rfc3060.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,389 行 · 第 1/5 页
TXT
1,389 行
Network Working Group B. Moore
Request for Comments: 3060 IBM
Category: Standards Track E. Ellesson
LongBoard, Inc.
J. Strassner
A. Westerinen
Cisco Systems
February 2001
Policy Core Information Model -- Version 1 Specification
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This document presents the object-oriented information model for
representing policy information developed jointly in the IETF Policy
Framework WG and as extensions to the Common Information Model (CIM)
activity in the Distributed Management Task Force (DMTF). This model
defines two hierarchies of object classes: structural classes
representing policy information and control of policies, and
association classes that indicate how instances of the structural
classes are related to each other. Subsequent documents will define
mappings of this information model to various concrete
implementations, for example, to a directory that uses LDAPv3 as its
access protocol.
Table of Contents
1. Introduction.................................................... 4
2. Modeling Policies............................................... 5
2.1. Policy Scope............................................... 8
2.2. Declarative versus Procedural Model........................ 8
3. Overview of the Policy Core Information Model.................. 10
4. Inheritance Hierarchies for the Policy Core Information Model.. 13
4.1. Implications of CIM Inheritance........................... 15
5. Details of the Model........................................... 15
Moore, et al. Standards Track [Page 1]
RFC 3060 Policy Core Information Model February 2001
5.1. Reusable versus Rule-Specific Conditions and Actions...... 15
5.2. Roles..................................................... 17
5.2.1. Roles and Role Combinations............................. 17
5.2.2. The PolicyRoles Property................................ 21
5.3. Local Time and UTC Time in PolicyTimePeriodConditions..... 21
5.4. CIM Data Types............................................ 23
5.5. Comparison between CIM and LDAP Class Specifications...... 24
6. Class Definitions.............................................. 25
6.1. The Abstract Class "Policy"............................... 25
6.1.1. The Property "CommonName (CN)".......................... 26
6.1.2. The Multi-valued Property "PolicyKeywords".............. 26
6.1.3. The Property "Caption" (Inherited from ManagedElement).. 27
6.1.4. The Property "Description" (Inherited from
ManagedElement)......................................... 27
6.2. The Class "PolicyGroup"................................... 27
6.3. The Class "PolicyRule".................................... 29
6.3.1. The Property "Enabled".................................. 31
6.3.2. The Property "ConditionListType"........................ 31
6.3.3. The Property "RuleUsage"................................ 31
6.3.4. The Property "Priority"................................. 32
6.3.5. The Property "Mandatory"................................ 32
6.3.6. The Property "SequencedActions"......................... 33
6.3.7. The Multi-valued Property "PolicyRoles"................. 33
6.4. The Abstract Class "PolicyCondition"...................... 34
6.5. The Class "PolicyTimePeriodCondition"..................... 36
6.5.1. The Property "TimePeriod"............................... 38
6.5.2. The Property "MonthOfYearMask".......................... 39
6.5.3. The Property "DayOfMonthMask"........................... 39
6.5.4. The Property "DayOfWeekMask"............................ 40
6.5.5. The Property "TimeOfDayMask"............................ 41
6.5.6. The Property "LocalOrUtcTime"........................... 42
6.6. The Class "VendorPolicyCondition"......................... 42
6.6.1. The Multi-valued Property "Constraint".................. 43
6.6.2. The Property "ConstraintEncoding"....................... 43
6.7. The Abstract Class "PolicyAction"......................... 44
6.8. The Class "VendorPolicyAction"............................ 45
6.8.1. The Multi-valued Property "ActionData".................. 45
6.8.2. The Property "ActionEncoding"........................... 46
6.9. The Class "PolicyRepository".............................. 46
7. Association and Aggregation Definitions........................ 46
7.1. Associations.............................................. 47
7.2. Aggregations.............................................. 47
7.3. The Abstract Aggregation "PolicyComponent................. 47
7.4. The Aggregation "PolicyGroupInPolicyGroup"................ 47
7.4.1. The Reference "GroupComponent".......................... 48
7.4.2. The Reference "PartComponent"........................... 48
7.5. The Aggregation "PolicyRuleInPolicyGroup"................. 48
7.5.1. The Reference "GroupComponent".......................... 49
Moore, et al. Standards Track [Page 2]
RFC 3060 Policy Core Information Model February 2001
7.5.2. The Reference "PartComponent"........................... 49
7.6. The Aggregation "PolicyConditionInPolicyRule"............. 49
7.6.1. The Reference "GroupComponent".......................... 50
7.6.2. The Reference "PartComponent"........................... 50
7.6.3. The Property "GroupNumber".............................. 50
7.6.4. The Property "ConditionNegated"......................... 51
7.7. The Aggregation "PolicyRuleValidityPeriod"................ 51
7.7.1. The Reference "GroupComponent".......................... 52
7.7.2. The Reference "PartComponent"........................... 52
7.8. The Aggregation "PolicyActionInPolicyRule"................ 52
7.8.1. The Reference "GroupComponent".......................... 53
7.8.2. The Reference "PartComponent"........................... 53
7.8.3. The Property "ActionOrder".............................. 53
7.9. The Abstract Association "PolicyInSystem"................. 54
7.10. The Weak Association "PolicyGroupInSystem"............... 55
7.10.1. The Reference "Antecedent"............................. 55
7.10.2. The Reference "Dependent".............................. 55
7.11. The Weak Association "PolicyRuleInSystem"................ 56
7.11.1. The Reference "Antecedent"............................. 56
7.11.2. The Reference "Dependent".............................. 56
7.12. The Association "PolicyConditionInPolicyRepository"...... 56
7.12.1. The Reference "Antecedent"............................. 57
7.12.2. The Reference "Dependent".............................. 57
7.13. The Association "PolicyActionInPolicyRepository"......... 57
7.13.1. The Reference "Antecedent"............................. 58
7.13.2. The Reference "Dependent".............................. 58
7.14. The Aggregation "PolicyRepositoryInPolicyRepository"..... 58
7.14.1. The Reference "GroupComponent"......................... 58
7.14.2. The Reference "PartComponent".......................... 59
8. Intellectual Property.......................................... 59
9. Acknowledgements............................................... 59
10. Security Considerations....................................... 60
11. References.................................................... 62
12. Authors' Addresses............................................ 64
13. Appendix A: Class Identification in a Native CIM
Implementation................................................ 65
13.1. Naming Instances of PolicyGroup and PolicyRule........... 65
13.1.1. PolicyGroup's CIM Keys................................. 65
13.1.2. PolicyRule's CIM Keys.................................. 66
13.2. Naming Instances of PolicyCondition and Its Subclasses... 67
13.2.1. PolicyCondition's CIM Keys............................. 69
13.3. Naming Instances of PolicyAction and Its Subclasses...... 71
13.4. Naming Instances of PolicyRepository..................... 72
13.5. Role of the CreationClassName Property in Naming......... 73
13.6. Object References........................................ 73
14. Appendix B: The Core Policy MOF.............................. 75
15. Full Copyright Statement..................................... 100
Moore, et al. Standards Track [Page 3]
RFC 3060 Policy Core Information Model February 2001
1. Introduction
This document presents the object-oriented information model for
representing policy information currently under joint development in
the IETF Policy Framework WG and as extensions to the Common
Information Model (CIM) activity in the Distributed Management Task
Force (DMTF). This model defines two hierarchies of object classes:
structural classes representing policy information and control of
policies, and association classes that indicate how instances of the
structural classes are related to each other. Subsequent documents
will define mappings of this information model to various concrete
implementations, for example, to a directory that uses LDAPv3 as its
access protocol. The components of the CIM schema are available via
the following URL: http://www.dmtf.org/spec/cims.html [1].
The policy classes and associations defined in this model are
sufficiently generic to allow them to represent policies related to
anything. However, it is expected that their initial application in
the IETF will be for representing policies related to QoS (DiffServ
and IntServ) and to IPSec. Policy models for application-specific
areas such as these may extend the Core Model in several ways. The
preferred way is to use the PolicyGroup, PolicyRule, and
PolicyTimePeriodCondition classes directly, as a foundation for
representing and communicating policy information. Then, specific
subclasses derived from PolicyCondition and PolicyAction can capture
application-specific definitions of conditions and actions of
policies.
Two subclasses, VendorPolicyCondition and VendorPolicyAction, are
also included in this document, to provide a standard extension
mechanism for vendor-specific extensions to the Policy Core
Information Model.
This document fits into the overall framework for representing,
deploying, and managing policies being developed by the Policy
Framework Working Group. It traces its origins to work that was
originally done for the Directory-enabled Networks (DEN)
specification, reference [5]. Work on the DEN specification by the
DEN Ad-Hoc Working Group itself has been completed. Further work to
standardize the models contained in it will be the responsibility of
selected working groups of the CIM effort in the Distributed
Management Task Force (DMTF). DMTF standardization of the core
policy model is the responsibility of the SLA Policy working group in
the DMTF.
Moore, et al. Standards Track [Page 4]
RFC 3060 Policy Core Information Model February 2001
This document is organized in the following manner:
o Section 2 provides a general overview of policies and how they are
modeled.
o Section 3 presents a high-level overview of the classes and
associations comprising the Policy Core Information Model.
o The remainder of the document presents the detailed specifications
for each of the classes and associations.
o Appendix A overviews naming for native CIM implementations. Other
mappings, such as LDAPv3, will have their own naming mechanisms.
o Appendix B reproduces the DMTF's Core Policy MOF specification.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119, reference
[3].
2. Modeling Policies
The classes comprising the Policy Core Information Model are intended
to serve as an extensible class hierarchy (through specialization)
for defining policy objects that enable application developers,
network administrators, and policy administrators to represent
policies of different types.
One way to think of a policy-controlled network is to first model the
network as a state machine and then use policy to control which state
a policy-controlled device should be in or is allowed to be in at any
given time. Given this approach, policy is applied using a set of
policy rules. Each policy rule consists of a set of conditions and a
set of actions. Policy rules may be aggregated into policy groups.
These groups may be nested, to represent a hierarchy of policies.
The set of conditions associated with a policy rule specifies when
the policy rule is applicable. The set of conditions can be
expressed as either an ORed set of ANDed sets of condition statements
or an ANDed set of ORed sets of statements. Individual condition
statements can also be negated. These combinations are termed,
respectively, Disjunctive Normal Form (DNF) and Conjunctive Normal
Form (CNF) for the conditions.
If the set of conditions associated with a policy rule evaluates to
TRUE, then a set of actions that either maintain the current state of
the object or transition the object to a new state may be executed.
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?