to a SUPAPolicyTarget 1812 object instance."; 1813 } 1815 grouping supa-policy-target-type { 1816 uses supa-policy-object-type { 1817 refine entity-class { 1818 default POLICY-TARGET-TYPE; 1819 } 1820 } 1821 leaf-list supa-has-policy-target-part-ptr { 1822 type instance-identifier; 1823 must "derived-from-or-self (deref(.)/entity-class, 1824 'SUPA-HAS-POLICY-TARGET-ASSOC')"; 1825 description 1826 "This leaf-list holds instance-identifiers that 1827 reference a SUPAHasPolicyTarget association. This is 1828 represented by the supa-has-policy-target-detail 1829 grouping. This association describes how each 1830 SUPAPolicyTarget instance is related to a particular 1831 SUPAPolicyStructure instance. For example, this 1832 association may restrict which SUPAPolicyTarget 1833 instances can be used by which SUPAPolicyStructure 1834 instances. The SUPAPolicyTarget defines a 1835 set of managed entities that this SUPAPolicyStructure 1836 will be applied to. Since this association class 1837 contains attributes, the instance-identifier MUST 1838 point to an instance using the grouping 1839 supa-has-policy-target-detail (which 1840 includes subclasses of this association class)."; 1841 } 1842 description 1843 "This object defines a set of managed entities that a 1844 SUPAPolicy is applied to. It is expected that this 1845 grouping will be extended (i.e., subclassed) when used, 1846 so that the system can add specific information 1847 appropriate to policy targets of that particular system."; 1848 } 1850 container supa-policy-target-container { 1851 description 1852 "This is a container to collect all object instances of 1853 type SUPAPolicyTarget."; 1854 list supa-policy-target-list { 1855 key supa-policy-ID; 1856 uses supa-policy-target-type; 1857 description 1858 "A list of all supa-policy-target instances in the 1859 system."; 1860 } 1861 } 1863 identity POLICY-METADATA-TYPE { 1864 base SUPA-ROOT-TYPE; 1865 description 1866 "The identity corresponding to a SUPAPolicyMetadata 1867 object instance."; 1868 } 1870 grouping supa-policy-metadata-type { 1871 leaf entity-class { 1872 type identityref { 1873 base SUPA-ROOT-TYPE; 1874 } 1875 description 1876 "The identifier of the class of this grouping."; 1877 } 1878 leaf supa-policy-metadata-id { 1879 type string; 1880 mandatory true; 1881 description 1882 "This represents the object identifier of an instance 1883 of this class. This attribute is named 1884 supaPolMetadataIDContent in [1], and is used with 1885 another attribute (supaPolMetadataIDEncoding); since 1886 the YANG data model does not need this genericity, the 1887 supaPolMetadataIDContent attribute was renamed to 1888 supa-policy-metadata-id, and the 1889 supaPolMetadataIDEncoding attribute was not mapped."; 1890 } 1891 leaf supa-policy-metadata-description { 1892 type string; 1893 description 1894 "This contains a free-form textual description of this 1895 metadata object (e.g., what it may be used for)."; 1896 } 1897 leaf supa-policy-metadata-name { 1898 type string; 1899 description 1900 "This contains a human-readable name for this 1901 metadata object."; 1902 } 1903 leaf-list supa-has-policy-metadata-part-ptr { 1904 type instance-identifier; 1905 must "derived-from-or-self (deref(.)/entity-class, 1906 'SUPA-HAS-POLICY-METADATA-ASSOC')"; 1907 description 1908 "This leaf-list holds instance-identifiers that 1909 reference a SUPAHasPolicyMetadata association [1], 1910 which is represented by the grouping 1911 supa-has-policy-metadata-detail. Each instance- 1912 identifier defines a unique set of information that 1913 describe and/or prescribe additional information, 1914 provided by this SUPAPolicyMetadata instance, that can 1915 be associated with this SUPAPolicyObject instance. 1916 Multiple SUPAPolicyMetadata objects may be attached to 1917 a concrete subclass of the SUPAPolicyObject class that 1918 is referenced in this association by using the 1919 Decorator pattern [1]. For example, a 1920 SUPAPolicyVersionMetadataDef instance could wrap a 1921 SUPAECAPolicyRuleAtomic instance; this would define 1922 the version of this particular SUPAECAPolicyRuleAtomic 1923 instance. Since this association class contains 1924 attributes, the instance-identifier MUST point to an 1925 instance using the grouping 1926 supa-has-policy-metadata-detail (which includes 1927 subclasses of this association class)."; 1928 } 1929 leaf-list supa-has-policy-metadata-dec-part-ptr { 1930 type instance-identifier; 1931 must "derived-from-or-self (deref(.)/entity-class, 1932 'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')"; 1933 min-elements 1; 1934 description 1935 "This leaf-list holds instance-identifiers that 1936 reference a SUPAHasMetadaDecorator association [1]. 1937 This association is represented by the grouping 1938 supa-has-policy-metadata-dec-detail. This association 1939 describes how a SUPAPolicyMetadataDecorator instance 1940 wraps a given SUPAPolicyMetadata instance using the 1941 Decorator pattern [1]. Multiple concrete subclasses 1942 of SUPAPolicyMetadataDecorator may be used to wrap 1943 the same SUPAPolicyMetadata instance. Since this 1944 association class contains attributes, the 1945 instance-identifier MUST point to an instance using 1946 the grouping supa-has-policy-metadata-dec-detail (which 1947 includes subclasses of this association class)."; 1948 } 1949 description 1950 "This is the superclass of all metadata classes. Metadata 1951 is information that describes and/or prescribes the 1952 characteristics and behavior of another object that is 1953 not an inherent, distinguishing characteristics or 1954 behavior of that object."; 1955 } 1957 identity POLICY-METADATA-CONCRETE-TYPE { 1958 base POLICY-METADATA-TYPE; 1959 description 1960 "The identity corresponding to a SUPAPolicyConcreteMetadata 1961 object instance."; 1962 } 1964 grouping supa-policy-concrete-metadata-type { 1965 uses supa-policy-metadata-type { 1966 refine entity-class { 1967 default POLICY-METADATA-CONCRETE-TYPE; 1968 } 1969 } 1970 leaf supa-policy-metadata-valid-period-end { 1971 type yang:date-and-time; 1972 description 1973 "This defines the ending date and time that this 1974 metadata object is valid for."; 1975 } 1976 leaf supa-policy-metadata-valid-period-start { 1977 type yang:date-and-time; 1978 description 1979 "This defines the starting date and time that this 1980 metadata object is valid for."; 1981 } 1982 description 1983 "This is a concrete class that will be wrapped by concrete 1984 instances of the SUPA Policy Metadata Decorator class. It 1985 can be viewed as a container for metadata that will be 1986 attached to a subclass of SUPA Policy Object. It may 1987 contain all or part of one or more metadata subclasses."; 1988 } 1990 container supa-policy-concrete-metadata-container { 1991 description 1992 "This is a container to collect all object instances of 1993 type SUPAPolicyConcreteMetadata."; 1994 list supa-policy-concrete-metadata-list { 1995 key supa-policy-metadata-id; 1996 uses supa-policy-concrete-metadata-type; 1997 description 1998 "A list of all supa-policy-metadata instances in the 1999 system."; 2000 } 2001 } 2003 identity POLICY-METADATA-DECORATOR-TYPE { 2004 base POLICY-METADATA-TYPE; 2005 description 2006 "The identity corresponding to a 2007 SUPAPolicyMetadataDecorator object instance."; 2008 } 2010 grouping supa-policy-metadata-decorator-type { 2011 uses supa-policy-metadata-type { 2012 refine entity-class { 2013 default POLICY-METADATA-DECORATOR-TYPE; 2014 } 2015 } 2016 leaf supa-has-policy-metadata-dec-agg-ptr { 2017 type instance-identifier; 2018 must "derived-from-or-self (deref(.)/entity-class, 2019 'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')"; 2020 description 2021 "This leaf-list holds instance-identifiers that 2022 reference a SUPAHasMetadaDecorator association [1]. 2023 This association is represented by the grouping 2024 supa-has-policy-metadata-dec-detail. This association 2025 describes how a SUPAPolicyMetadataDecorator instance 2026 wraps a given SUPAPolicyMetadata instance 2028 using the Decorator pattern [1]. Multiple concrete 2029 subclasses of SUPAPolicyMetadataDecorator may be used 2030 to wrap the same SUPAPolicyMetadata instance. Since 2031 this association class contains attributes, the 2032 instance-identifier MUST point to an instance using 2033 the grouping supa-has-policy-metadata-dec-detail (which 2034 includes subclasses of this association class)."; 2035 } 2036 description 2037 "This object implements the Decorator pattern [1] for all 2038 SUPA metadata objects. This enables all or part of one or 2039 more metadata objects to wrap another concrete metadata 2040 object. The only concrete subclass of SUPAPolicyMetadata 2041 in this document is SUPAPolicyConcreteMetadata."; 2042 } 2044 identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { 2045 base POLICY-METADATA-DECORATOR-TYPE; 2046 description 2047 "The identity corresponding to a 2048 SUPAPolicyAccessMetadataDef object instance."; 2049 } 2051 grouping supa-policy-metadata-decorator-access-type { 2052 uses supa-policy-metadata-decorator-type { 2053 refine entity-class { 2054 default POLICY-METADATA-DECORATOR-ACCESS-TYPE; 2055 } 2056 } 2057 leaf supa-policy-metadata-access-priv-def { 2058 type enumeration { 2059 enum "error" { 2060 description 2061 "This signifies an error state. OAM&P Policies 2062 SHOULD NOT use this SUPAPolicyAccessMetadataDef 2063 if the value of this attribute is error."; 2064 } 2065 enum "init" { 2066 description 2067 "This signifies an initialization state."; 2068 } 2069 enum "read only" { 2070 description 2071 "This defines access as read only for ALL 2072 SUPAPolicyObject objects that are adorned 2073 with this SUPAPolicyAccessMetadataDef object. 2074 As such, an explicit access control model, 2075 such as RBAC [7], is NOT present."; 2076 } 2077 enum "read write" { 2078 description 2079 "This defines access as read and/or write for 2080 ALL SUPAPolicyObject objects that are adorned 2081 with this SUPAPolicyAccessMetadataDef object. 2082 As such, an explicit access control model, 2083 such as RBAC [7], is NOT present."; 2084 } 2085 enum "specified by MAC" { 2086 description 2087 "This uses an external Mandatory Access Control 2088 (MAC) [7] model to define access control for 2089 ALL SUPAPolicyObject objects that are adorned 2090 with this SUPAPolicyAccessMetadataDef object. 2091 The name and location of this access control 2092 model are specified, respectively, in the 2093 supa-policy-metadata-access-priv-model-name 2094 and supa-policy-metadata-access-priv-model-ref 2095 attributes of this SUPAPolicyAccessMetadataDef 2096 object."; 2097 } 2098 enum "specified by DAC" { 2099 description 2100 "This uses an external Discretionary Access 2101 Control (DAC) [7] model to define access 2102 control for ALL SUPAPolicyObject objects that 2103 are adorned with this 2104 SUPAPolicyAccessMetadataDef object. The name 2105 and location of this access control model are 2106 specified, respectively, in the 2107 supa-policy-metadata-access-priv-model-name 2108 and supa-policy-metadata-access-priv-model-ref 2109 attributes of this SUPAPolicyAccessMetadataDef 2110 object."; 2111 } 2112 enum "specified by RBAC" { 2113 description 2114 "This uses an external Role-Based Access Control 2115 (RBAC) [7] model to define access control for 2116 ALL SUPAPolicyObject objects that are adorned 2117 with this SUPAPolicyAccessMetadataDef object. 2118 The name and location of this access control 2119 model are specified, respectively, in the 2120 supa-policy-metadata-access-priv-model-name 2121 and supa-policy-metadata-access-priv-model-ref 2122 attributes of this SUPAPolicyAccessMetadataDef 2123 object."; 2124 } 2125 enum "specified by ABAC" { 2126 description 2127 "This uses an external Attribute-Based Access 2128 Control (ABAC) [8] model to define access 2129 control for ALL SUPAPolicyObject objects that 2130 are adorned with this 2131 SUPAPolicyAccessMetadataDef object. The name 2132 and location of this access control model are 2133 specified, respectively, in the 2134 supa-policy-metadata-access-priv-model-name 2135 and supa-policy-metadata-access-priv-model-ref 2136 attributes of this SUPAPolicyAccessMetadataDef 2137 object."; 2138 } 2139 enum "specified by custom" { 2140 description 2141 "This uses an external Custom Access Control 2142 model to define access control for ALL 2143 SUPAPolicyObject objects that are adorned 2144 with this SUPAPolicyAccessMetadataDef object. 2145 The name and location of this access control 2146 model are specified, respectively, in the 2147 supa-policy-metadata-access-priv-model-name 2148 and supa-policy-metadata-access-priv-model-ref 2149 attributes of this SUPAPolicyAccessMetadataDef 2150 object."; 2151 } 2152 } 2153 description 2154 "This defines the type of access control model that is 2155 used by this SUPAPolicyObject object instance."; 2156 } 2157 leaf supa-policy-metadata-access-priv-model-name { 2158 type string; 2159 description 2160 "This contains the name of the access control model 2161 being used. If the value of the 2162 supa-policy-metadata-access-priv-model-ref is 2163 error, then this SUPAPolicyAccessMetadataDef object 2164 MUST NOT be used. If the value of the 2165 supa-policy-metadata-access-priv-model-ref is init, 2166 then this SUPAPolicyAccessMetadataDef object has been 2167 properly initialized, and is ready to be used. If the 2168 value of the supa-policy-metadata-access-priv-model-ref 2169 is read only or read write, then the value of this 2170 attribute is not applicable (because a type of model 2171 is NOT being defined; instead, the access control for 2172 all SUPAPolicyObjects is being defined). 2174 Otherwise, the text in this class attribute SHOULD be 2175 interpreted according to the value of the 2176 supa-policy-metadata-access-priv-model-ref class 2177 attribute."; 2178 } 2179 leaf supa-policy-metadata-access-priv-model-ref { 2180 type enumeration { 2181 enum "error" { 2182 description 2183 "This signifies an error state. OAM&P Policies 2184 SHOULD NOT use this SUPAPolicyAccessMetadataDef 2185 object if the value of this attribute is 2186 error."; 2187 } 2188 enum "init" { 2189 description 2190 "This signifies an initialization state."; 2191 } 2192 enum "URI" { 2193 description 2194 "The access control model is referenced by 2195 this URI."; 2196 } 2197 enum "GUID" { 2198 description 2199 "The access control model is referenced by 2200 this GUID."; 2201 } 2202 enum "UUID" { 2203 description 2204 "The access control model is referenced by 2205 this UUID."; 2206 } 2207 enum "FQDN" { 2208 description 2209 "The access control model is referenced by 2210 this FQDN."; 2211 } 2212 enum "FQPN" { 2213 description 2214 "The access control model is referenced by 2215 this FQPN."; 2216 } 2217 enum "string_instance_id" { 2218 description 2219 "A string that is the canonical representation, 2220 in ASCII, of an instance ID of this object."; 2221 } 2222 } 2223 description 2224 "This defines the data type of the 2225 supa-policy-metadata-access-priv-model-name 2226 attribute."; 2227 } 2228 description 2229 "This is a concrete class that defines metadata for access 2230 control information that can be added to any 2231 SUPAPolicyObject object instance. 2232 This is done using the SUPAHasPolicyMetadata association 2233 in conjunction with the Decorator pattern [1]."; 2234 } 2236 container supa-policy-metadata-decorator-access-container { 2237 description 2238 "This is a container to collect all object instances of 2239 type SUPAPolicyAccessMetadataDef."; 2240 list supa-policy-metadata-decorator-access-list { 2241 key supa-policy-metadata-id; 2242 uses supa-policy-metadata-decorator-type; 2243 description 2244 "A list of all supa-policy-metadata-decorator-access 2245 instances in the system. Instances of subclasses 2246 will be in a separate list."; 2247 } 2248 } 2250 identity POLICY-METADATA-DECORATOR-VERSION-TYPE { 2251 base POLICY-METADATA-DECORATOR-TYPE; 2252 description 2253 "The identity corresponding to a 2254 SUPAPolicyVersionMetadataDef object instance."; 2255 } 2257 grouping supa-policy-metadata-decorator-version-type { 2258 uses supa-policy-metadata-decorator-type { 2259 refine entity-class { 2260 default POLICY-METADATA-DECORATOR-VERSION-TYPE; 2261 } 2262 } 2263 leaf supa-policy-metadata-version-major { 2264 type string; 2265 description 2266 "This contains a string representation of an integer 2267 that is greater than or equal to zero. It indicates 2268 that a significant increase in functionality is present 2269 in this version. It MAY also indicate that this version 2270 has changes that are NOT backwards-compatible (the 2271 supa-policy-metadata-version-build class attribute is 2272 used to denote such changes). The string 0.1.0 2273 defines an initial version that MUST NOT be considered 2274 stable. Improvements to this initial version are 2275 denoted by incrementing the minor and patch class 2276 attributes (supa-policy-metadata-version-major and 2277 supa-policy-metadata-version-patch, respectively). The 2278 major version X (i.e., X.y.z, where X > 0) MUST be 2279 incremented if any backwards-incompatible changes are 2280 introduced. It MAY include minor and patch level 2281 changes. The minor and patch version numbers MUST be 2282 reset to 0 when the major version number is 2283 incremented."; 2284 } 2285 leaf supa-policy-metadata-version-minor { 2286 type string; 2287 description 2288 "This contains a string representation of an integer 2289 that is greater than or equal to zero. It indicates 2290 that this release contains a set of features and/or 2291 bug fixes that MUST be backwards-compatible. The 2292 minor version Y (i.e., x.Y.z, where x > 0) MUST be 2293 incremented if new, backwards-compatible changes are 2294 introduced. It MUST be incremented if any features are 2295 marked as deprecated. It MAY be incremented if new 2296 functionality or improvements are introduced, and MAY 2297 include patch level changes. The patch version number 2298 MUST be reset to 0 when the minor version number is 2299 incremented."; 2300 } 2301 leaf supa-policy-metadata-version-patch { 2302 type string; 2303 description 2304 "This contains a string representation of an integer 2305 that is greater than or equal to zero. It indicates 2306 that this version contains ONLY bug fixes. The patch 2307 version Z (i.e., x.y.Z, where x > 0) MUST be 2308 incremented if new, backwards-compatible changes are 2309 introduced. A bug fix is defined as an internal change 2310 that fixes incorrect behavior."; 2311 } 2312 leaf supa-policy-metadata-version-prerelease { 2313 type string; 2314 description 2315 "This contains a string that defines the pre-release 2316 version. A pre-release version MAY be denoted by 2317 appending a hyphen and a series of dot-separated 2318 identifiers immediately following the patch version. 2319 Identifiers MUST comprise only ASCII alphanumerics and 2320 a hyphen. Identifiers MUST NOT be empty. Numeric 2321 identifiers MUST NOT include leading zeroes. 2322 Pre-release versions have a lower precedence than the 2323 associated normal version. A pre-release version 2324 indicates that the version is unstable and might not 2325 satisfy the intended compatibility requirements as 2326 denoted by its associated normal version. Examples 2327 include: 1.0.0-alpha and 1.0.0-0.3.7."; 2328 } 2329 leaf supa-policy-metadata-version-build { 2330 type string; 2331 description 2332 "This contains a string that defines the metadata of 2333 this build. Build metadata is optional. If present, 2334 build metadata MAY be denoted by appending a plus 2335 (+) sign to the version, followed by a series of 2336 dot-separated identifiers. This may follow either 2337 the patch or pre-release portions of the version. 2338 If build metadata is present, then any identifiers 2339 that it uses MUST be made up of only ASCII 2340 alphanumerics and a hyphen. The identifier portion of 2341 the build metadata MUST NOT be empty. Build metadata 2342 SHOULD be ignored when determining version precedence. 2343 Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1, 2344 1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85."; 2345 } 2346 description 2347 "This is a concrete class that defines metadata for version 2348 control information that can be added to any 2349 SUPAPolicyObject. This is done using the 2350 SUPAHasPolicyMetadata association. This class uses the 2351 Semantic Versioning Specification [6] as follows: 2352 ..[][] 2353 where the first three components (major, minor, and patch) 2354 MUST be present, and the latter two components (pre-release 2355 and build-metadata) MAY be present. A version number MUST 2356 take the form .., where , 2357 , and are each non-negative integers that 2358 MUST NOT contain leading zeros. In addition, the value of 2359 each of these three elements MUST increase numerically. 2360 In this approach, supaVersionMajor denotes a new release; 2361 supaVersionMinor denotes a minor release; supaVersionPatch 2362 denotes a version that consists ONLY of bug fixes. Version 2363 precedence MUST be calculated by separating the version 2364 into major, minor, patch, and pre-release identifiers, in 2365 that order. See [1] for more information."; 2366 } 2368 container supa-policy-metadata-decorator-version-container { 2369 description 2370 "This is a container to collect all object instances of 2371 type SUPAPolicyVersionMetadataDef."; 2372 list supa-policy-metadata-decorator-version-list { 2373 key supa-policy-metadata-id; 2374 uses supa-policy-metadata-decorator-type; 2375 description 2376 "A list of all supa-policy-metadata-decorator-version 2377 instances in the system. Instances of subclasses 2378 will be in a separate list."; 2379 } 2380 } 2382 identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE { 2383 base POLICY-OBJECT-TYPE; 2384 description 2385 "The identity corresponding to a 2386 SUPAHasPolicyMetadataDetail association class 2387 object instance."; 2388 } 2390 grouping supa-has-policy-metadata-detail { 2391 uses supa-policy-object-type { 2392 refine entity-class { 2393 default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE; 2394 } 2395 } 2396 leaf supa-has-policy-metadata-detail-agg-ptr { 2397 type instance-identifier; 2398 must "derived-from-or-self (deref(.)/entity-class, 2399 'POLICY-OBJECT-TYPE')"; 2400 description 2401 "This leaf is an instance-identifier that references 2402 the SUPAPolicyObject instance end point of the 2403 association represented by this instance of the 2404 SUPAHasPolicyMetadata association [1]. The groupings 2405 supa-policy-object-type and supa-policy-metadata-type 2406 represent the SUPAPolicyObject and SUPAPolicyMetadata 2407 classes, respectively. Thus, the instance identified 2408 by this leaf is the SUPAPolicyObject instance that is 2409 associated by this association to the set of 2410 SUPAPolicyMetadata instances referenced by the 2411 supa-has-policy-metadata-detail-part-ptr leaf of 2412 this grouping."; 2413 } 2414 leaf supa-has-policy-metadata-detail-part-ptr { 2415 type instance-identifier; 2416 must "derived-from-or-self (deref(.)/entity-class, 2417 'POLICY-METADATA-TYPE')"; 2418 description 2419 "This leaf is an instance-identifier that references 2420 the SUPAPolicyMetadata instance end point of the 2421 association represented by this instance of the 2422 SUPAHasPolicyMetadata association [1]. The groupings 2423 supa-policy-object-type and supa-policy-metadata-type 2424 represents the SUPAPolicyObject and SUPAPolicyMetadata 2425 classes, respectively. Thus, the instance 2426 identified by this leaf is the SUPAPolicyMetadata 2427 instance that is associated by this association to 2428 the set of SUPAPolicyObject instances referenced by 2429 the supa-has-policy-metadata-detail-agg-ptr leaf of 2430 this grouping."; 2431 } 2433 leaf supa-policy-metadata-detail-is-applicable { 2434 type boolean; 2435 description 2436 "This attribute controls whether the associated 2437 metadata is currently considered applicable to this 2438 SUPAPolicyObject; this enables metadata to be turned 2439 on and off when needed without disturbing the 2440 structure of the object that the metadata applies to, 2441 or affecting other objects in the system."; 2442 } 2443 leaf-list supa-policy-metadata-detail-constraint { 2444 type string; 2445 description 2446 "A list of constraints, expressed as strings, in 2447 the language defined by the 2448 supa-policy-metadata-detail-encoding attribute. 2449 If there are no constraints on using this 2450 SUPAPolicyMetadata object with this particular 2451 SUPAPolicyObject object, then this leaf-list will 2452 consist of a list of a single null string."; 2453 } 2454 leaf supa-policy-metadata-detail-constraint-encoding { 2455 type policy-constraint-language-list; 2456 description 2457 "The language used to encode the constraints relevant 2458 to the relationship between the SUPAPolicyMetadata 2459 object and the underlying SUPAPolicyObject."; 2460 } 2461 description 2462 "This is a concrete association class that defines the 2463 semantics of the SUPAHasPolicyMetadata association. This 2464 enables the attributes and relationships of the 2465 SUPAHasPolicyMetadataDetail class to be used to constrain 2466 which SUPAPolicyMetadata objects can be associated by 2467 this particular SUPAPolicyObject instance."; 2468 } 2470 container supa-policy-metadata-detail-container { 2471 description 2472 "This is a container to collect all object instances of 2473 type SUPAPolicyMetadataDetail."; 2474 list supa-policy-metadata-detail-list { 2475 key supa-policy-ID; 2476 uses supa-has-policy-metadata-detail; 2477 description 2478 "This is a list of all supa-policy-metadata-detail 2479 instances in the system. Instances of subclasses 2480 will be in a separate list. Note that this association 2481 class is made concrete for exemplary purposes. To be 2482 useful, it almost certainly needs refinement."; 2483 } 2484 } 2486 identity SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC { 2487 base POLICY-COMPONENT-TYPE; 2488 description 2489 "The identity corresponding to a 2490 SUPAHasDecoratedPolicyComponentDetail association class 2491 object instance."; 2492 } 2494 grouping supa-has-decorator-policy-component-detail { 2495 uses supa-policy-object-type { 2496 refine entity-class { 2497 default SUPA-HAS-POLICY-COMPONENT-DECORATOR-ASSOC; 2498 } 2499 } 2500 leaf supa-has-policy-component-decorator-agg-ptr { 2501 type instance-identifier; 2502 must "derived-from-or-self (deref(.)/entity-class, 2503 'POLICY-COMPONENT-DECORATOR-TYPE')"; 2504 description 2505 "This leaf is an instance-identifier that references 2506 the SUPAPolicyComponentDecorator instance end point of 2507 the association represented by this instance of the 2508 SUPAHasDecoratedPolicyComponent association [1]. The 2509 groupings supa-policy-component-decorator-type and 2510 supa-policy-component-structure-type represent the 2511 SUPAPolicyComponentDecorator and 2512 SUPAPolicyComponentStructure classes, respectively. 2513 Thus, the instance identified by this leaf is the 2514 SUPAPolicyComponentDecorator instance that is 2515 associated by this association to the set of 2516 SUPAPolicyComponentStructure instances referenced by 2517 the supa-has-policy-component-decorator-part-ptr leaf 2518 of this grouping."; 2519 } 2520 leaf supa-has-policy-component-decorator-part-ptr { 2521 type instance-identifier; 2522 must "derived-from-or-self (deref(.)/entity-class, 2523 'POLICY-COMPONENT-TYPE')"; 2524 description 2525 "This leaf is an instance-identifier that references 2526 the SUPAPolicyComponentStructure instance end point of 2527 the association represented by this instance of the 2528 SUPAHasDecoratedPolicyComponent association [1]. 2530 The groupings supa-policy-component-decorator-type and 2531 supa-policy-component-structure-type represent the 2532 SUPAPolicyComponentDecorator and 2533 SUPAPolicyComponentStructure classes, respectively. 2534 Thus, the instance identified by this leaf is the 2535 SUPAPolicyComponentStructure instance that is 2536 associated by this association to the set of 2537 SUPAPolicyComponentStructure instances referenced by 2538 the supa-has-policy-component-decorator-agg-ptr leaf 2539 of this grouping."; 2540 } 2541 leaf-list supa-has-decorator-constraint { 2542 type string; 2543 description 2544 "A constraint expression applying to this association 2545 between a SUPAPolicyComponentDecorator and the 2546 decorated component (which is a concrete subclass of 2547 the SUPAPolicyComponentStructure class, such as 2548 SUPAEncodedClause or SUPABooleanClauseAtomic). The 2549 supa-has-decorator-constraint-encoding attribute 2550 specifies the language used to write the set of 2551 constraint expressions."; 2552 } 2553 leaf supa-has-decorator-constraint-encoding { 2554 type policy-constraint-language-list; 2555 description 2556 "The language used to encode the constraints relevant 2557 to the relationship between the 2558 SUPAPolicyComponentDecorator and the 2559 SUPAPolicyComponentStructure object instances."; 2560 } 2561 description 2562 "This is a concrete association class that defines the 2563 semantics of the SUPAHasDecoratedPolicyComponent 2564 association. The purpose of this class is to use the 2565 Decorator pattern [1] to detemine which 2566 SUPAPolicyComponentDecorator object instances, if any, 2567 are required to augment the functionality of a concrete 2568 subclass of SUPAPolicyClause that is being used."; 2569 } 2571 container supa-policy-component-decorator-detail-container { 2572 description 2573 "This is a container to collect all object instances of 2574 type SUPAPolicyComponentDecoratorDetail."; 2575 list supa-policy-component-decorator-detail-list { 2576 key supa-policy-ID; 2577 uses supa-has-decorator-policy-component-detail; 2578 description 2579 "This is a list of all 2580 supa-policy-component-decorator-details."; 2581 } 2582 } 2584 identity SUPA-HAS-POLICY-SOURCE-ASSOC { 2585 base POLICY-OBJECT-TYPE; 2586 description 2587 "The identity corresponding to a SUPAHasPolicySource 2588 association class object instance."; 2589 } 2591 grouping supa-has-policy-source-detail { 2592 uses supa-policy-object-type { 2593 refine entity-class { 2594 default SUPA-HAS-POLICY-SOURCE-ASSOC; 2595 } 2596 } 2597 leaf supa-has-policy-source-detail-agg-ptr { 2598 type instance-identifier; 2599 must "derived-from-or-self (deref(.)/entity-class, 2600 'POLICY-STRUCTURE-TYPE')"; 2601 description 2602 "This leaf is an instance-identifier that references 2603 a SUPAPolicyStructure instance end point of the 2604 association represented by this instance of the 2605 SUPAHasPolicySource association [1]. The grouping 2606 supa-has-policy-source-detail represents the 2607 SUPAHasPolicySourceDetail class. Thus, the instance 2608 identified by this leaf is the SUPAPolicyStructure 2609 instance that is associated by this association to the 2610 SUPAPolicySource instance referenced by the 2611 supa-has-policy-source-detail-part-ptr leaf of 2612 this grouping."; 2613 } 2614 leaf supa-has-policy-source-detail-part-ptr { 2615 type instance-identifier; 2616 must "derived-from-or-self (deref(.)/entity-class, 2617 'POLICY-SOURCE-TYPE')"; 2618 description 2619 "This leaf is an instance-identifier that references 2620 a SUPAPolicySource instance end point of the 2621 association represented by this instance of the 2622 SUPAHasPolicySource association [1]. The grouping 2623 supa-has-policy-source-detail represents the 2624 SUPAHasPolicySourceDetail class. Thus, the instance 2625 identified by this leaf is the SUPAPolicySource 2626 instance that is associated by this association to the 2627 SUPAPolicyStructure instance referenced by the 2628 supa-has-policy-source-detail-agg-ptr leaf of 2629 this grouping."; 2630 } 2631 leaf supa-policy-source-is-authenticated { 2632 type boolean; 2633 description 2634 "If the value of this attribute is true, then this 2635 SUPAPolicySource object has been authenticated by 2636 a policy engine or application that is executing this 2637 particular SUPAPolicyStructure object."; 2638 } 2639 leaf supa-policy-source-is-trusted { 2640 type boolean; 2641 description 2642 "If the value of this attribute is true, then this 2643 SUPAPolicySource object has been verified to be 2644 trusted by a policy engine or application that is 2645 executing this particular SUPAPolicyStructure object."; 2646 } 2647 description 2648 "This is an association class, and defines the semantics of 2649 the SUPAHasPolicySource association. The attributes and 2650 relationships of this class can be used to define which 2651 SUPAPolicySource objects can be attached to which 2652 particular set of SUPAPolicyStructure objects. Note that a 2653 SUPAPolicySource object is NOT responsible for evaluating 2654 or executing SUPAPolicies; rather, it identifies the set 2655 of entities that are responsible for managing this 2656 SUPAPolicySource object. Its primary uses are for 2657 auditability, as well as processing deontic logic. This 2658 object represents the semantics of associating a 2659 SUPAPolicySource to a SUPAPolicyTarget."; 2660 } 2662 container supa-policy-source-detail-container { 2663 description 2664 "This is a container to collect all object instances of 2665 type SUPAPolicySourceDetail."; 2666 list supa-policy-source-detail-list { 2667 key supa-policy-ID; 2668 uses supa-has-policy-source-detail; 2669 description 2670 "This is a list of all supa-policy-source-detail 2671 objects."; 2672 } 2673 } 2674 identity SUPA-HAS-POLICY-TARGET-ASSOC { 2675 base POLICY-OBJECT-TYPE; 2676 description 2677 "The identity corresponding to a SUPAHasPolicyTarget 2678 association class object instance."; 2679 } 2681 grouping supa-has-policy-target-detail { 2682 uses supa-policy-object-type { 2683 refine entity-class { 2684 default SUPA-HAS-POLICY-TARGET-ASSOC; 2685 } 2686 } 2687 leaf supa-has-policy-target-detail-agg-ptr { 2688 type instance-identifier; 2689 must "derived-from-or-self (deref(.)/entity-class, 2690 'POLICY-STRUCTURE-TYPE')"; 2691 description 2692 "This leaf is an instance-identifier that references 2693 a SUPAPolicyStructure instance end point of the 2694 association represented by this instance of the 2695 SUPAHasPolicyTarget association [1]. The grouping 2696 supa-has-policy-target-detail represents the 2697 SUPAHasPolicyTargetDetail class. Thus, the instance 2698 identified by this leaf is the SUPAPolicyStructure 2699 instance that is associated by this association to the 2700 SUPAPolicyTarget instance referenced by the 2701 supa-has-policy-target-detail-part-ptr leaf of 2702 this grouping."; 2703 } 2704 leaf supa-has-policy-target-detail-part-ptr { 2705 type instance-identifier; 2706 must "derived-from-or-self (deref(.)/entity-class, 2707 'POLICY-TARGET-TYPE')"; 2708 description 2709 "This leaf is an instance-identifier that references 2710 a SUPAPolicyTarget instance end point of the 2711 association represented by this instance of the 2712 SUPAHasPolicyTarget association [1]. The grouping 2713 supa-has-policy-target-detail represents the 2714 SUPAHasPolicyTargetDetail class. Thus, the instance 2715 identified by this leaf is the SUPAPolicyTarget 2716 instance that is associated by this association to the 2717 SUPAPolicyStructure instance referenced by the 2718 supa-has-policy-source-detail-agg-ptr leaf of 2719 this grouping."; 2720 } 2721 leaf supa-policy-target-is-authenticated { 2722 type boolean; 2723 description 2724 "If the value of this attribute is true, then this 2725 SUPAPolicyTarget object has been authenticated by 2726 a policy engine or application that is executing this 2727 particular SUPAPolicyStructure object."; 2728 } 2729 leaf supa-policy-target-is-enabled { 2730 type boolean; 2731 description 2732 "If the value of this attribute is true, then each 2733 SUPAPolicyTarget object that is referenced by this 2734 SUPAHasPolicyTarget aggregation is able to be used as 2735 a SUPAPolicyTarget by the SUPAPolicyStructure object 2736 that is referenced by this SUPAHasPolicyTarget 2737 aggregation. This means that this SUPAPolicyTarget has 2738 agreed to: 1) have SUPAPolicies applied to it, and 2) 2739 process (directly or with the aid of a proxy) one or 2740 more SUPAPolicies, or receive the results of a 2741 processed SUPAPolicy and apply those results to 2742 itself."; 2743 } 2744 description 2745 "This is an association class, and defines the semantics of 2746 the SUPAHasPolicyTarget association. The attributes and 2747 relationships of this class can be used to define which 2748 SUPAPolicyTarget objects can be attached to which 2749 particular set of SUPAPolicyStructure objects. Note that a 2750 SUPAPolicyTarget is used to identify a set of managed 2751 entities to which a SUPAPolicy should be applied; this 2752 object represents the semantics of applying a SUPAPolicy 2753 to a SUPAPolicyTarget."; 2754 } 2756 container supa-policy-target-detail-container { 2757 description 2758 "This is a container to collect all object instances of 2759 type SUPAPolicyTargetDetail."; 2760 list supa-policy-target-detail-list { 2761 key supa-policy-ID; 2762 uses supa-has-policy-target-detail; 2763 description 2764 "This is a list of all supa-policy-target-detail 2765 objects."; 2766 } 2767 } 2768 identity SUPA-HAS-POLICY-CLAUSE-ASSOC { 2769 base POLICY-OBJECT-TYPE; 2770 description 2771 "The identity corresponding to a SUPAHasPolicyClause 2772 association class object instance."; 2773 } 2775 grouping supa-has-policy-clause-detail { 2776 uses supa-policy-object-type { 2777 refine entity-class { 2778 default SUPA-HAS-POLICY-CLAUSE-ASSOC; 2779 } 2780 } 2781 leaf supa-has-policy-clause-detail-agg-ptr { 2782 type instance-identifier; 2783 must "derived-from-or-self (deref(.)/entity-class, 2784 'POLICY-STRUCTURE-TYPE')"; 2785 description 2786 "This leaf is an instance-identifier that references 2787 a concrete subclass of the SUPAPolicyStructure class 2788 end point of the association represented by this 2789 instance of the SUPAHasPolicyClause association [1]. 2790 The grouping supa-has-policy-clause-detail represents 2791 the SUPAHasPolicyClauseDetail association class. Thus, 2792 the instance identified by this leaf is the 2793 SUPAPolicyStructure instance that is associated by 2794 this association to the set of SUPAPolicyClause 2795 instances referenced by the 2796 supa-has-policy-clause-detail-part-ptr leaf of this 2797 grouping."; 2798 } 2799 leaf supa-has-policy-clause-detail-part-ptr { 2800 type instance-identifier; 2801 must "derived-from-or-self (deref(.)/entity-class, 2802 'POLICY-CLAUSE-TYPE')"; 2803 description 2804 "This leaf is an instance-identifier that references 2805 a concrete subclass of the SUPAPolicyClause class 2806 end point of the association represented by this 2807 instance of the SUPAHasPolicyClause association [1]. 2808 The grouping supa-has-policy-clause-detail represents 2809 the SUPAHasPolicyClauseDetail association class. Thus, 2810 the instance identified by this leaf is the 2811 SUPAPolicyClause instance that is associated by this 2812 association to the set of SUPAPolicyStructure 2813 instances referenced by the 2814 supa-has-policy-clause-detail-agg-ptr leaf of this 2815 grouping."; 2816 } 2817 description 2818 "This is an association class, and defines the semantics of 2819 the SUPAHasPolicyClause association. The attributes and 2820 relationships of this class can be used to define which 2821 SUPAPolicyTarget objects can be used by which particular 2822 set of SUPAPolicyStructure objects. Every 2823 SUPAPolicyStructure instance MUST aggregate at 2824 least one SUPAPolicyClause instance. However, the 2825 converse is NOT true. For example, a SUPAPolicyStructure 2826 instance MUST aggregate at least one SUPAPolicyClause 2827 instance. However, a SUPAPolicyClause object could be 2828 instantiated and then stored for later use in a policy 2829 repository."; 2830 } 2832 container supa-policy-clause-detail-container { 2833 description 2834 "This is a container to collect all object instances of 2835 type SUPAPolicyClauseDetail."; 2836 list supa-policy-clause-detail-list { 2837 key supa-policy-ID; 2838 uses supa-has-policy-clause-detail; 2839 description 2840 "This is a list of all supa-policy-clause-detail 2841 objects."; 2842 } 2843 } 2845 identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { 2846 base POLICY-OBJECT-TYPE; 2847 description 2848 "The identity corresponding to a 2849 SUPAHasPolExecFailActionToTake association class 2850 object instance."; 2851 } 2853 grouping supa-has-policy-exec-action-detail { 2854 uses supa-policy-object-type { 2855 refine entity-class { 2856 default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; 2857 } 2858 } 2859 leaf supa-has-exec-fail-action-detail-agg-ptr { 2860 type instance-identifier; 2861 must "derived-from-or-self (deref(.)/entity-class, 2862 'POLICY-STRUCTURE-TYPE')"; 2863 description 2864 "This leaf is an instance-identifier that references 2865 a SUPAPolicyStructure instance end point of the 2866 association represented by this instance of the 2867 SUPAHasPolExecFailActionToTake association [1] that 2868 was executing a SUPAPolicy. This SUPAPolicyStructure 2869 is referred to as the 'parent' SUPAPolicyStructure 2870 instance, while the other instance end point of this 2871 association is called the 'child' SUPAPolicyStructure. 2872 The grouping supa-policy-structure-type represents the 2873 SUPAPolicyStructure class. Thus, the instance 2874 identified by this leaf is the parent 2875 SUPAPolicyStructure instance that is associated by this 2876 association to the child SUPAPolicyStructure instance 2877 referenced by the 2878 supa-has-exec-fail-action-detail-part-ptr leaf of this 2879 grouping."; 2880 } 2881 leaf supa-has-exec-fail-action-detail-part-ptr { 2882 type instance-identifier; 2883 must "derived-from-or-self (deref(.)/entity-class, 2884 'POLICY-STRUCTURE-TYPE')"; 2885 description 2886 "This leaf is an instance-identifier that references 2887 a SUPAPolicyStructure instance end point of the 2888 association represented by this instance of the 2889 SUPAHasPolExecFailActionToTake association [1] that 2890 was NOT currently executing a SUPAPolicy. This 2891 SUPAPolicyStructure is referred to as the 'child' 2892 SUPAPolicyStructure instance, while the other instance 2893 end point of this association is called the 'parent' 2894 SUPAPolicyStructure. The grouping 2895 supa-policy-structure-type represents the 2896 SUPAPolicyStructure class. Thus, the instance 2897 identified by this leaf is the child 2898 SUPAPolicyStructure instance that is associated by 2899 this association to the child SUPAPolicyStructure 2900 instance referenced by the 2901 supa-has-exec-fail-action-detail-part-ptr leaf of 2902 this grouping."; 2903 } 2904 leaf-list supa-policy-exec-fail-take-action-name { 2905 type string; 2906 description 2907 "This is a list that contains the set of names for 2908 SUPAPolicyActions to use if the SUPAPolicyStructure 2909 object that owns this association failed to execute 2910 properly. This association defines a set of child 2911 SUPAPolicyStructure objects to use if this (the parent) 2912 SUPAPolicyStructure object fails to execute correctly. 2913 Each child SUPAPolicyStructure object has one or more 2914 SUPAPolicyActions; this attribute defines the name(s) 2915 of each SUPAPolicyAction in each child 2916 SUPAPolicyStructure that should be used to try and 2917 remediate the failure."; 2918 } 2919 description 2920 "This is an association class, and defines the semantics of 2921 the SUPAHasPolExecFailTakeAction association. The 2922 attributes and relationships of this class can be used to 2923 determine which SUPAPolicyAction objects are executed in 2924 response to a failure of the SUPAPolicyStructure object 2925 instance that owns this association."; 2926 } 2928 container supa-policy-exec-fail-take-action-detail-container { 2929 description 2930 "This is a container to collect all object instances of 2931 type SUPAPolExecFailActionToTakeDetail."; 2932 list supa-policy-exec-fail-take-action-detail-list { 2933 key supa-policy-ID; 2934 uses supa-has-policy-exec-action-detail; 2935 description 2936 "This is a list of all 2937 supa-has-policy-exec-action-detail objects."; 2938 } 2939 } 2941 identity SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC { 2942 base POLICY-METADATA-TYPE; 2943 description 2944 "The identity corresponding to a 2945 SUPAHasMetadataDecoratorDetail association class 2946 object instance."; 2947 } 2949 grouping supa-has-policy-metadata-dec-detail { 2950 uses supa-policy-metadata-type { 2951 refine entity-class { 2952 default SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC; 2953 } 2954 } 2955 leaf supa-has-policy-metadata-detail-dec-agg-ptr { 2956 type instance-identifier; 2957 must "derived-from-or-self (deref(.)/entity-class, 2958 'POLICY-METADATA-TYPE')"; 2959 description 2960 "This leaf is an instance-identifier that references 2961 a SUPAPolicyMetadataDecorator instance end point of 2962 the association represented by this instance of the 2963 SUPAHasMetadataDecorator association [1]. The 2964 grouping supa-has-policy-metadata-detail represents 2965 the SUPAHasMetadataDecoratorDetail association class. 2967 Thus, the instance identified by this leaf is the 2968 SUPAPolicyMetadataDecorator instance that is 2969 associated by this association to the set of 2970 SUPAPolicyMetadata instances referenced by the 2971 supa-has-policy-metadata-detail-dec-part-ptr leaf of 2972 this grouping."; 2973 } 2974 leaf supa-has-policy-metadata-detail-dec-part-ptr { 2975 type instance-identifier; 2976 must "derived-from-or-self (deref(.)/entity-class, 2977 'POLICY-METADATA-TYPE')"; 2978 description 2979 "This leaf is an instance-identifier that references 2980 a SUPAPolicyMetadata instance end point of the 2981 association represented by this instance of the 2982 SUPAHasMetadataDecorator association [1]. The 2983 grouping supa-has-policy-metadata-detail represents 2984 the SUPAHasMetadataDecoratorDetail association class. 2985 Thus, the instance identified by this leaf is the 2986 SUPAPolicyMetadata instance that is associated by 2987 this association to the set of 2988 SUPAPolicyMetadataDecorator instances referenced by 2989 the supa-has-policy-metadata-detail-dec-agg-ptr leaf 2990 of this grouping."; 2991 } 2992 description 2993 "This is an association class, and defines the semantics of 2994 the SUPAHasMetadataDecorator association. The attributes 2995 and relationships of this class can be used to define which 2996 concrete subclasses of the SUPAPolicyMetadataDecorator 2997 class can be used to wrap which concrete subclasses of the 2998 SUPAPolicyMetadata class."; 2999 } 3001 container supa-policy-metadata-decorator-detail-container { 3002 description 3003 "This is a container to collect all object instances of 3004 type SUPAHasMetadaDecoratorDetail."; 3005 list supa-policy-metadata-decorator-detail-list { 3006 key supa-policy-metadata-id; 3007 uses supa-has-policy-metadata-dec-detail; 3008 description 3009 "This is a list of all supa-policy-metadata-detail 3010 objects."; 3011 } 3012 } 3013 } 3015 3016 6. IANA Considerations 3018 No IANA considerations exist for this document. 3020 7. Security Considerations 3022 TBD 3024 8. Acknowledgments 3026 This document has benefited from reviews, suggestions, comments 3027 and proposed text provided by the following members, listed in 3028 alphabetical order: 3030 Andy Bierman 3031 Benoit Claise 3032 Berndt Zeuner 3033 Martin Bjorklund 3034 Qin Wu 3036 9. References 3038 This section defines normative and informative references for this 3039 document. 3041 9.1. Normative References 3043 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3044 Requirement Levels", BCP 14, RFC 2119, March 1997. 3045 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for 3046 the Network Configuration Protocol (NETCONF)", 3047 RFC 6020, October 2010. 3048 [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, 3049 July 2013. 3050 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling 3051 Language", August 2016. 3053 9.2. Informative References 3055 [1] Strassner, J., Halpern, J., Coleman, J., "Generic 3056 Policy Information Model for Simplified Use of Policy 3057 Abstractions (SUPA)", Jan 18, 2017, 3058 draft-ietf-supa-generic-policy-info-model-02 3059 [2] http://www.omg.org/spec/OCL/ 3060 [3] http://doc.omg.org/formal/2002-04-03.pdf 3061 [4] http://alloy.mit.edu/alloy/ 3062 [5] http://www.omg.org/spec/QVT/ 3064 [6] http://semver.org/ 3065 [7] Definitions of DAC, MAC, and RBAC may be found here: 3066 http://csrc.nist.gov/groups/SNS/rbac/faq.html#03 3067 [8] ABAC is described here: 3068 http://csrc.nist.gov/groups/SNS/rbac/index.html 3070 Authors' Addresses 3072 Joel Halpern 3073 Ericsson 3074 P. O. Box 6049 3075 Leesburg, VA 20178 3076 Email: joel.halpern@ericsson.com 3078 John Strassner 3079 Huawei Technologies 3080 2330 Central Expressway 3081 Santa Clara, CA 95138 USA 3082 Email: john.sc.strassner@huawei.com 3084 Sven van der Meer 3085 LM Ericsson Ltd. 3086 Ericsson Software Campus 3087 Garrycastle 3088 Athlone 3089 N37 PV44 3090 Ireland 3091 Email: sven.van.der.meer@ericsson.com