idnits 2.17.1 draft-ietf-supa-generic-policy-data-model-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 88 instances of too long lines in the document, the longest one being 14 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 18, 2017) is 2476 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC7950' is defined on line 3425, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 3434, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 3437, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 3438, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 3439, but no explicit reference was found in the text == Unused Reference: '7' is defined on line 3440, but no explicit reference was found in the text == Unused Reference: '8' is defined on line 3442, but no explicit reference was found in the text Summary: 1 error (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group J. Halpern 2 Internet-Draft Ericsson 3 Intended status: Informational J. Strassner 4 Expires: December 20, 2017 Huawei Technologies 5 S. Van der Meer 6 Ericsson 7 June 18, 2017 9 Generic Policy Data Model for 10 Simplified Use of Policy Abstractions (SUPA) 11 draft-ietf-supa-generic-policy-data-model-04 13 Abstract 15 This document defines two YANG policy data modules. The first is a 16 generic policy model that is meant to be extended on an application- 17 specific basis. The second is an exemplary extension of the first 18 generic policy model, and defines rules as event-condition-action 19 policies. Both models are independent of the level of abstraction of 20 the content and meaning of a policy. 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current 30 Internet-Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six 33 months and may be updated, replaced, or obsoleted by other 34 documents at any time. It is inappropriate to use Internet-Drafts 35 as reference material or to cite them other than as "work in 36 progress." 38 This Internet-Draft will expire on June 18, 2017. 40 Copyright Notice 42 Copyright (c) 2017 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with 50 respect to this document. Code Components extracted from this 51 document must include Simplified BSD License text as described in 52 Section 4.e of the Trust Legal Provisions and are provided 53 without warranty as described in the Simplified BSD License. 55 Table of Contents 57 1. Overview ....................................................... 2 58 2. Conventions Used in This Document .............................. 2 59 3. Terminology .................................................... 3 60 3.1. Acronyms ................................................. 3 61 3.2. Definitions .............................................. 3 62 3.3. Symbology ................................................ 5 63 4. Design of the SUPA Policy Data Models ......................... 5 64 4.1. Objectives ............................................... 5 65 4.2 Yang Data Model Maintenance ................................ 6 66 4.3 YANG Data Model Overview ................................... 6 67 4.4. YANG Tree Diagram ........................................ 7 68 5. SUPA Policy Data Model YANG Module ............................ 12 69 6. IANA Considerations ........................................... 69 70 7. Security Considerations ....................................... 69 71 8. Acknowledgments ............................................... 69 72 9. References .................................................... 69 73 9.1. Normative References ..................................... 69 74 9.2. Informative References ................................... 69 75 Authors' Addresses ................................................ 70 77 1. Overview 79 This document defines two YANG [RFC6020] [RFC6991] policy data 80 models. The first is a generic policy model that is meant to be 81 extended on an application-specific basis. It is derived from the 82 Generic Policy Information Model (GPIM) defined in [1]. The second 83 is an exemplary extension of the first (generic policy) model, and 84 defines policy rules as event-condition-action tuples. Both models 85 are independent of the level of abstraction of the content and 86 meaning of a policy. 88 The GPIM defines a common framework as a set of model elements 89 (e.g., classes, attributes, and relationships) that specify a 90 common set of policy management concepts that are independent of the 91 type of policy (e.g., imperative, procedural, declarative, or 92 otherwise). The first YANG data model is a translation of the GPIM 93 to a YANG module. The ECA Policy Rule Information Model (EPRIM), 94 also defined in [1], extends the GPIM to represent policy rules that 95 use the Event-Condition-Action (ECA) paradigm. The second YANG data 96 model maps the EPRIM to YANG. The second YANG data model MAY be 97 used to augment the functionality of the first YANG data model. 99 2. Conventions Used in This Document 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 103 this document are to be interpreted as described in [RFC2119]. In 104 this document, these words will appear with that interpretation 105 only when in ALL CAPS. Lower case uses of these words are not to 106 be interpreted as carrying [RFC2119] significance. 108 3. Terminology 110 This section defines acronyms, terms, and symbology used in the 111 rest of this document. 113 3.1. Acronyms 115 CNF Conjunctive Normal Form 116 DNF Disjunctive Normal Form 117 ECA Event-Condition-Action 118 EPRIM (SUPA) ECA Policy Rule Information Model [1] 119 FQDN Fully Qualified Domain Name 120 FQPN Fully Qualified Path Name 121 GPIM (SUPA) Generic Policy Information Model [1] 122 GUID Globally Unique IDentifier 123 NETCONF Network Configuration protocol 124 OAM&P Operations, Administration, Management, and Provisioning 125 OCL Object Constraint Language {2] [3] 126 OID Object IDentifier 127 SUPA Simplified Use of Policy Abstractions 128 UML Unified Modeling Language 129 URI Uniform Resource Identifier 130 UUID Universally Unique IDentifier 132 3.2. Definitions 134 Action: a set of activities that have a set of associated behavior. 136 Boolean Clause: a logical statement that evaluates to either TRUE 137 or FALSE. Also called Boolean Expression. 139 Condition: a set of attributes, features, and/or values that are to 140 be compared with a set of known attributes, features, and/or 141 values in order to make a decision. A Condition, when used in 142 the context of a Policy Rule, is used to determine whether or not 143 the set of Actions in that Policy Rule can be executed or not. 145 Constraint: A constraint is a limitation or restriction. 146 Constraints may be added to any type of object (e.g., events, 147 conditions, and actions in Policy Rules). 149 Data Model: a data model is a representation of concepts of 150 interest to an environment in a form that is dependent on data 151 repository, data definition language, query language, 152 implementation language, and protocol (typically one or more of 153 these). This definition is taken from [1]. 155 ECA: Event - Condition - Action (a type of policy). 157 Event: an Event is defined as any important occurrence in time in 158 the system being managed, and/or in the environment of the system 159 being managed. An Event may represent the changing or maintaining 160 of the state of a managed object. An Event, when used in the 161 context of a Policy Rule, is used to determine whether the 162 Condition clause of an imperative (i.e., ECA) Policy Rule can be 163 evaluated or not. 165 FQPN (FUlly Qualified Path Name) 166 The specification of a path to a file in a system that 167 unambiguously resolves to only that specific file. In this 168 sense, "fully qualified" is independent of context. However, 169 in a distributed system, it may be dependent on the specific 170 format of an operating system. Hence, implementations should 171 consider such issues before allowing the use of FQPNs. 173 Information Model: an information model is a representation of 174 concepts of interest to an environment in a form that is 175 independent of data repository, data definition language, query 176 language, implementation language, and protocol. This definition 177 is taken from [1]. 179 Metadata: metadata is data that provides descriptive and/or 180 prescriptive information about the object(s) to which it is 181 associated. This enables structure and content of the object(s) 182 to which it applies, as well as usage and other information, to 183 be represented in an extensible manner. It avoids "burying" 184 common information in specific classes, and increases reuse. 186 SUPAPolicy: A SUPAPolicy is, in this version of this document, an ECA 187 policy rule that MUST contain an ECA policy rule, SHOULD contain 188 one or more SUPAPolicyMetadata objects, and MAY contain other 189 elements that define the semantics of the policy rule. An ECA 190 Policy Rule MUST contain an event clause, a condition clause, and 191 an action clause. Policies are generically defined as a means to 192 monitor and control the changing and/or maintaining of the state 193 of one or more managed objects. This definition is based on the 194 definition of SUPAPolicy in [1]. 196 3.3. Symbology 198 The following representation is used to describe YANG data modules 199 defined in this draft. 201 o Brackets "[" and "]" enclose list keys. 203 o Abbreviations before data node names: "rw" means configuration 204 data (read-write), and "ro" means state data (read-only). 206 o Symbols after data node names: "?" means an optional node, "!" 207 means a presence container, and "*" denotes a list and leaf-list. 209 o Parentheses enclose choice and case nodes, and case nodes are also 210 marked with a colon (":"). 212 o Ellipsis ("...") stands for contents of subtrees that are not 213 shown. 215 4. Design of the SUPA Policy Data Models 217 This section describes the design philosophy of the YANG data model, 218 and how they will be maintained. 220 4.1. Objectives 222 These Data Models are derived from the SUPA Generic Policy 223 Information Model [1]. The overall objective is to faithfully 224 transform that information model into a YANG data model that can 225 be used for communicating policy. The policy scope to be covered is 226 that defined by [1]; please refer to it for more details and 227 background information. 229 This model is an extensible framework that is independent of the 230 implementation approach for storing polices, as well as being 231 independent of the content and meaning of specific policies. These 232 models can be extended (generally by using the groupings here and 233 defining additional containers for concrete classes) to represent 234 domain- and/or application-specific policies. The ECA model in this 235 document is an example of extending the general policy model towards 236 specific policies. 238 By using this approach, different policy models will use common 239 semantics, enabling them to be more easily integrated. 241 One of the important goals of this work is for the semantics of 242 these models to align with those of the generic policy information 243 model. Thus, most of this model was generate by a quasi-algorithmic 244 transformation of the information model. This was done by hand. 245 Certain changes were made to reflect the fact that this is a YANG 246 data model, and therefore, does not need to generically allow for 247 all data modelling languages. Details of the process are described 248 below in section 4.3. 250 4.2 Yang Data Model maintenance 252 All model changes should be done to both the information model and 253 the data model in parallel. Care is being taken during development 254 of this model to ensure that is the case. 256 In general, structural changes will be applied to both the 257 information model and the data model, and then any necessary YANG 258 repairs taken to preserve the validity of the YANG data model. 260 4.3 YANG Data Model Overview 262 This YANG data model is generated by applying suitable YANG 263 constructs to represent the information in the information model. 265 There are three key information modeling concepts that this data 266 model needs to represent consistently. These are classes, class 267 inheritance (also known as subclassing) and associations. The 268 SUPA generic policy information model [1] makes extensive use of 269 these concepts. 271 Each class in the model is represented by a YANG identity and by a 272 YANG grouping. The use of groupings enables us to define these 273 classes abstractly. Each grouping begins with two leaves (either 274 defined in the grouping or inherited via a uses clause), which 275 provide common functionality. One leaf is used for the system-wide 276 unique identifier for this instance. This is either named 277 supa-policy-ID (for the SUPAPolicyObject tree, which contains 278 everything EXCEPT metadata objects) or supa-policy-metadata-id (for 279 the SUPAPolicyMetadata tree, which ONLY contains metadata). All 280 associations use supa-policy-IDs. The second leaf is always called 281 the entity-class. It is an identityref which is set to the identity 282 of the instance. The default value for this leaf is always 283 correctly defined by the grouping. It is read-write in the YANG 284 formalism due to restrictions on the use of MUST clauses. 286 Class inheritance (or subclassing) is done by defining an identity 287 and a grouping for the new class. The identity is based on the 288 parent identity, and is given a new name to represent this class. 289 The new grouping uses the parent grouping. It refines the 290 entity-class of the parent, replacing the default value of the 291 entity-class with the correct value for this class. 293 Associations are represented by the use of instance-identifiers and 294 association classes. Association classes are classes, using the 295 above construction, which contain leaves representing the set of 296 instance-identifiers for each end of the association, along with 297 any other properties the information model assigns to the 298 association. The two associated classes each have a leaf with an 299 instance-identifier that points to the association class instance. 300 Each instance-identifier leaf is defined with a must clause. That 301 must clause references the entity-class of the target of the 302 instance-identifier, and specifies that the entity class type must 303 be the same as, or subclassed from, a specific named class. Thus, 304 associations can point to any instance of a selected class, or any 305 instance of any subclass of that target. 307 While not mandated by the YANG, it is expected that the xpath for 308 the instance-identifier will end with an array selection specifying 309 the supa-policy-ID or supa-policy-metadata-id of the target. This 310 enables us to construct the abstract class tree, with inheritance 311 and associations. It is noted and accepted that this process does 312 lose the distinction between containment, association, and 313 aggregation used by the information model. 315 The concrete class tree is constructed as follows. The YANG model 316 defines a container for each class that is defined as concrete by 317 the information model. That container contains a single list, 318 keyed by either the supa-policy-id or the supa-policy-metadata-id. 319 The content of the list is defined by a uses clause referencing the 320 grouping that defines the class. After this was done, certain 321 additional modifications were made. Specifically, any information 322 model constructs intended to represent lists of possible values 323 were recast as YANG enumerations. Where these lists are used more 324 than once, they are factored out into reusable enumerations. 326 Certain attributes that are not needed in the YANG (e.g., to 327 represent the range of choices different data models might use for 328 policy identification) were removed for simplicity and clarity. 330 4.4. YANG Tree Diagram 332 The YANG Tree Diagram starts on the next page. It uses the following 333 abbreviations for datatypes: 335 - B: Boolean 336 - E: enumeration 337 - II: instance-identifier 338 - IR: identityref 339 - PC: policy-constraint-language-list 340 - PD: policy-data-type-encoding-list 341 - PS: policy-deploy-status-list 342 - S: string 343 - YD: yang:date-and-time 344 - UI: uint32 346 module: ietf-supa-policy 347 +--rw supa-encoding-clause-container 348 | +--rw supa-encoding-clause-list* [supa-policy-ID] 349 | +--rw entity-class? identityref 350 | +--rw supa-policy-ID string 351 | +--rw supa-policy-name? string 352 | +--rw supa-policy-object-description? string 353 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 354 | +--rw supa-policy-clause-deploy-status identityref 355 | +--rw supa-has-policy-clause-part-ptr* instance-identifier 356 | +--rw supa-policy-clause-has-decorator-agg-ptr* instance-identifier 357 | +--rw supa-encoded-clause-content string 358 | +--rw supa-encoded-clause-language enumeration 359 +--rw supa-policy-variable-container 360 | +--rw supa-policy-variable-list* [supa-policy-ID] 361 | +--rw entity-class? identityref 362 | +--rw supa-policy-ID string 363 | +--rw supa-policy-name? string 364 | +--rw supa-policy-object-description? string 365 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 366 | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier 367 | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier 368 | +--rw supa-pol-clause-constraint* string 369 | +--rw supa-pol-clause-constraint-encoding? identityref 370 | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier 371 | +--rw supa-pol-comp-constraint* string 372 | +--rw supa-pol-comp-constraint-encoding? identityref 373 | +--rw supa-policy-term-is-negated? boolean 374 | +--rw supa-policy-variable-name? string 375 +--rw supa-policy-operator-container 376 +--rw supa-policy-operator-container 377 | +--rw supa-policy-operator-list* [supa-policy-ID] 378 | +--rw entity-class? identityref 379 | +--rw supa-policy-ID string 380 | +--rw supa-policy-name? string 381 | +--rw supa-policy-object-description? string 382 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 383 | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier 384 | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier 385 | +--rw supa-pol-clause-constraint* string 386 | +--rw supa-pol-clause-constraint-encoding? identityref 387 | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier 388 | +--rw supa-pol-comp-constraint* string 389 | +--rw supa-pol-comp-constraint-encoding? identityref 390 | +--rw supa-policy-term-is-negated? boolean 391 | +--rw supa-policy-value-op-type enumeration 392 +--rw supa-policy-value-container 393 | +--rw supa-policy-value-list* [supa-policy-ID] 394 | +--rw entity-class? identityref 395 | +--rw supa-policy-ID string 396 | +--rw supa-policy-name? string 397 | +--rw supa-policy-object-description? string 398 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 399 | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier 400 | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier 401 | +--rw supa-pol-clause-constraint* string 402 | +--rw supa-pol-clause-constraint-encoding? identityref 403 | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier 404 | +--rw supa-pol-comp-constraint* string 405 | +--rw supa-pol-comp-constraint-encoding? identityref 406 | +--rw supa-policy-term-is-negated? boolean 407 | +--rw supa-policy-value-content* string 408 | +--rw supa-policy-value-encoding? identityref 409 +--rw supa-policy-generic-decorated-container 410 | +--rw supa-encoding-clause-list* [supa-policy-ID] 411 | +--rw entity-class? identityref 412 | +--rw supa-policy-ID string 413 | +--rw supa-policy-name? string 414 | +--rw supa-policy-object-description? string 415 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 416 | +--rw supa-policy-clause-has-decorator-part-ptr* instance-identifier 417 | +--rw supa-has-decorated-policy-component-part-ptr? instance-identifier 418 | +--rw supa-pol-clause-constraint* string 419 | +--rw supa-pol-clause-constraint-encoding? identityref 420 | +--rw supa-has-decorated-policy-component-agg-ptr* instance-identifier 421 | +--rw supa-pol-comp-constraint* string 422 | +--rw supa-pol-comp-constraint-encoding? identityref 423 | +--rw supa-policy-generic-decorated-content* string 424 | +--rw supa-policy-generic-decorated-encoding? identityref 425 +--rw supa-policy-source-container 426 | +--rw supa-policy-source-list* [supa-policy-ID] 427 | +--rw entity-class? identityref 428 | +--rw supa-policy-ID string 429 | +--rw supa-policy-name? string 430 | +--rw supa-policy-object-description? string 431 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 432 | +--rw supa-has-policy-source-part-ptr* instance-identifier 433 +--rw supa-policy-target-container 434 | +--rw supa-policy-target-list* [supa-policy-ID] 435 | +--rw entity-class? identityref 436 | +--rw supa-policy-ID string 437 | +--rw supa-policy-name? string 438 | +--rw supa-policy-object-description? string 439 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 440 | +--rw supa-has-policy-target-part-ptr* instance-identifier 441 +--rw supa-policy-concrete-metadata-container 442 | +--rw supa-policy-concrete-metadata-list* [supa-policy-metadata-id] 443 | +--rw entity-class? identityref 444 | +--rw supa-policy-metadata-id string 445 | +--rw supa-policy-metadata-description? string 446 | +--rw supa-policy-metadata-name? string 447 | +--rw supa-has-policy-metadata-part-ptr* instance-identifier 448 | +--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier 449 | +--rw supa-policy-metadata-valid-period-end? yang:date-and-time 450 | +--rw supa-policy-metadata-valid-period-start? yang:date-and-time 451 +--rw supa-policy-metadata-decorator-access-container 452 | +--rw supa-policy-metadata-decorator-access-list* [supa-policy-metadata-id] 453 | +--rw entity-class? identityref 454 | +--rw supa-policy-metadata-id string 455 | +--rw supa-policy-metadata-description? string 456 | +--rw supa-policy-metadata-name? string 457 | +--rw supa-has-policy-metadata-part-ptr* instance-identifier 458 | +--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier 459 | +--rw supa-has-policy-metadata-dec-agg-ptr? instance-identifier 460 +--rw supa-policy-metadata-decorator-version-container 461 | +--rw supa-policy-metadata-decorator-version-list* [supa-policy-metadata-id] 462 | +--rw entity-class? identityref 463 | +--rw supa-policy-metadata-id string 464 | +--rw supa-policy-metadata-description? string 465 | +--rw supa-policy-metadata-name? string 466 | +--rw supa-has-policy-metadata-part-ptr* instance-identifier 467 | +--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier 468 | +--rw supa-has-policy-metadata-dec-agg-ptr? instance-identifier 469 +--rw supa-policy-metadata-detail-container 470 | +--rw supa-policy-metadata-detail-list* [supa-policy-ID] 471 | +--rw entity-class? identityref 472 | +--rw supa-policy-ID string 473 | +--rw supa-policy-name? string 474 | +--rw supa-policy-object-description? string 475 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 476 | +--rw supa-has-policy-metadata-detail-agg-ptr? instance-identifier 477 | +--rw supa-has-policy-metadata-detail-part-ptr? instance-identifier 478 | +--rw supa-policy-metadata-detail-is-applicable? boolean 479 | +--rw supa-policy-metadata-detail-constraint* string 480 | +--rw supa-policy-metadata-detail-constraint-encoding? identityref 481 +--rw supa-policy-clause-has-decorator-detail-container 482 | +--rw supa-policy-component-decorator-detail-list* [supa-policy-ID] 483 | +--rw entity-class? identityref 484 | +--rw supa-policy-ID string 485 | +--rw supa-policy-name? string 486 | +--rw supa-policy-object-description? string 487 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 488 | +--rw supa-has-policy-component-decorator-agg-ptr? instance-identifier 489 | +--rw supa-has-policy-component-decorator-part-ptr? instance-identifier 490 | +--rw supa-has-decorator-constraint* string 491 | +--rw supa-has-decorator-constraint-encoding? identityref 492 +--rw supa-policy-component-decorator-detail-container 493 | +--rw supa-policy-component-decorator-detail-list* [supa-policy-ID] 494 | +--rw entity-class? identityref 495 | +--rw supa-policy-ID string 496 | +--rw supa-policy-name? string 497 | +--rw supa-policy-object-description? string 498 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 499 | +--rw supa-has-policy-component-decorator-agg-ptr? instance-identifier 500 | +--rw supa-has-policy-component-decorator-part-ptr? instance-identifier 501 | +--rw supa-has-decorator-constraint* string 502 | +--rw supa-has-decorator-constraint-encoding? identityref 503 +--rw supa-policy-source-detail-container 504 | +--rw supa-policy-source-detail-list* [supa-policy-ID] 505 | +--rw entity-class? identityref 506 | +--rw supa-policy-ID string 507 | +--rw supa-policy-name? string 508 | +--rw supa-policy-object-description? string 509 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 510 | +--rw supa-has-policy-source-detail-agg-ptr? instance-identifier 511 | +--rw supa-has-policy-source-detail-part-ptr? instance-identifier 512 | +--rw supa-policy-source-is-authenticated? boolean 513 | +--rw supa-policy-source-is-trusted? boolean 514 +--rw supa-policy-target-detail-container 515 | +--rw supa-policy-target-detail-list* [supa-policy-ID] 516 | +--rw entity-class? identityref 517 | +--rw supa-policy-ID string 518 | +--rw supa-policy-name? string 519 | +--rw supa-policy-object-description? string 520 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 521 | +--rw supa-has-policy-target-detail-agg-ptr? instance-identifier 522 | +--rw supa-has-policy-target-detail-part-ptr? instance-identifier 523 | +--rw supa-policy-target-is-authenticated? boolean 524 | +--rw supa-policy-target-is-enabled? boolean 525 +--rw supa-policy-clause-detail-container 526 | +--rw supa-policy-clause-detail-list* [supa-policy-ID] 527 | +--rw entity-class? identityref 528 | +--rw supa-policy-ID string 529 | +--rw supa-policy-name? string 530 | +--rw supa-policy-object-description? string 531 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 532 | +--rw supa-has-policy-clause-detail-agg-ptr* instance-identifier 533 | +--rw supa-has-policy-clause-detail-part-ptr? instance-identifier 534 +--rw supa-policy-exec-fail-take-action-detail-container 535 | +--rw supa-policy-exec-fail-take-action-detail-list* [supa-policy-ID] 536 | +--rw entity-class? identityref 537 | +--rw supa-policy-ID string 538 | +--rw supa-policy-name? string 539 | +--rw supa-policy-object-description? string 540 | +--rw supa-has-policy-metadata-agg-ptr* instance-identifier 541 | +--rw supa-has-exec-fail-action-detail-agg-ptr? instance-identifier 542 | +--rw supa-has-exec-fail-action-detail-part-ptr? instance-identifier 543 | +--rw supa-policy-exec-fail-take-action-name* string 544 +--rw supa-policy-metadata-decorator-detail-container 545 +--rw supa-policy-metadata-decorator-detail-list* [supa-policy-metadata-id] 546 +--rw entity-class? identityref 547 +--rw supa-policy-metadata-id string 548 +--rw supa-policy-metadata-description? string 549 +--rw supa-policy-metadata-name? string 550 +--rw supa-has-policy-metadata-part-ptr* instance-identifier 551 +--rw supa-has-policy-metadata-dec-part-ptr* instance-identifier 552 +--rw supa-has-policy-metadata-detail-dec-agg-ptr? instance-identifier 553 +--rw supa-has-policy-metadata-detail-dec-part-ptr? instance-identifier 555 5. SUPA Policy Data Model YANG Module 557 The SUPA YANG data model module is divided into two main parts: 559 1) a set of containers that represent the objects that make 560 updated a Policy Rule and its Policy Rule Components 561 2) a set of containers that represent the objects that define and 562 apply metadata to Policy Rules and/or Policy Rule Components 564 file "ietf-supa-policy@2017-06-16.yang" 566 module ietf-supa-policy { 568 yang-version 1.1; 569 namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policy"; 570 prefix supa-pdm; 572 import ietf-yang-types { 573 prefix yang; 574 } 576 organization "IETF"; 577 contact 578 "Editor: Joel Halpern 579 email: jmh@joelhalpern.com; 580 Editor: John Strassner 581 email: strazpdj@gmail.com;"; 583 description 584 "This module defines a data model for generic high level 585 definition of policies to be applied to a network. 586 This module is derived from, and aligns with, 587 draft-ietf-supa-generic-policy-info-model-03. Details on all 588 classes, associations, and attributes can be found there. 589 Copyright (c) 2015 IETF Trust and the persons identified 590 as the document authors. All rights reserved. 591 Redistribution and use in source and binary forms, with or 592 without modification, is permitted pursuant to, and 593 subject to the license terms contained in, the Simplified 594 BSD License set forth in Section 4.c of the IETF Trust's 595 Legal Provisions Relating to IETF Documents 596 (http://trustee.ietf.org/license-info)."; 598 revision "2017-06-16" { 599 description 600 "20170616: Implemented changes from supa IM v3. This 601 includes adding new objects (classes and 602 relationships) corresponding to the new 603 formulation of the decorator pattern. Changed 604 enums to identities per IETF98 discussion. 606 20170415: Updated SUPABooleanClause based on 607 implementation experience from SNMP example; 608 reworded definitions of supaPolMetadataID and 609 supaEncodedClauseEncoding attribute. 610 20170117: updated class and attribute names in the YANG 611 to match those in the IM, except where noted. 612 20161210: Incorporated input from IISOMI. 613 20161010: Changed back to transitive identities (to 614 enforce inheritance) after determining that 615 errors were from a confdc bug. 616 20161008: Fixed errors found in latest pyang compiler 617 and from YANG Doctors. 618 20161001: Minor edits in association definitions. 619 20160928: Generated yang tree. 620 20160924: Rewrote association documentation; rebuilt 621 how all classes are named for consistency. 622 20160904: Optimization of module by eliminating leaves 623 that are not needed; rewrote section 4. 624 20160824: Edits to sync data model to info model. 625 20160720: Conversion to WG draft. Fixed pyang 1.1 626 compilation errors. Fixed must clause 627 derefencing used in grouping statements. 628 Reformatted and expanded descriptions. 629 Fixed various typos. 630 20160321: Initial version."; 631 reference 632 "draft-ietf-supa-policy-data-model-03"; 633 } 635 // The following replaces enumerations with identities. This is because 636 // YANG enumerations are not extensible in sub-models. Therefore, we 637 // define a base identity for each enumerated list, and then derive an 638 // identity for each currently defined value in the enumeration. This 639 // enables new values to be added by models that extend this model. 641 identity POLICY-CONSTRAINT-LANGUAGE-LIST { 642 description 643 "The language used to encode the constraints that are 644 relevant to the relationship between the metadata 645 and the underlying policy object."; 646 } 648 identity PCLL-ERROR { 649 base POLICY-CONSTRAINT-LANGUAGE-LIST; 650 description 651 "This signifies an error state for a policy constraint 652 language assignment."; 653 } 654 identity PCLL-INIT { 655 base POLICY-CONSTRAINT-LANGUAGE-LIST; 656 description 657 "This signifies a generic initialization state, meaning 658 that the policy constraint language assignment can now 659 be made."; 660 } 662 identity PCLL-OCL2.4 { 663 base POLICY-CONSTRAINT-LANGUAGE-LIST; 664 description 665 "This defines OCL2.4 [2] as the policy constraint language 666 list to be used."; 667 } 669 identity PCLL-OCL2.x { 670 base POLICY-CONSTRAINT-LANGUAGE-LIST; 671 description 672 "This defines the use of OCL2.0 - OCL2.3.1 [2] as the 673 policy constraint language list to be used."; 674 } 676 identity PCLL-OCL1.x { 677 base POLICY-CONSTRAINT-LANGUAGE-LIST; 678 description 679 "This defines OCL1.x [3] as the policy constraint language 680 list to be used."; 681 } 683 identity PCLL-QVT1.2R { 684 base POLICY-CONSTRAINT-LANGUAGE-LIST; 685 description 686 "This defines the use of QVT Relational Language [5] as the 687 policy constraint language list to be used."; 688 } 690 identity PCLL-QVT1.2O { 691 base POLICY-CONSTRAINT-LANGUAGE-LIST; 692 description 693 "This defines the use of QVT Operational Language [5] as 694 the policy constraint language list to be used."; 695 } 697 identity PCLL-ALLOY { 698 base POLICY-CONSTRAINT-LANGUAGE-LIST; 699 description 700 "This defines the use of Alloy [4] as the policy constraint 701 language list to be used. Alloy is a language for 702 defining constraints, and uses a SAT solver to 703 guarantee correctness."; 704 } 705 identity PCLL-TEXT { 706 base POLICY-CONSTRAINT-LANGUAGE-LIST; 707 description 708 "This defines the use of plain text as the policy constraint 709 language list to be used. This option is NOT recommended, 710 since it is informal and hence, not verifiable."; 711 } 713 identity POLICY-DATA-TYPE-ID-ENCODING-LIST { 714 description 715 "The list of possible data types used to represent object 716 IDs for all SUPA object instances."; 717 } 719 identity PDTIEL-ERROR { 720 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 721 description 722 "This signifies an error state for a policy data type ID 723 encoding assignment."; 724 } 726 identity PDTIEL-INIT { 727 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 728 description 729 "This signifies a generic initialization state, meaning 730 that the policy data type ID encoding assignment can now 731 be made."; 732 } 734 identity PDTIEL-PK { 735 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 736 description 737 "This represents the primary key of a table, which 738 uniquely identifies each record in that table. 739 It MUST NOT be NULL. It MAY consist of a single 740 or multiple fields. Note that a YANG data model 741 implementation does NOT have to implement this feature."; 742 } 744 identity PDTIEL-FK { 745 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 746 description 747 "This represents the foreign key of a table, which 748 uniquely identifies each record in that table. 749 It MUST NOT be NULL. It MAY consist of a single 750 or multiple fields. Note that a YANG data model 751 implementation does NOT have to implement this feature."; 752 } 753 identity PDTIEL-GUID { 754 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 755 description 756 "This represents an object instance that is referenced by 757 this GUID."; 758 } 760 identity PDTIEL-UUID { 761 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 762 description 763 "This represents an object instance that is referenced by 764 this UUID."; 765 } 767 identity PDTIEL-URI { 768 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 769 description 770 "This represents an object instance that is referenced by 771 this URI."; 772 } 774 identity PDTIEL-FQDN { 775 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 776 description 777 "This represents an object instance that is referenced by 778 this FQDN."; 779 } 781 identity PDTIEL-FQPN { 782 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 783 description 784 "This represents an object instance that is referenced by 785 this FQPN. Note that FQPNs assume that all components can 786 access a single logical file repostory."; 787 } 789 identity PDTIEL-STRING-ID { 790 base POLICY-DATA-TYPE-ID-ENCODING-LIST; 791 description 792 "This represents an object instance that is referenced by 793 this string instance id. Here, a string instance id is the 794 canonical representation, in ASCII, of an instance ID of 795 this object instance."; 796 } 798 identity POLICY-DATA-TYPE-ENCODING-LIST { 799 description 800 "The set of allowable data types used to encode single- 801 and multi-valued SUPA Policy attributes."; 802 } 803 identity PDTEL-ERROR { 804 base POLICY-DATA-TYPE-ENCODING-LIST; 805 description 806 "This signifies an error state for a policy data type 807 encoding assignment."; 808 } 810 identity PDTEL-INIT { 811 base POLICY-DATA-TYPE-ENCODING-LIST; 812 description 813 "This signifies a generic initialization state, meaning 814 that the policy data type encoding assignment can now 815 be made."; 816 } 818 identity PDTEL-STRING { 819 base POLICY-DATA-TYPE-ENCODING-LIST; 820 description 821 "This represents a string data type."; 822 } 824 identity PDTEL-INTEGER { 825 base POLICY-DATA-TYPE-ENCODING-LIST; 826 description 827 "This represents an integer data type."; 828 } 830 identity PDTEL-BOOLEAN { 831 base POLICY-DATA-TYPE-ENCODING-LIST; 832 description 833 "This represents a Boolean data type."; 834 } 836 identity PDTEL-FLOAT { 837 base POLICY-DATA-TYPE-ENCODING-LIST; 838 description 839 "This represents a floating point data type."; 840 } 842 identity PDTEL-DATETIME { 843 base POLICY-DATA-TYPE-ENCODING-LIST; 844 description 845 "This represents a data type that can specify 846 date and/or time."; 847 } 849 identity PDTEL-GUID { 850 base POLICY-DATA-TYPE-ENCODING-LIST; 851 description 852 "This represents a GUID data type."; 853 } 854 identity PDTEL-UUID { 855 base POLICY-DATA-TYPE-ENCODING-LIST; 856 description 857 "This represents a UUID data type."; 858 } 860 identity PDTEL-URI { 861 base POLICY-DATA-TYPE-ENCODING-LIST; 862 description 863 "This represents a URI data type."; 864 } 866 identity PDTEL-DN { 867 base POLICY-DATA-TYPE-ENCODING-LIST; 868 description 869 "This represents a DN data type."; 870 } 872 identity PDTEL-FQDN { 873 base POLICY-DATA-TYPE-ENCODING-LIST; 874 description 875 "This represents an FQDN data type."; 876 } 878 identity PDTEL-FQPN { 879 base POLICY-DATA-TYPE-ENCODING-LIST; 880 description 881 "This represents an FQPN data type. Note that FQPNs assume 882 that all components can access a single logical 883 file repostory."; 884 } 886 identity PDTEL-NULL { 887 base POLICY-DATA-TYPE-ENCODING-LIST; 888 description 889 "This represents a NULL data type. NULL means that this 890 data type MAY not contain an actual value. This data type 891 may be used to represent a missing or invalid value."; 892 } 894 identity PDTEL-STRING-ID { 895 base POLICY-DATA-TYPE-ENCODING-LIST; 896 description 897 "This represents an object instance that is defined by 898 this string instance id. Here, a string instance id is the 899 canonical representation, in ASCII, of an instance ID of 900 this object instance."; 901 } 902 identity POLICY-DEPLOY-STATUS-LIST { 903 description 904 "This represents the current deployment status of this 905 object (e.g., either a SUPAPolicyStructure or a 906 SUPAPolicyClause object instance)."; 907 } 909 identity PDSL-ERROR { 910 base POLICY-DEPLOY-STATUS-LIST; 911 description 912 "This signifies an error state for assigning the deployment 913 status of this object."; 914 } 916 identity PDSL-INIT { 917 base POLICY-DEPLOY-STATUS-LIST; 918 description 919 "This signifies a generic initialization state, meaning 920 that the deploy status assignment of this object can now 921 be made."; 922 } 924 identity PDSL-READY { 925 base POLICY-DEPLOY-STATUS-LIST; 926 description 927 "This defines the deployment status of this object as 928 deployed in the system and currently enabled."; 929 } 931 identity PDSL-TEST { 932 base POLICY-DEPLOY-STATUS-LIST; 933 description 934 "This defines the deployment status of this object as 935 deployed in the system but is currently in a test state, 936 and SHOULD NOT be used in OAM&P policies."; 937 } 939 identity PDSL-DISABLED { 940 base POLICY-DEPLOY-STATUS-LIST; 941 description 942 "This defines the deployment status of this object as 943 deployed in the system, but has been administratively 944 DISABLED. It MUST NOT be used in OAM&P policies."; 945 } 947 identity PDSL-OK-TO-DEPLOY { 948 base POLICY-DEPLOY-STATUS-LIST; 949 description 950 "This defines the deployment status of this object as 951 initialized and ready to be deployed."; 952 } 953 identity PDSL-NOT-OK { 954 base POLICY-DEPLOY-STATUS-LIST; 955 description 956 "This defines the deployment status of this object as 957 NOT ready for deployment into the system."; 958 } 960 // Identities are used in this model as a means to provide simple 961 // introspection to allow an instance-identifier to be tested as to 962 // what class it represents. This allows must clauses to specify 963 // that the target of a particular instance-identifier leaf must be a 964 // specific class, or within a certain branch of the inheritance tree. 965 // This depends upon the ability to refine the entity class default 966 // value. The entity class should be read-only. However, as this is 967 // the target of a MUST condition, it cannot be config-false. Also, 968 // it appears that we cannot put a MUST condition on its definition, 969 // as the default (actual) value changes for each inherited object. 970 // Finally, note that since identities are irreflexive, we define a 971 // parent identity, called SUPA-ROOT-TYPE, to serve as the single root 972 // from which all identity statements are derived. 974 identity SUPA-ROOT-TYPE { 975 description 976 "The identity corresponding to a single root for all 977 identities in the SUPA Data Model. Note that section 978 7.18.2 in [RFC7950] says that identity derivation is 979 irreflexive (i.e., an identity cannot be derived 980 from itself."; 981 } 983 identity POLICY-OBJECT-TYPE { 984 base SUPA-ROOT-TYPE; 985 description 986 "The identity corresponding to a SUPAPolicyObject 987 object instance."; 988 } 990 grouping supa-policy-object-type { 991 leaf entity-class { 992 type identityref { 993 base SUPA-ROOT-TYPE; 994 } 995 default POLICY-OBJECT-TYPE; 996 description 997 "The identifier of the class of this grouping."; 998 } 999 leaf supa-policy-ID { 1000 type string; 1001 mandatory true; 1002 description 1003 "The string identifier of this policy object, which 1004 functions as the unique object identifier of this 1005 object instance. This attribute MUST be unique within 1006 the policy system. 1007 This attribute is named supaPolObjIDContent in [1], 1008 and is used with the supaPolObIDEncoding class 1009 attribute to define a namespace. Since the YANG data 1010 model does not need this genericity, the 1011 supaPolObjIDContent attribute was renamed, and the 1012 supaObjectIDEncoding attribute was removed."; 1013 } 1014 leaf supa-policy-name { 1015 type string; 1016 description 1017 "A human-readable name for this policy object. Note 1018 that this is NOT the object ID."; 1019 } 1020 leaf supa-policy-object-description { 1021 type string; 1022 description 1023 "A human-readable description of the characteristics 1024 and behavior of this policy object."; 1025 } 1026 leaf-list supa-has-policy-metadata-agg-ptr { 1027 type instance-identifier; 1028 must "derived-from-or-self (deref(.)/entity-class, 1029 'SUPA-HAS-POLICY-METADATA-ASSOC')"; 1030 description 1031 "This leaf-list holds instance-identifiers that 1032 reference a SUPAHasPolicyMetadata association [1]. 1033 This association is represented by the grouping 1034 supa-has-policy-metadata-detail. This association 1035 describes how each SUPAPolicyMetadata instance is 1036 related to a given SUPAPolicyObject instance. Since 1037 this association class contains attributes, the 1038 instance-identifier MUST point to an instance using 1039 the grouping supa-has-policy-metadata-detail (which 1040 includes subclasses of this association class)."; 1041 } 1042 description 1043 "This represents the SUPAPolicyObject [1] class. It is the 1044 superclass for all SUPA Policy objects (i.e., all objects 1045 that are either Policies or components of Policies). Note 1046 that SUPA Policy Metadata objects are NOT subclassed from 1047 this class; they are instead subclassed from the 1048 SUPAPolicyMetadata (i.e., supa-policy-metadata-type) 1049 object. This class (supa-policy-object-type) is used to 1050 define common attributes and relationships that all SUPA 1051 Policy subclasses inherit. 1053 It MAY be augmented with a set of zero or more 1054 SUPAPolicyMetadata objects using the SUPAHasPolicyMetadata 1055 association, which is represented by the 1056 supa-has-policy-metadata-agg leaf-list."; 1057 } 1059 identity POLICY-COMPONENT-TYPE { 1060 base POLICY-OBJECT-TYPE; 1061 description 1062 "The identity corresponding to a 1063 SUPAPolicyComponentStructure object instance."; 1064 } 1066 grouping supa-policy-component-structure-type { 1067 uses supa-policy-object-type { 1068 refine entity-class { 1069 default POLICY-COMPONENT-TYPE; 1070 } 1071 } 1072 description 1073 "This represents the SUPAPolicyComponent class [1], which 1074 is the superclass for all objects that represent 1075 different components of a Policy. Important subclasses 1076 include the SUPAPolicyClause and the 1077 SUPAPolicyClauseComponentDecorator. SUPAPolicyClause is 1078 used to build reusable clauses for SUPAPolicies, and 1079 SUPAPolicyClauseComponentDecorator is used to dynamically 1080 add and remove components of a SUPAPolicyClause. This 1081 enables the model to be changed at runtime without 1082 requiring recompiling and redeploying."; 1083 } 1085 identity POLICY-COMPONENT-CLAUSE-TYPE { 1086 base POLICY-COMPONENT-TYPE; 1087 description 1088 "The identity corresponding to a SUPAPolicyClause 1089 object instance."; 1090 } 1092 grouping supa-policy-clause-type { 1093 uses supa-policy-component-structure-type { 1094 refine entity-class { 1095 default POLICY-COMPONENT-CLAUSE-TYPE; 1096 } 1097 } 1098 leaf supa-policy-clause-deploy-status { 1099 type identityref { 1100 base POLICY-DEPLOY-STATUS-LIST; 1101 } 1102 mandatory true; 1103 description 1104 "This defines whether this SUPAPolicy has been 1105 deployed and, if so, whether it is enabled and 1106 ready to be used or not."; 1107 } 1108 leaf-list supa-has-policy-clause-part-ptr { 1109 type instance-identifier; 1110 must "derived-from-or-self (deref(.)/entity-class, 1111 'SUPA-HAS-POLICY-CLAUSE-ASSOC')"; 1112 description 1113 "This leaf-list holds instance-identifiers that 1114 reference a SUPAHasPolicyClause aggregation [1], 1115 and is represented by the grouping 1116 supa-has-policy-clause-detail. This aggregation 1117 describes how each SUPAPolicyClause instance is 1118 related to this particular SUPAPolicyStructure 1119 instance. For example, this aggregation may restrict 1120 which concrete subclasses of the SUPAPolicyStructure 1121 class can be associated with which contrete subclasses 1122 of the SUPAPolicyClause class. The set of 1123 SUPAPolicyClauses, identified by this leaf-list, 1124 define the content of this SUPAPolicyStructure. 1125 Since this association class contains attributes, the 1126 instance-identifier MUST point to an instance using 1127 the grouping supa-has-policy-clause-detail (which 1128 includes subclasses of this association class)."; 1129 } 1130 leaf-list supa-policy-clause-has-decorator-agg-ptr { 1131 type instance-identifier; 1132 must "derived-from-or-self (deref(.)/entity-class, 1133 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; 1134 description 1135 "This leaf-list holds instance-identifiers that 1136 reference a SUPAPolicyClauseHasDecorator aggregation 1137 [1], and is represented by the grouping 1138 supa-policy-clause-has-decorator-detail. This 1139 aggregation describes how each SUPAPolicyClause 1140 object instance is decorated (i.e., wrapped) by zero 1141 or more SUPAPolicyClauseComponentDecorator object 1142 instances. For example, this aggregation may restrict 1143 which concrete subclasses of the 1144 SUPAPolicyClauseComponentDecorator class can wrap 1145 this particular contrete subclass of the 1146 SUPAPolicyClause class. The set of SUPAPolicyClauses, 1147 identified by this leaf-list, define the content of 1148 this SUPAPolicyStructure that they are associated 1149 with (via the SUPAHasPolicyClause aggregation). 1151 Since this association class contains attributes, the 1152 instance-identifier MUST point to an instance using 1153 the grouping supa-policy-clause-has-decorator-detail 1154 (which includes subclasses of this association 1155 class). Note that (concrete) subclasses of this 1156 association class may also be used to further refine 1157 the semantics of this aggregation."; 1158 } 1159 description 1160 "The parent class for all SUPA Policy Clauses. A 1161 SUPAPolicyClause is a fundamental building block for 1162 creating SUPA Policies. A SUPAPolicy is a set of 1163 statements, and a SUPAPolicyClause can be thought of as all 1164 or part of a statement. The Decorator pattern [1] is used, 1165 which enables the contents of a SUPAPolicyClause to be 1166 adjusted dynamically at runtime without affecting other 1167 objects of either type. For example, new content can be 1168 dynamically added or removed by wrapping a SUPAPolicyClause 1169 with additional object instances. Every SUPAPolicy MUST 1170 have at least one SUPAPolicyClause."; 1171 } 1173 identity POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE { 1174 base POLICY-COMPONENT-TYPE; 1175 description 1176 "The identity corresponding to a 1177 SUPAPolicyClauseComponentDecorator object instance."; 1178 } 1180 grouping supa-policy-clause-component-decorator-type { 1181 uses supa-policy-component-structure-type { 1182 refine entity-class { 1183 default POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE; 1184 } 1185 } 1186 leaf-list supa-policy-clause-has-decorator-part-ptr { 1187 type instance-identifier; 1188 must "derived-from-or-self (deref(.)/entity-class, 1189 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; 1190 description 1191 "This leaf holds instance-identifiers that 1192 reference a SUPAPolicyClauseHasDecorator aggregation, 1193 [1], and is represented by the grouping 1194 supa-policy-clause-has-decorator-detail. This 1195 aggregation describes how each 1196 SUPAPolicyClauseComponentDecorator object instance 1197 wraps a given SUPAPolicyClause object instance. This 1198 enables the behavior of a SUPAPolicyClause object 1199 instance to be changed dynamically by attaching and/or 1200 removing SUPAPolicyClauseComponentDecorator object 1201 instances. 1203 Multiple SUPAPolicyClauseComponentDecorator object 1204 instances instances may be attached to a 1205 SUPAPolicyClause object instance that is referenced in 1206 this aggregation by using the Decorator pattern [1]. 1207 Since this association class contains attributes, the 1208 instance-identifier MUST point to an instance using 1209 the grouping supa-policy-clause-has-decorator-detail. 1210 Note that (concrete) subclasses of this association 1211 class may also be used to further refine the semantics 1212 of this aggregation."; 1213 } 1214 leaf supa-has-decorated-policy-component-part-ptr { 1215 type instance-identifier; 1216 must "derived-from-or-self (deref(.)/entity-class, 1217 'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')"; 1218 description 1219 "This leaf holds instance-identifiers that 1220 reference a SUPAHasDecoratedPolicyComponent 1221 aggregation [1], and is represented by the grouping 1222 supa-has-decorated-policy-component-detail. This 1223 aggregation describes how each 1224 SUPAPolicyClauseComponentDecorator instance is wrapped 1225 by a given SUPAPolicyComponentDecorator instance. 1226 Multiple SUPAPolicyComponentDecorator instances may be 1227 attached to a SUPAPolicyClauseComponentDecorator 1228 instance that is referenced in this aggregation by 1229 using the Decorator pattern [1]. Since this 1230 association class contains attributes, the 1231 instance-identifier MUST point to an instance using 1232 the grouping 1233 supa-has-decorated-policy-component-detail."; 1234 } 1235 leaf-list supa-pol-clause-constraint { 1236 type string; 1237 description 1238 "This is a set of constraint expressions that are 1239 applied to this decorator object instance. These 1240 constraints restrict the semantics of this object 1241 instance, and hence, restrict how these objects 1242 interact with the SUPAPolicyClause object instance 1243 that is aggregating them. For example, this attribute 1244 could restrict how a concrete subclass, such as 1245 SUPAPolicyEvent, is used. The constraints are defined 1246 using an appropriate constraint language that is 1247 specified in the supa-pol-clause-constraint-encoding 1248 leaf."; 1249 } 1250 leaf supa-pol-clause-constraint-encoding { 1251 type identityref { 1252 base POLICY-CONSTRAINT-LANGUAGE-LIST; 1253 } 1254 description 1255 "The language in which the constraints on the 1256 SUPAPolicyClauseComponentDecorator is expressed. 1257 Examples include OCL 2.4 [2], Alloy [3], and 1258 English text."; 1259 } 1260 description 1261 "This object implements the Decorator pattern [1], which 1262 enables all or part of one or more concrete objects to 1263 wrap another concrete object. The set of decorated 1264 objects is then wrapped by a concrete subclass of the 1265 SUPAPolicyClause object, which enables the 1266 SUPAPolicyClause object to be changed dynamically at 1267 runtime without recompilation or redeployment."; 1268 } 1270 identity POLICY-COMPONENT-DECORATOR-TYPE { 1271 base POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE; 1272 description 1273 "The identity corresponding to a 1274 SUPAPolicyComponentDecorator object instance."; 1275 } 1277 grouping supa-policy-component-decorator-type { 1278 uses supa-policy-clause-component-decorator-type { 1279 refine entity-class { 1280 default POLICY-COMPONENT-DECORATOR-TYPE; 1281 } 1282 } 1283 leaf-list supa-has-decorated-policy-component-agg-ptr { 1284 type instance-identifier; 1285 must "derived-from-or-self (deref(.)/entity-class, 1286 'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')"; 1287 description 1288 "This leaf holds instance-identifiers that 1289 reference a SUPAHasDecoratedPolicyComponent 1290 aggregation [1], and is represented by the grouping 1291 supa-has-decorated-policy-component-detail. This 1292 aggregation describes how each 1293 SUPAPolicyComponentDecorator instance wraps a given 1294 SUPAPolicyClauseComponentDecorator instance. 1295 Multiple SUPAPolicyComponentDecorator instances may be 1296 attached to a SUPAPolicyClauseComponentDecorator 1297 instance that is referenced in this aggregation by 1298 using the Decorator pattern [1]. Since this 1299 association class contains attributes, the 1300 instance-identifier MUST point to an instance using 1301 the grouping 1302 supa-has-decorated-policy-component-detail."; 1303 } 1304 leaf-list supa-pol-comp-constraint { 1305 type string; 1306 description 1307 "This is a set of constraint expressions that are 1308 applied to this decorator object instance. These 1309 constraints restrict the semantics of this object 1310 instance, and hence, restrict how these objects 1311 interact with the SUPAPolicyClauseComponentDecorator 1312 object instance that they are wrapping. For example, 1313 this attribute could restrict how a concrete subclass 1314 of SUPAPolicyComponentDecorator is used. The 1315 constraints are defined using an appropriate constraint 1316 language that is specified in the 1317 supa-pol-comp-constraint-encoding leaf."; 1318 } 1319 leaf supa-pol-comp-constraint-encoding { 1320 type identityref { 1321 base POLICY-CONSTRAINT-LANGUAGE-LIST; 1322 } 1323 description 1324 "The language in which constraints on the 1325 SUPAPolicyComponentDecorator is expressed. 1326 Examples include OCL 2.4 [2], Alloy [3], and 1327 English text."; 1328 } 1329 description 1330 "This object implements the Decorator pattern [1], which 1331 enables all or part of one or more concrete objects of 1332 the SUPAPolicyClauseComponentDecorator class to create a 1333 set of wrapped objects that are in turn aggregated by a 1334 SUPAPolicyClause object. This enables the SUPAPolicyClause 1335 object to be changed dynamically at runtime without 1336 recompilation or redeployment."; 1337 } 1339 identity POLICY-ENCODED-CLAUSE-TYPE { 1340 base POLICY-COMPONENT-CLAUSE-TYPE; 1341 description 1342 "The identity corresponding to a SUPAEncodedClause 1343 object instance."; 1344 } 1346 grouping supa-encoded-clause-type { 1347 uses supa-policy-clause-type { 1348 refine entity-class { 1349 default POLICY-ENCODED-CLAUSE-TYPE; 1350 } 1351 } 1352 leaf supa-encoded-clause-content { 1353 type string; 1354 mandatory true; 1355 description 1356 "This defines the content of this SUPAEncodedClause. 1357 Since the target is YANG, the supaEncodedClauseEncoding 1358 attribute is NOT required, and therefore, not mapped."; 1359 } 1360 leaf supa-encoded-clause-language { 1361 type enumeration { 1362 enum "error" { 1363 description 1364 "This signifies an error state. OAM&P Policies 1365 SHOULD NOT use this SUPAEncodedClause if the 1366 value of this attribute is error."; 1367 } 1368 enum "init" { 1369 description 1370 "This signifies an initialization state."; 1371 } 1372 enum "YANG" { 1373 description 1374 "This defines the language used in this 1375 SUPAEncodedClause as a type of YANG. 1376 Additional details may be provided by 1377 attaching a SUPAPolicyMetadata object to 1378 this SUPAEncodedClause object instance."; 1379 } 1380 enum "XML" { 1381 description 1382 "This defines the language as a type of XML. 1383 Additional details may be provided by 1384 attaching a SUPAPolicyMetadata object to 1385 this SUPAEncodedClause object instance."; 1386 } 1387 enum "TL1" { 1388 description 1389 "This defines the language as a type of 1390 Transaction Language 1. Additional details may 1391 be provided by attaching a SUPAPolicyMetadata 1392 object to this SUPAEncodedClause object 1393 instance."; 1394 } 1395 enum "Text" { 1396 description 1397 "This is a textual string that can be used to 1398 define a language choice that is not listed 1399 by a specific enumerated value. This string 1400 MUST be parsed by the policy system to 1401 identify the language being used. 1403 A SUPAPolicyMetadata object (represented as a 1404 supa-policy-metadata-type leaf) can be used to 1405 provide further details about the language"; 1406 } 1407 } 1408 mandatory true; 1409 description 1410 "Indicates the language used for this SUPAEncodedClause 1411 object instance. Prescriptive and/or descriptive 1412 information about the usage of this SUPAEncodedClause 1413 may be provided by one or more SUPAPolicyMetadata 1414 objects, which are each attached to the object 1415 instance of this SUPAEncodedClause."; 1416 } 1417 description 1418 "This class refines the behavior of the supa-policy-clause 1419 by encoding the contents of the clause into the attributes 1420 of this object. This enables clauses that are not based on 1421 other SUPA objects to be modeled. For example, a POLICY 1422 Application could define a CLI or YANG configuration 1423 snippet and encode that snipped into a SUPAEncodedClause. 1424 Note that a SUPAEncodedClause simply defines the content 1425 of the clause. In particular, it does NOT provide a 1426 response. The policy engine that is parsing and evaluating 1427 the SUPAPolicy needs to assign a response to any 1428 SUPAEncodedClause that it encounters."; 1429 } 1431 container supa-encoding-clause-container { 1432 description 1433 "This is a container to collect all object instances of 1434 type SUPAEncodedClause."; 1436 list supa-encoding-clause-list { 1437 key supa-policy-ID; 1438 uses supa-encoded-clause-type; 1439 description 1440 "A list of all instances of supa-encoding-clause-type. 1441 If a module defines subclasses of the encoding clause, 1442 those will be stored in a separate container."; 1443 } 1444 } 1446 identity POLICY-COMPONENT-TERM-TYPE { 1447 base POLICY-COMPONENT-DECORATOR-TYPE; 1448 description 1449 "The identity corresponding to a SUPAPolicyTerm object 1450 instance."; 1451 } 1452 grouping supa-policy-term-type { 1453 uses supa-policy-component-decorator-type { 1454 refine entity-class { 1455 default POLICY-COMPONENT-TERM-TYPE; 1456 } 1457 } 1458 leaf supa-policy-term-is-negated { 1459 type boolean; 1460 description 1461 "If the value of this attribute is true, then 1462 this particular term is negated."; 1463 } 1464 description 1465 "This is the superclass of all SUPA policy objects that are 1466 used to test or set the value of a variable. It does this 1467 by defining a {variable-operator-value} three-tuple, where 1468 each element of the three-tuple is defined by a concrete 1469 subclass of the appropriate type (e.g., SUPAPolicyVariable, 1470 SUPAPolicyOperator, or SUPAPolicyVariable)."; 1471 } 1473 identity POLICY-COMPONENT-VARIABLE-TYPE { 1474 base POLICY-COMPONENT-TERM-TYPE; 1475 description 1476 "The identity corresponding to a SUPAPolicyVariable 1477 object instance."; 1478 } 1480 grouping supa-policy-variable-type { 1481 uses supa-policy-term-type { 1482 refine entity-class { 1483 default POLICY-COMPONENT-VARIABLE-TYPE; 1484 } 1485 } 1487 leaf supa-policy-variable-name { 1488 type string; 1489 description 1490 "A human-readable name for this policy variable."; 1491 } 1492 description 1493 "This is one formulation of a SUPA Policy Clause. It uses 1494 the canonical form of an expression, which is a three-tuple 1495 in the form {variable, operator, value}. In this approach, 1496 each of the three terms can either be a subclass of the 1497 appropriate SUPAPolicyTerm class, or another object that 1498 plays the role (i.e., a variable) of that term. The 1499 attribute defined by the supa-policy-variable-name 1500 specifies the name of an attribute whose content should be 1501 compared to the value portion of a SUPAPolicyTerm, which is 1502 typically specified by a SUPAPolicyValue object."; 1503 } 1504 container supa-policy-variable-container { 1505 description 1506 "This is a container to collect all object instances of 1507 type SUPAPolicyVariable."; 1508 list supa-policy-variable-list { 1509 key supa-policy-ID; 1510 uses supa-policy-variable-type; 1511 description 1512 "List of all instances of supa-policy-variable-type. 1513 If a module defines subclasses of this class, 1514 those will be stored in a separate container."; 1515 } 1516 } 1518 identity POLICY-COMPONENT-OPERATOR-TYPE { 1519 base POLICY-COMPONENT-TERM-TYPE; 1520 description 1521 "The identity corresponding to a SUPAPolicyOperator 1522 object instance."; 1523 } 1525 grouping supa-policy-operator-type { 1526 uses supa-policy-term-type { 1527 refine entity-class { 1528 default POLICY-COMPONENT-OPERATOR-TYPE; 1529 } 1530 } 1531 leaf supa-policy-value-op-type { 1532 type enumeration { 1533 enum "error" { 1534 description 1535 "This signifies an error state."; 1536 } 1537 enum "init" { 1538 description 1539 "This signifies an initialization state."; 1540 } 1541 enum "greater than" { 1542 description 1543 "A greater-than operator."; 1544 } 1545 enum "greater than or equal to" { 1546 description 1547 "A greater-than-or-equal-to operator."; 1548 } 1549 enum "less than" { 1550 description 1551 "A less-than operator."; 1552 } 1553 enum "less than or equal to" { 1554 description 1555 "A less-than-or-equal-to operator."; 1556 } 1557 enum "equal to" { 1558 description 1559 "An equal-to operator."; 1560 } 1561 enum "not equal to"{ 1562 description 1563 "A not-equal-to operator."; 1564 } 1565 enum "IN" { 1566 description 1567 "An operator that determines whether a given 1568 value of a variable in a SUPAPolicyTerm 1569 matches a value in a SUPAPolicyTerm."; 1570 } 1571 enum "NOT IN" { 1572 description 1573 "An operator that determines whether a given 1574 variable in a SUPAPolicyTerm does not match 1575 any of the specified values in a 1576 SUPAPolicyTerm."; 1577 } 1578 enum "SET" { 1579 description 1580 "An operator that makes the value of the 1581 result equal to the input value."; 1582 } 1583 enum "CLEAR"{ 1584 description 1585 "An operator that sets the value of the 1586 specified object to a value that is 0 for 1587 integer datatypes, an empty string for 1588 textual datatypes, and FALSE for Boolean 1589 datatypes. This value MUST NOT be NULL."; 1590 } 1591 enum "BETWEEN" { 1592 description 1593 "An operator that determines whether a given 1594 value is within a specified range of values. 1595 Note that this is an inclusive operator."; 1596 } 1597 } 1598 mandatory true; 1599 description 1600 "The type of operator used to compare the variable 1601 and value portions of this SUPAPolicyTerm."; 1602 } 1603 description 1604 "This is one formulation of a SUPA Policy Clause. It uses 1605 the canonical form of an expression, which is a three-tuple 1606 in the form {variable, operator, value}. In this approach, 1607 each of the three terms can either be a subclass of the 1608 appropriate SUPAPolicyTerm class, or another object that 1609 plays the role (i.e., an operator) of that term. 1610 The value of the supa-policy-value-op-type attribute 1611 specifies an operator that SHOULD be used to compare the 1612 variable and value portions of a SUPAPolicyTerm. This is 1613 typically specified by a SUPAPolicyOperator object."; 1614 } 1616 container supa-policy-operator-container { 1617 description 1618 "This is a container to collect all object instances of 1619 type SUPAPolicyOperator."; 1620 list supa-policy-operator-list { 1621 key supa-policy-ID; 1622 uses supa-policy-operator-type; 1623 description 1624 "List of all instances of supa-policy-operator-type. 1625 If a module defines subclasses of this class, 1626 those will be stored in a separate container."; 1627 } 1628 } 1630 identity POLICY-COMPONENT-VALUE-TYPE { 1631 base POLICY-COMPONENT-TERM-TYPE; 1632 description 1633 "The identity corresponding to a SUPAPolicyValue 1634 object instance."; 1635 } 1637 grouping supa-policy-value-type { 1638 uses supa-policy-term-type { 1639 refine entity-class { 1640 default POLICY-COMPONENT-VALUE-TYPE; 1641 } 1642 } 1643 leaf-list supa-policy-value-content { 1644 type string; 1645 description 1646 "The content of the value portion of this SUPA Policy 1647 Clause. The data type of the content is specified in 1648 the supa-policy-value-encoding attribute."; 1649 } 1650 leaf supa-policy-value-encoding { 1651 type identityref { 1652 base POLICY-DATA-TYPE-ENCODING-LIST; 1653 } 1654 description 1655 "The data type of the supa-policy-value-content 1656 attribute."; 1657 } 1658 description 1659 "This is one formulation of a SUPA Policy Clause. It uses 1660 the canonical form of an expression, which is a three-tuple 1661 in the form {variable, operator, value}. In this approach, 1662 each of the three terms can either be a subclass of the 1663 appropriate SUPAPolicyTerm class, or another object that 1664 plays the role (i.e., a value) of that term. The 1665 attribute defined by supa-policy-value-content specifies a 1666 a value (which is typically specified by a subclass of 1667 SUPAPolicyVariable) that should be compared to a value in 1668 the variable portion of the SUPAPolicyTerm."; 1669 } 1671 container supa-policy-value-container { 1672 description 1673 "This is a container to collect all object instances of 1674 type SUPAPolicyValue."; 1675 list supa-policy-value-list { 1676 key supa-policy-ID; 1677 uses supa-policy-value-type; 1678 description 1679 "List of all instances of supa-policy-value-type. 1680 If a module defines subclasses of this class, 1681 those will be stored in a separate container."; 1682 } 1683 } 1685 identity POLICY-GENERIC-DECORATED-TYPE { 1686 base POLICY-COMPONENT-DECORATOR-TYPE; 1687 description 1688 "The identity corresponding to a 1689 SUPAGenericDecoratedComponent object instance."; 1690 } 1691 grouping supa-policy-generic-decorated-type { 1692 uses supa-policy-component-decorator-type { 1693 refine entity-class { 1694 default POLICY-GENERIC-DECORATED-TYPE; 1695 } 1696 } 1697 leaf-list supa-policy-generic-decorated-content { 1698 type string; 1699 description 1700 "The content of this SUPAGenericDecoratedComponent 1701 object instance. The data type of this attribute is 1702 specified in the leaf 1703 supa-policy-generic-decorated-encoding."; 1704 } 1705 leaf supa-policy-generic-decorated-encoding { 1706 type identityref { 1707 base POLICY-DATA-TYPE-ENCODING-LIST; 1708 } 1709 description 1710 "The datatype of the 1711 supa-policy-generic-decorated-content attribute."; 1712 } 1713 description 1714 "This class enables a generic object to be defined and 1715 used as a decorator in a SUPA Policy Clause. This class 1716 should not be confused with the SUPAEncodedClause class. 1717 A SUPAGenericDecoratedComponent object represents a single, 1718 atomic object that defines a portion of the contents of a 1719 SUPAPolicyClause, whereas a SUPAPolicyEncodedClause 1720 represents the entire contents of a SUPAPolicyClause."; 1721 } 1723 container supa-policy-generic-decorated-container { 1724 description 1725 "This is a container to collect all object instances of 1726 type SUPAGenericDecoratedComponent."; 1727 list supa-encoding-clause-list { 1728 key supa-policy-ID; 1729 uses supa-policy-generic-decorated-type; 1730 description 1731 "List of all instances of 1732 supa-policy-generic-decorated-type. If a module 1733 defines subclasses of this class, those will be 1734 stored in a separate container."; 1735 } 1736 } 1738 identity POLICY-STRUCTURE-TYPE { 1739 base POLICY-OBJECT-TYPE; 1740 description 1741 "The identity corresponding to a SUPAPolicyStructure 1742 object instance."; 1743 } 1745 grouping supa-policy-structure-type { 1746 uses supa-policy-object-type { 1747 refine entity-class { 1748 default POLICY-STRUCTURE-TYPE; 1749 } 1750 } 1751 leaf supa-policy-admin-status { 1752 type enumeration { 1753 enum "error" { 1754 description 1755 "This signifies an error state. OAM&P Policies 1756 SHOULD NOT use this SUPAPolicy if the value 1757 of this attribute is error."; 1758 } 1759 enum "init" { 1760 description 1761 "This signifies an initialization state."; 1762 } 1763 enum "enabled" { 1764 description 1765 "This signifies that this SUPAPolicy has been 1766 administratively enabled."; 1767 } 1768 enum "disabled" { 1769 description 1770 "This signifies that this SUPAPolicy has been 1771 administratively disabled."; 1772 } 1773 enum "in test" { 1774 description 1775 "This signifies that this SUPAPolicy has been 1776 administratively placed into test mode, and 1777 SHOULD NOT be used as part of an operational 1778 policy rule."; 1779 } 1780 } 1781 mandatory true; 1782 description 1783 "The current admnistrative status of this SUPAPolicy."; 1784 } 1785 leaf supa-policy-continuum-level { 1786 type uint32; 1787 description 1788 "This is the current level of abstraction of this 1789 particular SUPAPolicyRule. By convention, the 1790 values 0 and 1 should be used for error and 1791 initialization states; a value of 2 is the most 1792 abstract level, and higher values denote more 1793 concrete levels."; 1794 } 1795 leaf supa-policy-deploy-status { 1796 type enumeration { 1797 enum "error" { 1798 description 1799 "This signifies an error state."; 1800 } 1801 enum "init" { 1802 description 1803 "This signifies an initialization state."; 1804 } 1805 enum "deployed and enabled" { 1806 description 1807 "This SUPAPolicy has been deployed in the 1808 system and is currently enabled."; 1809 } 1810 enum "deployed and in test" { 1811 description 1812 "This SUPAPolicy has been deployed in the 1813 system, but is currently in test and SHOULD 1814 NOT be used in OAM&P policies."; 1815 } 1816 enum "deployed but not enabled" { 1817 description 1818 "This SUPAPolicy has been deployed in the 1819 system, but has been administratively 1820 disabled."; 1821 } 1822 enum "ready to be deployed" { 1823 description 1824 "This SUPAPolicy has been properly initialized, 1825 and is now ready to be deployed."; 1826 } 1827 enum "cannot be deployed" { 1828 description 1829 "This SUPAPolicy has been administratively 1830 disabled, and SHOULD NOT be used as part of 1831 an OAM&P policy."; 1832 } 1833 } 1834 mandatory true; 1835 description 1836 "This attribute defines whether this SUPAPolicy has 1837 been deployed and, if so, whether it is enabled and 1838 ready to be used or not."; 1839 } 1840 leaf supa-policy-exec-fail-strategy { 1841 type enumeration { 1842 enum "error" { 1843 description 1844 "This signifies an error state."; 1845 } 1846 enum "init" { 1847 description 1848 "This signifies an initialization state."; 1849 } 1850 enum "rollback all" { 1851 description 1852 "This means that execution of this SUPAPolicy 1853 SHOULD be stopped, and rollback of all 1854 SUPAPolicyActions (whether they were 1855 successfully executed or not) performed by 1856 this particular SUPAPolicy is attempted. Also, 1857 all SUPAPolicies that otherwise would have 1858 been executed as a result of this SUPAPolicy 1859 SHOULD NOT be executed."; 1860 } 1861 enum "rollback single" { 1862 description 1863 "This means that execution of this SUPAPolicy 1864 SHOULD be stopped, and rollback is attempted 1865 for ONLY the SUPAPolicyAction (belonging to 1866 this particular SUPAPolicy) that failed to 1867 execute correctly. All remaining actions 1868 including SUPAPolicyActions and SUPAPolicies 1869 that otherwise would have been executed as a 1870 result of this SUPAPolicy, SHOULD NOT 1871 be executed."; 1872 } 1873 enum "stop execution" { 1874 description 1875 "This means that execution of this SUPAPolicy 1876 SHOULD be stopped without any other action 1877 being performed; this includes corrective 1878 actions, such as rollback, as well as any 1879 SUPAPolicyActions or SUPAPolicies that 1880 otherwise would have been executed."; 1881 } 1882 enum "ignore" { 1883 description 1884 "This means that any failures produced by this 1885 SUPAPolicy SHOULD be ignored, and hence, no 1886 corrective actions, such as rollback, will 1887 be performed at this time. Hence, any other 1888 SUPAPolicyActions or SUPAPolicies SHOULD 1889 continue to be executed."; 1890 } 1891 } 1892 mandatory true; 1893 description 1894 "This defines what actions, if any, should be taken by 1895 this particular SUPA Policy Rule if it fails to 1896 execute correctly. Some implementations may not be 1897 able to accommodate the rollback failure options; 1898 hence, these options may be skipped."; 1899 } 1900 leaf-list supa-has-policy-source-agg-ptr { 1901 type instance-identifier; 1902 must "derived-from-or-self (deref(.)/entity-class, 1903 'SUPA-HAS-POLICY-SOURCE-ASSOC')"; 1904 description 1905 "This leaf-list holds instance-identifiers that 1906 reference SUPAHasPolicySource associations [1]. 1907 This association is represented by the grouping 1908 supa-has-policy-source-detail, and describes how 1909 this SUPAPolicyStructure instance is related to a 1910 set of SUPAPolicySource instances. Each 1911 SUPAPolicySource instance defines a set of 1912 unambiguous sources of this SUPAPolicy. Since 1913 this association class contains attributes, the 1914 instance-identifier MUST point to an instance using 1915 the grouping supa-has-policy-source-detail (which 1916 includes subclasses of this association class)."; 1917 } 1918 leaf-list supa-has-policy-target-agg-ptr { 1919 type instance-identifier; 1920 must "derived-from-or-self (deref(.)/entity-class, 1921 'SUPA-HAS-POLICY-TARGET-ASSOC')"; 1922 description 1923 "This leaf-list holds instance-identifiers that 1924 reference SUPAHasPolicyTarget associations [1]. 1925 This association is represented by the grouping 1926 supa-has-policy-target-detail, and describes how 1927 this SUPAPolicyStructure instance is related to a 1928 set of SUPAPolicyTarget instances. 1929 Each SUPAPolicyTarget instance defines a set of 1930 unambiguous managed entities to which this 1931 SUPAPolicy will be applied to. Since this association 1932 class contains attributes, the instance-identifier 1933 MUST point to an instance using the grouping 1934 supa-has-policy-target-detail (which includes 1935 subclasses of this association class)."; 1936 } 1937 leaf-list supa-has-policy-clause-agg-ptr { 1938 type instance-identifier; 1939 must "derived-from-or-self (deref(.)/entity-class, 1940 'SUPA-HAS-POLICY-CLAUSE-ASSOC')"; 1941 description 1942 "This leaf-list holds instance-identifiers that 1943 reference SUPAHasPolicyClause associations [1]. This 1944 association is represented by the grouping 1945 supa-has-policy-clause-detail. This association 1946 describes how this particular SUPAPolicyStructure 1947 instance is related to this set of SUPAPolicyClause 1948 instances. Since this association class contains 1949 attributes, the instance-identifier MUST point to an 1950 instance using the supa-has-policy-clause-detail 1951 (which includes subclasses of this association 1952 class)."; 1953 } 1954 leaf-list supa-has-policy-exec-fail-action-agg-ptr { 1955 type instance-identifier; 1956 must "derived-from-or-self (deref(.)/entity-class, 1957 'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')"; 1958 description 1959 "This leaf-list holds instance-identifiers that 1960 reference a SUPAHasPolExecFailtActionToTake 1961 association [1]. This association is represented by 1962 the supa-has-policy-exec-action-detail grouping. This 1963 association relates this SUPAPolicyStructure instance 1964 (the parent) to one or more SUPAPolicyStructure 1965 instances (the children), where each child 1966 SUPAPolicyStructure contains one or more 1967 SUPAPolicyActions to be executed if the parent 1968 SUPAPolicyStructure instance generates an error while 1969 it is executing. Since this association class contains 1970 attributes, the instance-identifier MUST point to an 1971 instance using the grouping 1972 supa-has-policy-exec-action-detail (which includes 1973 subclasses of this association class)."; 1974 } 1975 leaf-list supa-has-policy-exec-fail-action-part-ptr { 1976 type instance-identifier; 1977 must "derived-from-or-self (deref(.)/entity-class, 1978 'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')"; 1979 min-elements 1; 1980 description 1981 "This leaf-list holds instance-identifiers that 1982 reference a SUPAHasPolExecFailtActionToTake 1983 association [1]. This association is represented by 1984 the supa-has-policy-exec-action-detail grouping. This 1985 association relates this SUPAPolicyStructure instance 1986 (the child) to another SUPAPolicyStructure instance 1987 (the parent). The child SUPAPolicyStructure contains 1988 one or more SUPAPolicyActions to be executed if the 1989 parent SUPAPolicyStructure instance generates an error 1990 while it is executing; the parent SUPAPolicyStructure 1991 contains one or more child SUPAPolicyStructure 1992 instances to enable it to choose how to handle each 1993 type of failure. Since this association class contains 1994 attributes, the instance-identifier MUST point to an 1995 instance using the grouping 1996 supa-has-policy-exec-action-detail (which includes 1997 subclasses of this association class)."; 1998 } 1999 description 2000 "A superclass for all objects that represent different types 2001 of SUPAPolicies. Currently, this is limited to a single 2002 type, which is the event-condition-action (ECA) Policy 2003 Rule. A SUPA Policy may be an individual policy, or a set 2004 of policies. Subclasses MAY support this feature by 2005 implementing the composite pattern."; 2006 } 2008 identity POLICY-SOURCE-TYPE { 2009 base POLICY-OBJECT-TYPE; 2010 description 2011 "The identity corresponding to a SUPAPolicySource 2012 object instance."; 2013 } 2015 grouping supa-policy-source-type { 2016 uses supa-policy-object-type { 2017 refine entity-class { 2018 default POLICY-SOURCE-TYPE; 2019 } 2020 } 2021 leaf-list supa-has-policy-source-part-ptr { 2022 type instance-identifier; 2023 must "derived-from-or-self (deref(.)/entity-class, 2024 'SUPA-HAS-POLICY-SOURCE-ASSOC')"; 2025 description 2026 "This leaf-list holds the instance-identifiers that 2027 reference a SUPAHasPolicySource association [1], which 2028 is represented by the supa-has-policy-source-detail 2029 grouping. This association describes how each 2030 SUPAPolicySource instance is related to this 2031 particular SUPAPolicyStructure instance. 2032 Since this association class contains attributes, the 2033 instance-identifier MUST point to an instance using 2034 the grouping supa-has-policy-source-detail (which 2035 includes subclasses of this association class)."; 2036 } 2037 description 2038 "This object defines a set of managed entities that 2039 authored, or are otherwise responsible for, this 2040 SUPAPolicy. Note that a SUPAPolicySource does NOT evaluate 2041 or execute SUPAPolicies. Its primary use is for 2042 auditability and the implementation of deontic logic (i.e., 2043 how concepts such as obligation and permission work) and/or 2044 alethic logic (i.e., how concepts such as necessity, 2045 possibility, and contigency work). It is expected that this 2046 grouping will be extended (i.e., subclassed) when used, so 2047 that the system an add specific information appropriate to 2048 sources of policy of that particular system."; 2049 } 2050 container supa-policy-source-container { 2051 description 2052 "This is a container to collect all object instances of 2053 type SUPAPolicySource."; 2054 list supa-policy-source-list { 2055 key supa-policy-ID; 2056 uses supa-policy-source-type; 2057 description 2058 "A list of all supa-policy-source instances in the 2059 system."; 2060 } 2061 } 2063 identity POLICY-TARGET-TYPE { 2064 base POLICY-OBJECT-TYPE; 2065 description 2066 "The identity corresponding to a SUPAPolicyTarget 2067 object instance."; 2068 } 2070 grouping supa-policy-target-type { 2071 uses supa-policy-object-type { 2072 refine entity-class { 2073 default POLICY-TARGET-TYPE; 2074 } 2075 } 2076 leaf-list supa-has-policy-target-part-ptr { 2077 type instance-identifier; 2078 must "derived-from-or-self (deref(.)/entity-class, 2079 'SUPA-HAS-POLICY-TARGET-ASSOC')"; 2080 description 2081 "This leaf-list holds instance-identifiers that 2082 reference a SUPAHasPolicyTarget association. This is 2083 represented by the supa-has-policy-target-detail 2084 grouping. This association describes how each 2085 SUPAPolicyTarget instance is related to a particular 2086 SUPAPolicyStructure instance. For example, this 2087 association may restrict which SUPAPolicyTarget 2088 instances can be used by which SUPAPolicyStructure 2089 instances. The SUPAPolicyTarget defines a 2090 set of managed entities that this SUPAPolicyStructure 2091 will be applied to. Since this association class 2092 contains attributes, the instance-identifier MUST 2093 point to an instance using the grouping 2094 supa-has-policy-target-detail (which 2095 includes subclasses of this association class)."; 2096 } 2097 description 2098 "This object defines a set of managed entities that a 2099 SUPAPolicy is applied to. It is expected that this 2100 grouping will be extended (i.e., subclassed) when used, 2101 so that the system can add specific information 2102 appropriate to policy targets of that particular system."; 2103 } 2105 container supa-policy-target-container { 2106 description 2107 "This is a container to collect all object instances of 2108 type SUPAPolicyTarget."; 2109 list supa-policy-target-list { 2110 key supa-policy-ID; 2111 uses supa-policy-target-type; 2112 description 2113 "A list of all supa-policy-target instances in the 2114 system."; 2115 } 2116 } 2118 identity POLICY-METADATA-TYPE { 2119 base SUPA-ROOT-TYPE; 2120 description 2121 "The identity corresponding to a SUPAPolicyMetadata 2122 object instance."; 2123 } 2125 grouping supa-policy-metadata-type { 2126 leaf entity-class { 2127 type identityref { 2128 base SUPA-ROOT-TYPE; 2129 } 2130 description 2131 "The identifier of the class of this grouping."; 2132 } 2133 leaf supa-policy-metadata-id { 2134 type string; 2135 mandatory true; 2136 description 2137 "This represents the object identifier of an instance 2138 of this class. This attribute is named 2139 supaPolMetadataIDContent in [1], and is used with 2140 another attribute (supaPolMetadataIDEncoding); since 2141 the YANG data model does not need this genericity, the 2142 supaPolMetadataIDContent attribute was renamed to 2143 supa-policy-metadata-id, and the 2144 supaPolMetadataIDEncoding attribute was not mapped."; 2145 } 2146 leaf supa-policy-metadata-description { 2147 type string; 2148 description 2149 "This contains a free-form textual description of this 2150 metadata object (e.g., what it may be used for)."; 2151 } 2152 leaf supa-policy-metadata-name { 2153 type string; 2154 description 2155 "This contains a human-readable name for this 2156 metadata object."; 2157 } 2158 leaf-list supa-has-policy-metadata-part-ptr { 2159 type instance-identifier; 2160 must "derived-from-or-self (deref(.)/entity-class, 2161 'SUPA-HAS-POLICY-METADATA-ASSOC')"; 2162 description 2163 "This leaf-list holds instance-identifiers that 2164 reference a SUPAHasPolicyMetadata association [1], 2165 which is represented by the grouping 2166 supa-has-policy-metadata-detail. Each instance- 2167 identifier defines a unique set of information that 2168 describe and/or prescribe additional information, 2169 provided by this SUPAPolicyMetadata instance, that can 2170 be associated with this SUPAPolicyObject instance. 2171 Multiple SUPAPolicyMetadata objects may be attached to 2172 a concrete subclass of the SUPAPolicyObject class that 2173 is referenced in this association by using the 2174 Decorator pattern [1]. For example, a 2175 SUPAPolicyVersionMetadataDef instance could wrap a 2176 SUPAECAPolicyRuleAtomic instance; this would define 2177 the version of this particular SUPAECAPolicyRuleAtomic 2178 instance. Since this association class contains 2179 attributes, the instance-identifier MUST point to an 2180 instance using the grouping 2181 supa-has-policy-metadata-detail (which includes 2182 subclasses of this association class)."; 2183 } 2184 leaf-list supa-has-policy-metadata-dec-part-ptr { 2185 type instance-identifier; 2186 must "derived-from-or-self (deref(.)/entity-class, 2187 'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')"; 2188 min-elements 1; 2189 description 2190 "This leaf-list holds instance-identifiers that 2191 reference a SUPAHasMetadaDecorator association [1]. 2192 This association is represented by the grouping 2193 supa-has-policy-metadata-dec-detail. This association 2194 describes how a SUPAPolicyMetadataDecorator instance 2195 wraps a given SUPAPolicyMetadata instance using the 2196 Decorator pattern [1]. Multiple concrete subclasses 2197 of SUPAPolicyMetadataDecorator may be used to wrap 2198 the same SUPAPolicyMetadata instance. 2200 Since this association class contains attributes, the 2201 instance-identifier MUST point to an instance using 2202 the grouping supa-has-policy-metadata-dec-detail (which 2203 includes subclasses of this association class)."; 2204 } 2205 description 2206 "This is the superclass of all metadata classes. Metadata 2207 is information that describes and/or prescribes the 2208 characteristics and behavior of another object that is 2209 not an inherent, distinguishing characteristics or 2210 behavior of that object."; 2211 } 2213 identity POLICY-METADATA-CONCRETE-TYPE { 2214 base POLICY-METADATA-TYPE; 2215 description 2216 "The identity corresponding to a SUPAPolicyConcreteMetadata 2217 object instance."; 2218 } 2220 grouping supa-policy-concrete-metadata-type { 2221 uses supa-policy-metadata-type { 2222 refine entity-class { 2223 default POLICY-METADATA-CONCRETE-TYPE; 2224 } 2225 } 2226 leaf supa-policy-metadata-valid-period-end { 2227 type yang:date-and-time; 2228 description 2229 "This defines the ending date and time that this 2230 metadata object is valid for."; 2231 } 2232 leaf supa-policy-metadata-valid-period-start { 2233 type yang:date-and-time; 2234 description 2235 "This defines the starting date and time that this 2236 metadata object is valid for."; 2237 } 2238 description 2239 "This is a concrete class that will be wrapped by concrete 2240 instances of the SUPA Policy Metadata Decorator class. It 2241 can be viewed as a container for metadata that will be 2242 attached to a subclass of SUPA Policy Object. It may 2243 contain all or part of one or more metadata subclasses."; 2244 } 2245 container supa-policy-concrete-metadata-container { 2246 description 2247 "This is a container to collect all object instances of 2248 type SUPAPolicyConcreteMetadata."; 2249 list supa-policy-concrete-metadata-list { 2250 key supa-policy-metadata-id; 2251 uses supa-policy-concrete-metadata-type; 2252 description 2253 "A list of all supa-policy-metadata instances in the 2254 system."; 2255 } 2256 } 2258 identity POLICY-METADATA-DECORATOR-TYPE { 2259 base POLICY-METADATA-TYPE; 2260 description 2261 "The identity corresponding to a 2262 SUPAPolicyMetadataDecorator object instance."; 2263 } 2265 grouping supa-policy-metadata-decorator-type { 2266 uses supa-policy-metadata-type { 2267 refine entity-class { 2268 default POLICY-METADATA-DECORATOR-TYPE; 2269 } 2270 } 2271 leaf supa-has-policy-metadata-dec-agg-ptr { 2272 type instance-identifier; 2273 must "derived-from-or-self (deref(.)/entity-class, 2274 'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')"; 2275 description 2276 "This leaf-list holds instance-identifiers that 2277 reference a SUPAHasMetadaDecorator association [1]. 2278 This association is represented by the grouping 2279 supa-has-policy-metadata-dec-detail. This association 2280 describes how a SUPAPolicyMetadataDecorator instance 2281 wraps a given SUPAPolicyMetadata instance 2282 using the Decorator pattern [1]. Multiple concrete 2283 subclasses of SUPAPolicyMetadataDecorator may be used 2284 to wrap the same SUPAPolicyMetadata instance. Since 2285 this association class contains attributes, the 2286 instance-identifier MUST point to an instance using 2287 the grouping supa-has-policy-metadata-dec-detail (which 2288 includes subclasses of this association class)."; 2289 } 2290 description 2291 "This object implements the Decorator pattern [1] for all 2292 SUPA metadata objects. This enables all or part of one or 2293 more metadata objects to wrap another concrete metadata 2294 object. The only concrete subclass of SUPAPolicyMetadata 2295 in this document is SUPAPolicyConcreteMetadata."; 2296 } 2297 identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { 2298 base POLICY-METADATA-DECORATOR-TYPE; 2299 description 2300 "The identity corresponding to a 2301 SUPAPolicyAccessMetadataDef object instance."; 2302 } 2304 grouping supa-policy-metadata-decorator-access-type { 2305 uses supa-policy-metadata-decorator-type { 2306 refine entity-class { 2307 default POLICY-METADATA-DECORATOR-ACCESS-TYPE; 2308 } 2309 } 2310 leaf supa-policy-metadata-access-priv-def { 2311 type enumeration { 2312 enum "error" { 2313 description 2314 "This signifies an error state. OAM&P Policies 2315 SHOULD NOT use this SUPAPolicyAccessMetadataDef 2316 if the value of this attribute is error."; 2317 } 2318 enum "init" { 2319 description 2320 "This signifies an initialization state."; 2321 } 2322 enum "read only" { 2323 description 2324 "This defines access as read only for ALL 2325 SUPAPolicyObject objects that are adorned 2326 with this SUPAPolicyAccessMetadataDef object. 2327 As such, an explicit access control model, 2328 such as RBAC [7], is NOT present."; 2329 } 2330 enum "read write" { 2331 description 2332 "This defines access as read and/or write for 2333 ALL SUPAPolicyObject objects that are adorned 2334 with this SUPAPolicyAccessMetadataDef object. 2335 As such, an explicit access control model, 2336 such as RBAC [7], is NOT present."; 2337 } 2338 enum "specified by MAC" { 2339 description 2340 "This uses an external Mandatory Access Control 2341 (MAC) [7] model to define access control for 2342 ALL SUPAPolicyObject objects that are adorned 2343 with this SUPAPolicyAccessMetadataDef object. 2344 The name and location of this access control 2345 model are specified, respectively, in the 2346 supa-policy-metadata-access-priv-model-name 2347 and supa-policy-metadata-access-priv-model-ref 2348 attributes of this SUPAPolicyAccessMetadataDef 2349 object."; 2350 } 2351 enum "specified by DAC" { 2352 description 2353 "This uses an external Discretionary Access 2354 Control (DAC) [7] model to define access 2355 control for ALL SUPAPolicyObject objects that 2356 are adorned with this 2357 SUPAPolicyAccessMetadataDef object. The name 2358 and location of this access control model are 2359 specified, respectively, in the 2360 supa-policy-metadata-access-priv-model-name 2361 and supa-policy-metadata-access-priv-model-ref 2362 attributes of this SUPAPolicyAccessMetadataDef 2363 object."; 2364 } 2365 enum "specified by RBAC" { 2366 description 2367 "This uses an external Role-Based Access Control 2368 (RBAC) [7] model to define access control for 2369 ALL SUPAPolicyObject objects that are adorned 2370 with this SUPAPolicyAccessMetadataDef object. 2371 The name and location of this access control 2372 model are specified, respectively, in the 2373 supa-policy-metadata-access-priv-model-name 2374 and supa-policy-metadata-access-priv-model-ref 2375 attributes of this SUPAPolicyAccessMetadataDef 2376 object."; 2377 } 2378 enum "specified by ABAC" { 2379 description 2380 "This uses an external Attribute-Based Access 2381 Control (ABAC) [8] model to define access 2382 control for ALL SUPAPolicyObject objects that 2383 are adorned with this 2384 SUPAPolicyAccessMetadataDef object. The name 2385 and location of this access control model are 2386 specified, respectively, in the 2387 supa-policy-metadata-access-priv-model-name 2388 and supa-policy-metadata-access-priv-model-ref 2389 attributes of this SUPAPolicyAccessMetadataDef 2390 object."; 2391 } 2392 enum "specified by custom" { 2393 description 2394 "This uses an external Custom Access Control 2395 model to define access control for ALL 2396 SUPAPolicyObject objects that are adorned 2397 with this SUPAPolicyAccessMetadataDef object. 2399 The name and location of this access control 2400 model are specified, respectively, in the 2401 supa-policy-metadata-access-priv-model-name 2402 and supa-policy-metadata-access-priv-model-ref 2403 attributes of this SUPAPolicyAccessMetadataDef 2404 object."; 2405 } 2406 } 2407 description 2408 "This defines the type of access control model that is 2409 used by this SUPAPolicyObject object instance."; 2410 } 2411 leaf supa-policy-metadata-access-priv-model-name { 2412 type string; 2413 description 2414 "This contains the name of the access control model 2415 being used. If the value of the 2416 supa-policy-metadata-access-priv-model-ref is 2417 error, then this SUPAPolicyAccessMetadataDef object 2418 MUST NOT be used. If the value of the 2419 supa-policy-metadata-access-priv-model-ref is init, 2420 then this SUPAPolicyAccessMetadataDef object has been 2421 properly initialized, and is ready to be used. If the 2422 value of the supa-policy-metadata-access-priv-model-ref 2423 is read only or read write, then the value of this 2424 attribute is not applicable (because a type of model 2425 is NOT being defined; instead, the access control for 2426 all SUPAPolicyObjects is being defined). 2427 Otherwise, the text in this class attribute SHOULD be 2428 interpreted according to the value of the 2429 supa-policy-metadata-access-priv-model-ref class 2430 attribute."; 2431 } 2432 leaf supa-policy-metadata-access-priv-model-ref { 2433 type enumeration { 2434 enum "error" { 2435 description 2436 "This signifies an error state. OAM&P Policies 2437 SHOULD NOT use this SUPAPolicyAccessMetadataDef 2438 object if the value of this attribute is 2439 error."; 2440 } 2441 enum "init" { 2442 description 2443 "This signifies an initialization state."; 2444 } 2445 enum "URI" { 2446 description 2447 "The access control model is referenced by 2448 this URI."; 2449 } 2450 enum "GUID" { 2451 description 2452 "The access control model is referenced by 2453 this GUID."; 2454 } 2455 enum "UUID" { 2456 description 2457 "The access control model is referenced by 2458 this UUID."; 2459 } 2460 enum "FQDN" { 2461 description 2462 "The access control model is referenced by 2463 this FQDN."; 2464 } 2465 enum "FQPN" { 2466 description 2467 "The access control model is referenced by 2468 this FQPN."; 2469 } 2470 enum "string_instance_id" { 2471 description 2472 "A string that is the canonical representation, 2473 in ASCII, of an instance ID of this object."; 2474 } 2475 } 2476 description 2477 "This defines the data type of the 2478 supa-policy-metadata-access-priv-model-name 2479 attribute."; 2480 } 2481 description 2482 "This is a concrete class that defines metadata for access 2483 control information that can be added to any 2484 SUPAPolicyObject object instance. 2485 This is done using the SUPAHasPolicyMetadata association 2486 in conjunction with the Decorator pattern [1]."; 2487 } 2489 container supa-policy-metadata-decorator-access-container { 2490 description 2491 "This is a container to collect all object instances of 2492 type SUPAPolicyAccessMetadataDef."; 2493 list supa-policy-metadata-decorator-access-list { 2494 key supa-policy-metadata-id; 2495 uses supa-policy-metadata-decorator-type; 2496 description 2497 "A list of all supa-policy-metadata-decorator-access 2498 instances in the system. Instances of subclasses 2499 will be in a separate list."; 2500 } 2501 } 2502 identity POLICY-METADATA-DECORATOR-VERSION-TYPE { 2503 base POLICY-METADATA-DECORATOR-TYPE; 2504 description 2505 "The identity corresponding to a 2506 SUPAPolicyVersionMetadataDef object instance."; 2507 } 2509 grouping supa-policy-metadata-decorator-version-type { 2510 uses supa-policy-metadata-decorator-type { 2511 refine entity-class { 2512 default POLICY-METADATA-DECORATOR-VERSION-TYPE; 2513 } 2514 } 2515 leaf supa-policy-metadata-version-major { 2516 type string; 2517 description 2518 "This contains a string representation of an integer 2519 that is greater than or equal to zero. It indicates 2520 that a significant increase in functionality is present 2521 in this version. It MAY also indicate that this version 2522 has changes that are NOT backwards-compatible (the 2523 supa-policy-metadata-version-build class attribute is 2524 used to denote such changes). The string 0.1.0 2525 defines an initial version that MUST NOT be considered 2526 stable. Improvements to this initial version are 2527 denoted by incrementing the minor and patch class 2528 attributes (supa-policy-metadata-version-major and 2529 supa-policy-metadata-version-patch, respectively). The 2530 major version X (i.e., X.y.z, where X > 0) MUST be 2531 incremented if any backwards-incompatible changes are 2532 introduced. It MAY include minor and patch level 2533 changes. The minor and patch version numbers MUST be 2534 reset to 0 when the major version number is 2535 incremented."; 2536 } 2537 leaf supa-policy-metadata-version-minor { 2538 type string; 2539 description 2540 "This contains a string representation of an integer 2541 that is greater than or equal to zero. It indicates 2542 that this release contains a set of features and/or 2543 bug fixes that MUST be backwards-compatible. The 2544 minor version Y (i.e., x.Y.z, where x > 0) MUST be 2545 incremented if new, backwards-compatible changes are 2546 introduced. It MUST be incremented if any features are 2547 marked as deprecated. It MAY be incremented if new 2548 functionality or improvements are introduced, and MAY 2549 include patch level changes. The patch version number 2550 MUST be reset to 0 when the minor version number is 2551 incremented."; 2552 } 2553 leaf supa-policy-metadata-version-patch { 2554 type string; 2555 description 2556 "This contains a string representation of an integer 2557 that is greater than or equal to zero. It indicates 2558 that this version contains ONLY bug fixes. The patch 2559 version Z (i.e., x.y.Z, where x > 0) MUST be 2560 incremented if new, backwards-compatible changes are 2561 introduced. A bug fix is defined as an internal change 2562 that fixes incorrect behavior."; 2563 } 2564 leaf supa-policy-metadata-version-prerelease { 2565 type string; 2566 description 2567 "This contains a string that defines the pre-release 2568 version. A pre-release version MAY be denoted by 2569 appending a hyphen and a series of dot-separated 2570 identifiers immediately following the patch version. 2571 Identifiers MUST comprise only ASCII alphanumerics and 2572 a hyphen. Identifiers MUST NOT be empty. Numeric 2573 identifiers MUST NOT include leading zeroes. 2574 Pre-release versions have a lower precedence than the 2575 associated normal version. A pre-release version 2576 indicates that the version is unstable and might not 2577 satisfy the intended compatibility requirements as 2578 denoted by its associated normal version. Examples 2579 include: 1.0.0-alpha and 1.0.0-0.3.7."; 2580 } 2581 leaf supa-policy-metadata-version-build { 2582 type string; 2583 description 2584 "This contains a string that defines the metadata of 2585 this build. Build metadata is optional. If present, 2586 build metadata MAY be denoted by appending a plus 2587 (+) sign to the version, followed by a series of 2588 dot-separated identifiers. This may follow either 2589 the patch or pre-release portions of the version. 2590 If build metadata is present, then any identifiers 2591 that it uses MUST be made up of only ASCII 2592 alphanumerics and a hyphen. The identifier portion of 2593 the build metadata MUST NOT be empty. Build metadata 2594 SHOULD be ignored when determining version precedence. 2595 Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1, 2596 1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85."; 2597 } 2598 description 2599 "This is a concrete class that defines metadata for version 2600 control information that can be added to any 2601 SUPAPolicyObject. This is done using the 2602 SUPAHasPolicyMetadata association. This class uses the 2603 Semantic Versioning Specification [6] as follows: 2605 ..[][] 2606 where the first three components (major, minor, and patch) 2607 MUST be present, and the latter two components (pre-release 2608 and build-metadata) MAY be present. A version number MUST 2609 take the form .., where , 2610 , and are each non-negative integers that 2611 MUST NOT contain leading zeros. In addition, the value of 2612 each of these three elements MUST increase numerically. 2613 In this approach, supaVersionMajor denotes a new release; 2614 supaVersionMinor denotes a minor release; supaVersionPatch 2615 denotes a version that consists ONLY of bug fixes. Version 2616 precedence MUST be calculated by separating the version 2617 into major, minor, patch, and pre-release identifiers, in 2618 that order. See [1] for more information."; 2619 } 2621 container supa-policy-metadata-decorator-version-container { 2622 description 2623 "This is a container to collect all object instances of 2624 type SUPAPolicyVersionMetadataDef."; 2625 list supa-policy-metadata-decorator-version-list { 2626 key supa-policy-metadata-id; 2627 uses supa-policy-metadata-decorator-type; 2628 description 2629 "A list of all supa-policy-metadata-decorator-version 2630 instances in the system. Instances of subclasses 2631 will be in a separate list."; 2632 } 2633 } 2635 identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE { 2636 base POLICY-OBJECT-TYPE; 2637 description 2638 "The identity corresponding to a 2639 SUPAHasPolicyMetadataDetail association class 2640 object instance."; 2641 } 2643 grouping supa-has-policy-metadata-detail { 2644 uses supa-policy-object-type { 2645 refine entity-class { 2646 default SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE; 2647 } 2648 } 2649 leaf supa-has-policy-metadata-detail-agg-ptr { 2650 type instance-identifier; 2651 must "derived-from-or-self (deref(.)/entity-class, 2652 'POLICY-OBJECT-TYPE')"; 2653 description 2654 "This leaf is an instance-identifier that references a 2655 concrete subclass of the SUPAPolicyObject instance end 2656 point of the aggregation represented by this instance 2657 of the SUPAHasPolicyMetadata aggregation [1]. The 2658 groupings supa-policy-object-type and 2659 supa-policy-metadata-type represent the 2660 SUPAPolicyObject and SUPAPolicyMetadata classes, 2661 respectively. Thus, the instance identified by this 2662 leaf is the SUPAPolicyObject instance that is 2663 associated by this aggregation to the set of 2664 SUPAPolicyMetadata instances referenced by the 2665 supa-has-policy-metadata-detail-part-ptr leaf of 2666 this grouping."; 2667 } 2668 leaf supa-has-policy-metadata-detail-part-ptr { 2669 type instance-identifier; 2670 must "derived-from-or-self (deref(.)/entity-class, 2671 'POLICY-METADATA-TYPE')"; 2672 description 2673 "This leaf is an instance-identifier that references 2674 the SUPAPolicyMetadata instance end point of the 2675 aggregation represented by this instance of the 2676 SUPAHasPolicyMetadata aggregation [1]. The groupings 2677 supa-policy-object-type and supa-policy-metadata-type 2678 represent the SUPAPolicyObject and SUPAPolicyMetadata 2679 classes, respectively. Thus, the instance 2680 identified by this leaf is the SUPAPolicyMetadata 2681 instance that is associated by this aggregation to 2682 the set of SUPAPolicyObject instances referenced by 2683 the supa-has-policy-metadata-detail-agg-ptr leaf of 2684 this grouping."; 2685 } 2686 leaf supa-policy-metadata-detail-is-applicable { 2687 type boolean; 2688 description 2689 "This attribute controls whether the associated 2690 metadata is currently considered applicable to this 2691 SUPAPolicyObject; this enables metadata to be turned 2692 on and off when needed without disturbing the 2693 structure of the object that the metadata applies to, 2694 or affecting other objects in the system."; 2695 } 2696 leaf-list supa-policy-metadata-detail-constraint { 2697 type string; 2698 description 2699 "A list of constraints, expressed as strings, in 2700 the language defined by the 2701 supa-policy-metadata-detail-encoding attribute. 2703 If there are no constraints on using this 2704 SUPAPolicyMetadata object with this particular 2705 SUPAPolicyObject object, then this leaf-list will 2706 consist of a list of a single null string."; 2707 } 2708 leaf supa-policy-metadata-detail-constraint-encoding { 2709 type identityref { 2710 base POLICY-CONSTRAINT-LANGUAGE-LIST; 2711 } 2712 description 2713 "The language in which the constraints on the 2714 SUPAHasPolicyMetadata aggregation is expressed. 2715 Examples include OCL 2.4 [2], Alloy [3], and 2716 English text."; 2717 } 2718 description 2719 "This is a concrete association class that defines the 2720 semantics of the SUPAHasPolicyMetadata association. This 2721 enables the attributes and relationships of the 2722 SUPAHasPolicyMetadataDetail class to be used to constrain 2723 which SUPAPolicyMetadata objects can be associated by 2724 this particular SUPAPolicyObject instance."; 2725 } 2727 container supa-policy-metadata-detail-container { 2728 description 2729 "This is a container to collect all object instances of 2730 type SUPAPolicyMetadataDetail."; 2731 list supa-policy-metadata-detail-list { 2732 key supa-policy-ID; 2733 uses supa-has-policy-metadata-detail; 2734 description 2735 "This is a list of all supa-policy-metadata-detail 2736 instances in the system. Instances of subclasses 2737 will be in a separate list. Note that this association 2738 class is made concrete for exemplary purposes. To be 2739 useful, it almost certainly needs refinement."; 2740 } 2741 } 2743 // Editor's note: For simplicity, this version of this document assumes 2744 // that the SUPAPolicyObject and SUPAMetadata object 2745 // hierarchies are separate and do NOT have a common 2746 // superclass. Hence, there are two separate IDs used by 2747 // associations and association classes, 2748 // POLICY-OBJECT-TYPE and POLICY-METADATA-TYPE (for the 2749 // SUPAPolicyObject and SUPAPolicyMetadata associations, 2750 // respectively). Future implementations should examine 2751 // the merit of defining a common superclass for these 2752 // two class hierarchies in order to give all 2753 // associations and association classes a common ID. 2755 identity SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC { 2756 base POLICY-OBJECT-TYPE; 2757 description 2758 "The identity corresponding to a 2759 SUPAPolicyClauseHasDecorator association class 2760 object instance."; 2761 } 2763 grouping supa-policy-clause-has-decorator-detail { 2764 leaf supa-policy-clause-has-decorator-agg-ptr { 2765 type instance-identifier; 2766 must "derived-from-or-self (deref(.)/entity-class, 2767 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; 2768 description 2769 "This leaf-list holds instance-identifiers that 2770 reference a SUPAPolicyClauseHasDecorator aggregation 2771 [1], and is represented by the grouping 2772 supa-policy-clause-has-decorator-detail. This 2773 aggregation describes how each SUPAPolicyClause 2774 object instance is decorated (i.e., wrapped) by zero 2775 or more SUPAPolicyClauseComponentDecorator object 2776 instances. For example, this aggregation may restrict 2777 which concrete subclasses of the 2778 SUPAPolicyClauseComponentDecorator class can wrap 2779 this particular contrete subclass of the 2780 SUPAPolicyClause class. The set of SUPAPolicyClauses, 2781 identified by this leaf-list, define the content of 2782 this SUPAPolicyStructure that they are associated 2783 with (via the SUPAHasPolicyClause aggregation). 2784 Since this association class contains attributes, the 2785 instance-identifier MUST point to an instance using 2786 the grouping supa-policy-clause-has-decorator-detail 2787 (which includes subclasses of this association 2788 class). Note that (concrete) subclasses of this 2789 association class may also be used to further refine 2790 the semantics of this aggregation."; 2791 } 2792 leaf supa-policy-clause-has-decorator-part-ptr { 2793 type instance-identifier; 2794 must "derived-from-or-self (deref(.)/entity-class, 2795 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; 2796 description 2797 "This leaf holds instance-identifiers that 2798 reference a SUPAPolicyClauseHasDecorator aggregation, 2799 [1], and is represented by the grouping 2800 supa-policy-clause-has-decorator-detail. This 2801 aggregation describes how each 2802 SUPAPolicyClauseComponentDecorator object instance 2803 wraps a given SUPAPolicyClause object instance. This 2804 enables the behavior of a SUPAPolicyClause object 2805 instance to be changed dynamically by attaching and/or 2806 removing SUPAPolicyClauseComponentDecorator object 2807 instances. Multiple SUPAPolicyClauseComponentDecorator 2808 object instances instances may be attached to a 2809 SUPAPolicyClause object instance that is referenced in 2810 this aggregation by using the Decorator pattern [1]. 2811 Since this association class contains attributes, the 2812 instance-identifier MUST point to an instance using 2813 the grouping supa-policy-clause-has-decorator-detail."; 2814 } 2815 leaf-list supa-pol-clause-dec-constraint { 2816 type string; 2817 description 2818 "A constraint expression applying to this association 2819 between a concrete subclase of SUPAPolicyClause and a 2820 concrete subclass of 2821 SUPAPolicyClauseComponentDecorator. This restricts 2822 which types of SUPAPolicyClauseComponentDecorator 2823 object instances can be aggregated by which types of 2824 SUPAPolicyClause object instances. Constraints are 2825 written in a constraint language specified by the 2826 supa-pol-clause-dec-constraint-encoding attribute."; 2827 } 2828 leaf supa-pol-clause-dec-constraint-encoding { 2829 type identityref { 2830 base POLICY-CONSTRAINT-LANGUAGE-LIST; 2831 } 2832 description 2833 "The language in which the constraints on the 2834 SUPAPolicyClauseHasDecorator aggregation is expressed. 2835 Examples include OCL 2.4 [2], Alloy [3], and 2836 English text."; 2837 } 2838 description 2839 "This is a concrete association class that defines the 2840 semantics of the SUPAPolicyClauseHasDecorator 2841 aggregation."; 2842 } 2844 container supa-policy-clause-has-decorator-detail-container { 2845 description 2846 "This is a container to collect all object instances of 2847 type SUPAPolicyClauseHasDecoratorDetail."; 2848 list supa-policy-component-decorator-detail-list { 2849 key supa-policy-ID; 2850 uses supa-has-decorator-policy-component-detail; 2851 description 2852 "This is a list of all 2853 supa-policy-component-decorator-details."; 2854 } 2855 } 2856 grouping supa-has-decorator-policy-component-detail { 2857 uses supa-policy-object-type { 2858 refine entity-class { 2859 default SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC; 2860 } 2861 } 2862 leaf supa-has-policy-component-decorator-agg-ptr { 2863 type instance-identifier; 2864 must "derived-from-or-self (deref(.)/entity-class, 2865 'POLICY-COMPONENT-DECORATOR-TYPE')"; 2866 description 2867 "This leaf is an instance-identifier that references 2868 the SUPAPolicyComponentDecorator instance end point of 2869 the association represented by this instance of the 2870 SUPAHasDecoratedPolicyComponent association [1]. The 2871 groupings supa-policy-component-decorator-type and 2872 supa-policy-component-structure-type represent the 2873 SUPAPolicyComponentDecorator and 2874 SUPAPolicyComponentStructure classes, respectively. 2875 Thus, the instance identified by this leaf is the 2876 SUPAPolicyComponentDecorator instance that is 2877 associated by this association to the set of 2878 SUPAPolicyComponentStructure instances referenced by 2879 the supa-has-policy-component-decorator-part-ptr leaf 2880 of this grouping."; 2881 } 2882 leaf supa-has-policy-component-decorator-part-ptr { 2883 type instance-identifier; 2884 must "derived-from-or-self (deref(.)/entity-class, 2885 'POLICY-COMPONENT-TYPE')"; 2886 description 2887 "This leaf is an instance-identifier that references 2888 the SUPAPolicyComponentStructure instance end point of 2889 the association represented by this instance of the 2890 SUPAHasDecoratedPolicyComponent association [1]. 2891 The groupings supa-policy-component-decorator-type and 2892 supa-policy-component-structure-type represent the 2893 SUPAPolicyComponentDecorator and 2894 SUPAPolicyComponentStructure classes, respectively. 2895 Thus, the instance identified by this leaf is the 2896 SUPAPolicyComponentStructure instance that is 2897 associated by this association to the set of 2898 SUPAPolicyComponentStructure instances referenced by 2899 the supa-has-policy-component-decorator-agg-ptr leaf 2900 of this grouping."; 2901 } 2902 leaf-list supa-has-decorator-constraint { 2903 type string; 2904 description 2905 "A constraint expression applying to this association 2906 between a SUPAPolicyClauseComponentDecorator and any 2907 components that decorate it. The 2908 supa-has-decorator-constraint-encoding attribute 2909 specifies the language used to write the set of 2910 constraint expressions."; 2911 } 2912 leaf supa-has-decorator-constraint-encoding { 2913 type identityref { 2914 base POLICY-CONSTRAINT-LANGUAGE-LIST; 2915 } 2916 description 2917 "The language in which the constraints on the 2918 SUPAHasDecoratedPolicyComponent aggregation is 2919 expressed. Examples include OCL 2.4 [2], Alloy [3], 2920 and English text."; 2921 } 2922 description 2923 "This is a concrete association class that defines the 2924 semantics of the SUPAHasDecoratedPolicyComponent 2925 association. The purpose of this class is to use the 2926 Decorator pattern [1] to detemine which 2927 SUPAPolicyComponentDecorator object instances, if any, 2928 are required to augment the functionality of a concrete 2929 subclass of SUPAPolicyClause that is being used."; 2930 } 2932 container supa-policy-component-decorator-detail-container { 2933 description 2934 "This is a container to collect all object instances of 2935 type SUPAPolicyComponentDecoratorDetail."; 2936 list supa-policy-component-decorator-detail-list { 2937 key supa-policy-ID; 2938 uses supa-has-decorator-policy-component-detail; 2939 description 2940 "This is a list of all 2941 supa-policy-component-decorator-details."; 2942 } 2943 } 2945 identity SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC { 2946 base POLICY-OBJECT-TYPE; 2947 description 2948 "The identity corresponding to a 2949 SUPAHasDecoratedPolicyComponent association 2950 object instance."; 2951 } 2952 identity SUPA-HAS-POLICY-SOURCE-ASSOC { 2953 base POLICY-OBJECT-TYPE; 2954 description 2955 "The identity corresponding to a SUPAHasPolicySource 2956 association class object instance."; 2957 } 2959 grouping supa-has-policy-source-detail { 2960 uses supa-policy-object-type { 2961 refine entity-class { 2962 default SUPA-HAS-POLICY-SOURCE-ASSOC; 2963 } 2964 } 2965 leaf supa-has-policy-source-detail-agg-ptr { 2966 type instance-identifier; 2967 must "derived-from-or-self (deref(.)/entity-class, 2968 'POLICY-STRUCTURE-TYPE')"; 2969 description 2970 "This leaf is an instance-identifier that references 2971 a SUPAPolicyStructure instance end point of the 2972 association represented by this instance of the 2973 SUPAHasPolicySource association [1]. The grouping 2974 supa-has-policy-source-detail represents the 2975 SUPAHasPolicySourceDetail class. Thus, the instance 2976 identified by this leaf is the SUPAPolicyStructure 2977 instance that is associated by this association to the 2978 SUPAPolicySource instance referenced by the 2979 supa-has-policy-source-detail-part-ptr leaf of 2980 this grouping."; 2981 } 2982 leaf supa-has-policy-source-detail-part-ptr { 2983 type instance-identifier; 2984 must "derived-from-or-self (deref(.)/entity-class, 2985 'POLICY-SOURCE-TYPE')"; 2986 description 2987 "This leaf is an instance-identifier that references 2988 a SUPAPolicySource instance end point of the 2989 association represented by this instance of the 2990 SUPAHasPolicySource association [1]. The grouping 2991 supa-has-policy-source-detail represents the 2992 SUPAHasPolicySourceDetail class. Thus, the instance 2993 identified by this leaf is the SUPAPolicySource 2994 instance that is associated by this association to the 2995 SUPAPolicyStructure instance referenced by the 2996 supa-has-policy-source-detail-agg-ptr leaf of 2997 this grouping."; 2998 } 2999 leaf supa-policy-source-is-authenticated { 3000 type boolean; 3001 description 3002 "If the value of this attribute is true, then this 3003 SUPAPolicySource object has been authenticated by 3004 a policy engine or application that is executing this 3005 particular SUPAPolicyStructure object."; 3006 } 3007 leaf supa-policy-source-is-trusted { 3008 type boolean; 3009 description 3010 "If the value of this attribute is true, then this 3011 SUPAPolicySource object has been verified to be 3012 trusted by a policy engine or application that is 3013 executing this particular SUPAPolicyStructure object."; 3014 } 3015 description 3016 "This is an association class, and defines the semantics of 3017 the SUPAHasPolicySource association. The attributes and 3018 relationships of this class can be used to define which 3019 SUPAPolicySource objects can be attached to which 3020 particular set of SUPAPolicyStructure objects. Note that a 3021 SUPAPolicySource object is NOT responsible for evaluating 3022 or executing SUPAPolicies; rather, it identifies the set 3023 of entities that are responsible for managing this 3024 SUPAPolicySource object. Its primary uses are for 3025 auditability, as well as processing deontic logic. This 3026 object represents the semantics of associating a 3027 SUPAPolicySource to a SUPAPolicyTarget."; 3028 } 3030 container supa-policy-source-detail-container { 3031 description 3032 "This is a container to collect all object instances of 3033 type SUPAPolicySourceDetail."; 3034 list supa-policy-source-detail-list { 3035 key supa-policy-ID; 3036 uses supa-has-policy-source-detail; 3037 description 3038 "This is a list of all supa-policy-source-detail 3039 objects."; 3040 } 3041 } 3043 identity SUPA-HAS-POLICY-TARGET-ASSOC { 3044 base POLICY-OBJECT-TYPE; 3045 description 3046 "The identity corresponding to a SUPAHasPolicyTarget 3047 association class object instance."; 3048 } 3049 grouping supa-has-policy-target-detail { 3050 uses supa-policy-object-type { 3051 refine entity-class { 3052 default SUPA-HAS-POLICY-TARGET-ASSOC; 3053 } 3054 } 3055 leaf supa-has-policy-target-detail-agg-ptr { 3056 type instance-identifier; 3057 must "derived-from-or-self (deref(.)/entity-class, 3058 'POLICY-STRUCTURE-TYPE')"; 3059 description 3060 "This leaf is an instance-identifier that references 3061 a SUPAPolicyStructure instance end point of the 3062 association represented by this instance of the 3063 SUPAHasPolicyTarget association [1]. The grouping 3064 supa-has-policy-target-detail represents the 3065 SUPAHasPolicyTargetDetail class. Thus, the instance 3066 identified by this leaf is the SUPAPolicyStructure 3067 instance that is associated by this association to the 3068 SUPAPolicyTarget instance referenced by the 3069 supa-has-policy-target-detail-part-ptr leaf of 3070 this grouping."; 3071 } 3072 leaf supa-has-policy-target-detail-part-ptr { 3073 type instance-identifier; 3074 must "derived-from-or-self (deref(.)/entity-class, 3075 'POLICY-TARGET-TYPE')"; 3076 description 3077 "This leaf is an instance-identifier that references 3078 a SUPAPolicyTarget instance end point of the 3079 association represented by this instance of the 3080 SUPAHasPolicyTarget association [1]. The grouping 3081 supa-has-policy-target-detail represents the 3082 SUPAHasPolicyTargetDetail class. Thus, the instance 3083 identified by this leaf is the SUPAPolicyTarget 3084 instance that is associated by this association to the 3085 SUPAPolicyStructure instance referenced by the 3086 supa-has-policy-target-detail-agg-ptr leaf of 3087 this grouping."; 3088 } 3089 leaf supa-policy-target-is-authenticated { 3090 type boolean; 3091 description 3092 "If the value of this attribute is true, then this 3093 SUPAPolicyTarget object has been authenticated by 3094 a policy engine or application that is executing this 3095 particular SUPAPolicyStructure object."; 3096 } 3097 leaf supa-policy-target-is-enabled { 3098 type boolean; 3099 description 3100 "If the value of this attribute is true, then each 3101 SUPAPolicyTarget object that is referenced by this 3102 SUPAHasPolicyTarget aggregation is able to be used as 3103 a SUPAPolicyTarget by the SUPAPolicyStructure object 3104 that is referenced by this SUPAHasPolicyTarget 3105 aggregation. This means that this SUPAPolicyTarget has 3106 agreed to: 1) have SUPAPolicies applied to it, and 2) 3107 process (directly or with the aid of a proxy) one or 3108 more SUPAPolicies, or receive the results of a 3109 processed SUPAPolicy and apply those results to 3110 itself."; 3111 } 3112 description 3113 "This is an association class, and defines the semantics of 3114 the SUPAHasPolicyTarget association. The attributes and 3115 relationships of this class can be used to define which 3116 SUPAPolicyTarget objects can be attached to which 3117 particular set of SUPAPolicyStructure objects. Note that a 3118 SUPAPolicyTarget is used to identify a set of managed 3119 entities to which a SUPAPolicy should be applied; this 3120 object represents the semantics of applying a SUPAPolicy 3121 to a SUPAPolicyTarget."; 3122 } 3124 container supa-policy-target-detail-container { 3125 description 3126 "This is a container to collect all object instances of 3127 type SUPAPolicyTargetDetail."; 3128 list supa-policy-target-detail-list { 3129 key supa-policy-ID; 3130 uses supa-has-policy-target-detail; 3131 description 3132 "This is a list of all supa-policy-target-detail 3133 objects."; 3134 } 3135 } 3137 identity SUPA-HAS-POLICY-METADATA-ASSOC { 3138 base POLICY-METADATA-TYPE; 3139 description 3140 "The identity corresponding to a SUPAHasPolicyMetadata 3141 association class object instance."; 3142 } 3143 identity SUPA-HAS-POLICY-CLAUSE-ASSOC { 3144 base POLICY-OBJECT-TYPE; 3145 description 3146 "The identity corresponding to a SUPAHasPolicyClause 3147 association class object instance."; 3148 } 3150 grouping supa-has-policy-clause-detail { 3151 uses supa-policy-object-type { 3152 refine entity-class { 3153 default SUPA-HAS-POLICY-CLAUSE-ASSOC; 3154 } 3155 } 3156 leaf-list supa-has-policy-clause-detail-agg-ptr { 3157 type instance-identifier; 3158 must "derived-from-or-self (deref(.)/entity-class, 3159 'POLICY-STRUCTURE-TYPE')"; 3160 description 3161 "This leaf is an instance-identifier that references 3162 a concrete subclass of the SUPAPolicyStructure class 3163 end point of the association represented by this 3164 instance of the SUPAHasPolicyClause association [1]. 3165 The grouping supa-has-policy-clause-detail represents 3166 the SUPAHasPolicyClauseDetail association class. Thus, 3167 the instance identified by this leaf is the 3168 SUPAPolicyStructure instance that is associated by 3169 this association to the set of SUPAPolicyClause 3170 instances referenced by the 3171 supa-has-policy-clause-detail-part-ptr leaf of this 3172 grouping."; 3173 } 3174 leaf supa-has-policy-clause-detail-part-ptr { 3175 type instance-identifier; 3176 must "derived-from-or-self (deref(.)/entity-class, 3177 'POLICY-CLAUSE-TYPE')"; 3178 description 3179 "This leaf is an instance-identifier that references 3180 a concrete subclass of the SUPAPolicyClause class 3181 end point of the association represented by this 3182 instance of the SUPAHasPolicyClause association [1]. 3183 The grouping supa-has-policy-clause-detail represents 3184 the SUPAHasPolicyClauseDetail association class. Thus, 3185 the instance identified by this leaf is the 3186 SUPAPolicyClause instance that is associated by this 3187 association to the set of SUPAPolicyStructure 3188 instances referenced by the 3189 supa-has-policy-clause-detail-agg-ptr leaf of this 3190 grouping."; 3191 } 3192 description 3193 "This is an association class, and defines the semantics of 3194 the SUPAHasPolicyClause association. The attributes and 3195 relationships of this class can be used to define which 3196 SUPAPolicyTarget objects can be used by which particular 3197 set of SUPAPolicyStructure objects. Every 3198 SUPAPolicyStructure instance MUST aggregate at 3199 least one SUPAPolicyClause instance. However, the 3200 converse is NOT true. For example, a SUPAPolicyStructure 3201 instance MUST aggregate at least one SUPAPolicyClause 3202 instance. However, a SUPAPolicyClause object could be 3203 instantiated and then stored for later use in a policy 3204 repository."; 3205 } 3207 container supa-policy-clause-detail-container { 3208 description 3209 "This is a container to collect all object instances of 3210 type SUPAPolicyClauseDetail."; 3211 list supa-policy-clause-detail-list { 3212 key supa-policy-ID; 3213 uses supa-has-policy-clause-detail; 3214 description 3215 "This is a list of all supa-policy-clause-detail 3216 objects."; 3217 } 3218 } 3220 identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { 3221 base POLICY-OBJECT-TYPE; 3222 description 3223 "The identity corresponding to a 3224 SUPAHasPolExecFailActionToTake association class 3225 object instance."; 3226 } 3228 grouping supa-has-policy-exec-action-detail { 3229 uses supa-policy-object-type { 3230 refine entity-class { 3231 default SUPA-HAS-POLICY-EXEC-ACTION-ASSOC; 3232 } 3233 } 3234 leaf supa-has-exec-fail-action-detail-agg-ptr { 3235 type instance-identifier; 3236 must "derived-from-or-self (deref(.)/entity-class, 3237 'POLICY-STRUCTURE-TYPE')"; 3238 description 3239 "This leaf is an instance-identifier that references 3240 a SUPAPolicyStructure instance end point of the 3241 association represented by this instance of the 3242 SUPAHasPolExecFailActionToTake association [1] that 3243 was executing a SUPAPolicy. This SUPAPolicyStructure 3244 is referred to as the 'parent' SUPAPolicyStructure 3245 instance, while the other instance end point of this 3246 association is called the 'child' SUPAPolicyStructure. 3247 The grouping supa-policy-structure-type represents the 3248 SUPAPolicyStructure class. Thus, the instance 3249 identified by this leaf is the parent 3250 SUPAPolicyStructure instance that is associated by this 3251 association to the child SUPAPolicyStructure instance 3252 referenced by the 3253 supa-has-exec-fail-action-detail-part-ptr leaf of this 3254 grouping."; 3255 } 3256 leaf supa-has-exec-fail-action-detail-part-ptr { 3257 type instance-identifier; 3258 must "derived-from-or-self (deref(.)/entity-class, 3259 'POLICY-STRUCTURE-TYPE')"; 3260 description 3261 "This leaf is an instance-identifier that references 3262 a SUPAPolicyStructure instance end point of the 3263 association represented by this instance of the 3264 SUPAHasPolExecFailActionToTake association [1] that 3265 was NOT currently executing a SUPAPolicy. This 3266 SUPAPolicyStructure is referred to as the 'child' 3267 SUPAPolicyStructure instance, while the other instance 3268 end point of this association is called the 'parent' 3269 SUPAPolicyStructure. The grouping 3270 supa-policy-structure-type represents the 3271 SUPAPolicyStructure class. Thus, the instance 3272 identified by this leaf is the child 3273 SUPAPolicyStructure instance that is associated by 3274 this association to the child SUPAPolicyStructure 3275 instance referenced by the 3276 supa-has-exec-fail-action-detail-part-ptr leaf of 3277 this grouping."; 3278 } 3279 leaf-list supa-policy-exec-fail-take-action-name { 3280 type string; 3281 description 3282 "This is a list that contains the set of names for 3283 SUPAPolicyActions to use if the SUPAPolicyStructure 3284 object that owns this association failed to execute 3285 properly. This association defines a set of child 3286 SUPAPolicyStructure objects to use if this (the parent) 3287 SUPAPolicyStructure object fails to execute correctly. 3289 Each child SUPAPolicyStructure object has one or more 3290 SUPAPolicyActions; this attribute defines the name(s) 3291 of each SUPAPolicyAction in each child 3292 SUPAPolicyStructure that should be used to try and 3293 remediate the failure."; 3294 } 3295 description 3296 "This is an association class, and defines the semantics of 3297 the SUPAHasPolExecFailTakeAction association. The 3298 attributes and relationships of this class can be used to 3299 determine which SUPAPolicyAction objects are executed in 3300 response to a failure of the SUPAPolicyStructure object 3301 instance that owns this association."; 3302 } 3304 container supa-policy-exec-fail-take-action-detail-container { 3305 description 3306 "This is a container to collect all object instances of 3307 type SUPAPolExecFailActionToTakeDetail."; 3308 list supa-policy-exec-fail-take-action-detail-list { 3309 key supa-policy-ID; 3310 uses supa-has-policy-exec-action-detail; 3311 description 3312 "This is a list of all 3313 supa-has-policy-exec-action-detail objects."; 3314 } 3315 } 3317 identity SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC { 3318 base POLICY-METADATA-TYPE; 3319 description 3320 "The identity corresponding to a 3321 SUPAHasMetadataDecoratorDetail association class 3322 object instance."; 3323 } 3325 grouping supa-has-policy-metadata-dec-detail { 3326 uses supa-policy-metadata-type { 3327 refine entity-class { 3328 default SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC; 3329 } 3330 } 3331 leaf supa-has-policy-metadata-detail-dec-agg-ptr { 3332 type instance-identifier; 3333 must "derived-from-or-self (deref(.)/entity-class, 3334 'POLICY-METADATA-TYPE')"; 3335 description 3336 "This leaf is an instance-identifier that references 3337 a SUPAPolicyMetadataDecorator instance end point of 3338 the association represented by this instance of the 3339 SUPAHasMetadataDecorator association [1]. The 3340 grouping supa-has-policy-metadata-detail represents 3341 the SUPAHasMetadataDecoratorDetail association class. 3342 Thus, the instance identified by this leaf is the 3343 SUPAPolicyMetadataDecorator instance that is 3344 associated by this association to the set of 3345 SUPAPolicyMetadata instances referenced by the 3346 supa-has-policy-metadata-detail-dec-part-ptr leaf of 3347 this grouping."; 3348 } 3349 leaf supa-has-policy-metadata-detail-dec-part-ptr { 3350 type instance-identifier; 3351 must "derived-from-or-self (deref(.)/entity-class, 3352 'POLICY-METADATA-TYPE')"; 3353 description 3354 "This leaf is an instance-identifier that references 3355 a SUPAPolicyMetadata instance end point of the 3356 association represented by this instance of the 3357 SUPAHasMetadataDecorator association [1]. The 3358 grouping supa-has-policy-metadata-detail represents 3359 the SUPAHasMetadataDecoratorDetail association class. 3360 Thus, the instance identified by this leaf is the 3361 SUPAPolicyMetadata instance that is associated by 3362 this association to the set of 3363 SUPAPolicyMetadataDecorator instances referenced by 3364 the supa-has-policy-metadata-detail-dec-agg-ptr leaf 3365 of this grouping."; 3366 } 3367 description 3368 "This is an association class, and defines the semantics of 3369 the SUPAHasMetadataDecorator association. The attributes 3370 and relationships of this class can be used to define which 3371 concrete subclasses of the SUPAPolicyMetadataDecorator 3372 class can be used to wrap which concrete subclasses of the 3373 SUPAPolicyMetadata class."; 3374 } 3376 container supa-policy-metadata-decorator-detail-container { 3377 description 3378 "This is a container to collect all object instances of 3379 type SUPAHasMetadaDecoratorDetail."; 3380 list supa-policy-metadata-decorator-detail-list { 3381 key supa-policy-metadata-id; 3382 uses supa-has-policy-metadata-dec-detail; 3383 description 3384 "This is a list of all supa-policy-metadata-detail 3385 objects."; 3386 } 3387 } 3388 } 3390 3391 6. IANA Considerations 3393 No IANA considerations exist for this document. 3395 7. Security Considerations 3397 TBD 3399 8. Acknowledgments 3401 This document has benefited from reviews, suggestions, comments 3402 and proposed text provided by the following members, listed in 3403 alphabetical order: 3405 Andy Bierman 3406 Benoit Claise 3407 Berndt Zeuner 3408 Martin Bjorklund 3409 Qin Wu 3411 9. References 3413 This section defines normative and informative references for this 3414 document. 3416 9.1. Normative References 3418 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3419 Requirement Levels", BCP 14, RFC 2119, March 1997. 3420 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for 3421 the Network Configuration Protocol (NETCONF)", 3422 RFC 6020, October 2010. 3423 [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, 3424 July 2013. 3425 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling 3426 Language", August 2016. 3428 9.2. Informative References 3430 [1] Strassner, J., Halpern, J., Coleman, J., "Generic 3431 Policy Information Model for Simplified Use of Policy 3432 Abstractions (SUPA)", May 30, 2017, 3433 draft-ietf-supa-generic-policy-info-model-03 3434 [2] http://www.omg.org/spec/OCL/ 3435 [3] http://doc.omg.org/formal/2002-04-03.pdf 3437 [4] http://alloy.mit.edu/alloy/ 3438 [5] http://www.omg.org/spec/QVT/ 3439 [6] http://semver.org/ 3440 [7] Definitions of DAC, MAC, and RBAC may be found here: 3441 http://csrc.nist.gov/groups/SNS/rbac/faq.html#03 3442 [8] ABAC is described here: 3443 http://csrc.nist.gov/groups/SNS/rbac/index.html 3445 Authors' Addresses 3447 Joel Halpern 3448 Ericsson 3449 P. O. Box 6049 3450 Leesburg, VA 20178 3451 Email: joel.halpern@ericsson.com 3453 John Strassner 3454 Huawei Technologies 3455 2330 Central Expressway 3456 Santa Clara, CA 95138 USA 3457 Email: john.sc.strassner@huawei.com 3459 Sven van der Meer 3460 LM Ericsson Ltd. 3461 Ericsson Software Campus 3462 Garrycastle 3463 Athlone 3464 N37 PV44 3465 Ireland 3466 Email: sven.van.der.meer@ericsson.com