📄 rfc3060.txt
字号:
Network Working Group B. MooreRequest for Comments: 3060 IBMCategory: Standards Track E. Ellesson LongBoard, Inc. J. Strassner A. Westerinen Cisco Systems February 2001 Policy Core Information Model -- Version 1 SpecificationStatus of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved.Abstract This document presents the object-oriented information model for representing policy information developed jointly in the IETF Policy Framework WG and as extensions to the Common Information Model (CIM) activity in the Distributed Management Task Force (DMTF). This model defines two hierarchies of object classes: structural classes representing policy information and control of policies, and association classes that indicate how instances of the structural classes are related to each other. Subsequent documents will define mappings of this information model to various concrete implementations, for example, to a directory that uses LDAPv3 as its access protocol.Table of Contents 1. Introduction.................................................... 4 2. Modeling Policies............................................... 5 2.1. Policy Scope............................................... 8 2.2. Declarative versus Procedural Model........................ 8 3. Overview of the Policy Core Information Model.................. 10 4. Inheritance Hierarchies for the Policy Core Information Model.. 13 4.1. Implications of CIM Inheritance........................... 15 5. Details of the Model........................................... 15Moore, et al. Standards Track [Page 1]
RFC 3060 Policy Core Information Model February 2001 5.1. Reusable versus Rule-Specific Conditions and Actions...... 15 5.2. Roles..................................................... 17 5.2.1. Roles and Role Combinations............................. 17 5.2.2. The PolicyRoles Property................................ 21 5.3. Local Time and UTC Time in PolicyTimePeriodConditions..... 21 5.4. CIM Data Types............................................ 23 5.5. Comparison between CIM and LDAP Class Specifications...... 24 6. Class Definitions.............................................. 25 6.1. The Abstract Class "Policy"............................... 25 6.1.1. The Property "CommonName (CN)".......................... 26 6.1.2. The Multi-valued Property "PolicyKeywords".............. 26 6.1.3. The Property "Caption" (Inherited from ManagedElement).. 27 6.1.4. The Property "Description" (Inherited from ManagedElement)......................................... 27 6.2. The Class "PolicyGroup"................................... 27 6.3. The Class "PolicyRule".................................... 29 6.3.1. The Property "Enabled".................................. 31 6.3.2. The Property "ConditionListType"........................ 31 6.3.3. The Property "RuleUsage"................................ 31 6.3.4. The Property "Priority"................................. 32 6.3.5. The Property "Mandatory"................................ 32 6.3.6. The Property "SequencedActions"......................... 33 6.3.7. The Multi-valued Property "PolicyRoles"................. 33 6.4. The Abstract Class "PolicyCondition"...................... 34 6.5. The Class "PolicyTimePeriodCondition"..................... 36 6.5.1. The Property "TimePeriod"............................... 38 6.5.2. The Property "MonthOfYearMask".......................... 39 6.5.3. The Property "DayOfMonthMask"........................... 39 6.5.4. The Property "DayOfWeekMask"............................ 40 6.5.5. The Property "TimeOfDayMask"............................ 41 6.5.6. The Property "LocalOrUtcTime"........................... 42 6.6. The Class "VendorPolicyCondition"......................... 42 6.6.1. The Multi-valued Property "Constraint".................. 43 6.6.2. The Property "ConstraintEncoding"....................... 43 6.7. The Abstract Class "PolicyAction"......................... 44 6.8. The Class "VendorPolicyAction"............................ 45 6.8.1. The Multi-valued Property "ActionData".................. 45 6.8.2. The Property "ActionEncoding"........................... 46 6.9. The Class "PolicyRepository".............................. 46 7. Association and Aggregation Definitions........................ 46 7.1. Associations.............................................. 47 7.2. Aggregations.............................................. 47 7.3. The Abstract Aggregation "PolicyComponent................. 47 7.4. The Aggregation "PolicyGroupInPolicyGroup"................ 47 7.4.1. The Reference "GroupComponent".......................... 48 7.4.2. The Reference "PartComponent"........................... 48 7.5. The Aggregation "PolicyRuleInPolicyGroup"................. 48 7.5.1. The Reference "GroupComponent".......................... 49Moore, et al. Standards Track [Page 2]
RFC 3060 Policy Core Information Model February 2001 7.5.2. The Reference "PartComponent"........................... 49 7.6. The Aggregation "PolicyConditionInPolicyRule"............. 49 7.6.1. The Reference "GroupComponent".......................... 50 7.6.2. The Reference "PartComponent"........................... 50 7.6.3. The Property "GroupNumber".............................. 50 7.6.4. The Property "ConditionNegated"......................... 51 7.7. The Aggregation "PolicyRuleValidityPeriod"................ 51 7.7.1. The Reference "GroupComponent".......................... 52 7.7.2. The Reference "PartComponent"........................... 52 7.8. The Aggregation "PolicyActionInPolicyRule"................ 52 7.8.1. The Reference "GroupComponent".......................... 53 7.8.2. The Reference "PartComponent"........................... 53 7.8.3. The Property "ActionOrder".............................. 53 7.9. The Abstract Association "PolicyInSystem"................. 54 7.10. The Weak Association "PolicyGroupInSystem"............... 55 7.10.1. The Reference "Antecedent"............................. 55 7.10.2. The Reference "Dependent".............................. 55 7.11. The Weak Association "PolicyRuleInSystem"................ 56 7.11.1. The Reference "Antecedent"............................. 56 7.11.2. The Reference "Dependent".............................. 56 7.12. The Association "PolicyConditionInPolicyRepository"...... 56 7.12.1. The Reference "Antecedent"............................. 57 7.12.2. The Reference "Dependent".............................. 57 7.13. The Association "PolicyActionInPolicyRepository"......... 57 7.13.1. The Reference "Antecedent"............................. 58 7.13.2. The Reference "Dependent".............................. 58 7.14. The Aggregation "PolicyRepositoryInPolicyRepository"..... 58 7.14.1. The Reference "GroupComponent"......................... 58 7.14.2. The Reference "PartComponent".......................... 59 8. Intellectual Property.......................................... 59 9. Acknowledgements............................................... 59 10. Security Considerations....................................... 60 11. References.................................................... 62 12. Authors' Addresses............................................ 64 13. Appendix A: Class Identification in a Native CIM Implementation................................................ 65 13.1. Naming Instances of PolicyGroup and PolicyRule........... 65 13.1.1. PolicyGroup's CIM Keys................................. 65 13.1.2. PolicyRule's CIM Keys.................................. 66 13.2. Naming Instances of PolicyCondition and Its Subclasses... 67 13.2.1. PolicyCondition's CIM Keys............................. 69 13.3. Naming Instances of PolicyAction and Its Subclasses...... 71 13.4. Naming Instances of PolicyRepository..................... 72 13.5. Role of the CreationClassName Property in Naming......... 73 13.6. Object References........................................ 73 14. Appendix B: The Core Policy MOF.............................. 75 15. Full Copyright Statement..................................... 100Moore, et al. Standards Track [Page 3]
RFC 3060 Policy Core Information Model February 20011. Introduction This document presents the object-oriented information model for representing policy information currently under joint development in the IETF Policy Framework WG and as extensions to the Common Information Model (CIM) activity in the Distributed Management Task Force (DMTF). This model defines two hierarchies of object classes: structural classes representing policy information and control of policies, and association classes that indicate how instances of the structural classes are related to each other. Subsequent documents will define mappings of this information model to various concrete implementations, for example, to a directory that uses LDAPv3 as its access protocol. The components of the CIM schema are available via the following URL: http://www.dmtf.org/spec/cims.html [1]. The policy classes and associations defined in this model are sufficiently generic to allow them to represent policies related to anything. However, it is expected that their initial application in the IETF will be for representing policies related to QoS (DiffServ and IntServ) and to IPSec. Policy models for application-specific areas such as these may extend the Core Model in several ways. The preferred way is to use the PolicyGroup, PolicyRule, and PolicyTimePeriodCondition classes directly, as a foundation for representing and communicating policy information. Then, specific subclasses derived from PolicyCondition and PolicyAction can capture application-specific definitions of conditions and actions of policies. Two subclasses, VendorPolicyCondition and VendorPolicyAction, are also included in this document, to provide a standard extension mechanism for vendor-specific extensions to the Policy Core Information Model. This document fits into the overall framework for representing, deploying, and managing policies being developed by the Policy Framework Working Group. It traces its origins to work that was originally done for the Directory-enabled Networks (DEN) specification, reference [5]. Work on the DEN specification by the DEN Ad-Hoc Working Group itself has been completed. Further work to standardize the models contained in it will be the responsibility of selected working groups of the CIM effort in the Distributed Management Task Force (DMTF). DMTF standardization of the core policy model is the responsibility of the SLA Policy working group in the DMTF.Moore, et al. Standards Track [Page 4]
RFC 3060 Policy Core Information Model February 2001 This document is organized in the following manner: o Section 2 provides a general overview of policies and how they are modeled. o Section 3 presents a high-level overview of the classes and associations comprising the Policy Core Information Model. o The remainder of the document presents the detailed specifications for each of the classes and associations. o Appendix A overviews naming for native CIM implementations. Other mappings, such as LDAPv3, will have their own naming mechanisms. o Appendix B reproduces the DMTF's Core Policy MOF specification. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119, reference [3].2. Modeling Policies The classes comprising the Policy Core Information Model are intended to serve as an extensible class hierarchy (through specialization) for defining policy objects that enable application developers, network administrators, and policy administrators to represent policies of different types. One way to think of a policy-controlled network is to first model the network as a state machine and then use policy to control which state a policy-controlled device should be in or is allowed to be in at any given time. Given this approach, policy is applied using a set of policy rules. Each policy rule consists of a set of conditions and a set of actions. Policy rules may be aggregated into policy groups. These groups may be nested, to represent a hierarchy of policies. The set of conditions associated with a policy rule specifies when the policy rule is applicable. The set of conditions can be expressed as either an ORed set of ANDed sets of condition statements or an ANDed set of ORed sets of statements. Individual condition statements can also be negated. These combinations are termed, respectively, Disjunctive Normal Form (DNF) and Conjunctive Normal Form (CNF) for the conditions. If the set of conditions associated with a policy rule evaluates to TRUE, then a set of actions that either maintain the current state of the object or transition the object to a new state may be executed.Moore, et al. Standards Track [Page 5]
RFC 3060 Policy Core Information Model February 2001⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -