Autonomic Networking Integrated Model and Approach (anima) Internet Drafts

      
 Constrained Bootstrapping Remote Secure Key Infrastructure (cBRSKI)
 
 draft-ietf-anima-constrained-voucher-24.txt
 Date: 03/03/2024
 Authors: Michael Richardson, Peter van der Stok, Panos Kampanakis, Esko Dijk
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document defines the Constrained Bootstrapping Remote Secure Key Infrastructure (cBRSKI) protocol, which provides a solution for secure zero-touch onboarding of resource-constrained (IoT) devices into the network of a domain owner. This protocol is designed for constrained networks, which may have limited data throughput or may experience frequent packet loss. cBRSKI is a variant of the BRSKI protocol, which uses an artifact signed by the device manufacturer called the "voucher" which enables a new device and the owner's network to mutually authenticate. While the BRSKI voucher data is encoded in JSON, cBRSKI uses a compact CBOR-encoded voucher. The BRSKI voucher data definition is extended with new data types that allow for smaller voucher sizes. The Enrollment over Secure Transport (EST) protocol, used in BRSKI, is replaced with EST-over- CoAPS; and HTTPS used in BRSKI is replaced with DTLS-secured CoAP (CoAPS). This document Updates RFC 8995 and RFC 9148.
 Information Distribution over GRASP
 
 draft-ietf-anima-grasp-distribution-11.txt
 Date: 12/02/2024
 Authors: Sheng Jiang, Bing Liu, Xun Xiao, Artur Hecker, Xiuli Zheng, Yanyan Zhang
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document specifies experimental extensions to the GRASP protocol to enable information distribution capabilities. The extension has two aspects: 1) new GRASP messages and options; 2) processing behaviors on the nodes. With these extensions, the GRASP would have following new capabilities which make it a sufficient tool for general information distribution: 1) Pub-Sub model of information processing; 2) one node can actively sending data to another, without GRASP negotiation procedures; 3) selective flooding mechanism to allow the ASAs control the flooding scope. This document updates RFC8990, the GeneRic Autonomic Signaling Protocol (GRASP)[RFC8990].
 Join Proxy for Bootstrapping of Constrained Network Elements
 
 draft-ietf-anima-constrained-join-proxy-15.txt
 Date: 06/11/2023
 Authors: Michael Richardson, Peter van der Stok, Panos Kampanakis
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document extends the work of Bootstrapping Remote Secure Key Infrastructures (BRSKI) by replacing the Circuit-proxy between Pledge and Registrar by a stateless/stateful constrained Join Proxy. The constrained Join Proxy is a mesh neighbor of the Pledge and can relay a DTLS session originating from a Pledge with only link-local addresses to a Registrar which is not a mesh neighbor of the Pledge. This document defines a protocol to securely assign a Pledge to a domain, represented by a Registrar, using an intermediary node between Pledge and Registrar. This intermediary node is known as a "constrained Join Proxy". An enrolled Pledge can act as a constrained Join Proxy.
 BRSKI Cloud Registrar
 
 draft-ietf-anima-brski-cloud-08.txt
 Date: 24/08/2023
 Authors: Owen Friel, Rifaat Shekh-Yusef, Michael Richardson
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 Bootstrapping Remote Secure Key Infrastructures defines how to onboard a device securely into an operator maintained infrastructure. It assumes that there is local network infrastructure for the device to discover and to help the device. This document extends the new device behaviour so that if no local infrastructure is available, such as in a home or remote office, that the device can use a well defined "call-home" mechanism to find the operator maintained infrastructure. To this, this document defines how to contact a well-known Cloud Registrar, and two ways in which the new device may be redirected towards the operator maintained infrastructure.
 JWS signed Voucher Artifacts for Bootstrapping Protocols
 
 draft-ietf-anima-jws-voucher-09.txt
 Date: 29/08/2023
 Authors: Thomas Werner, Michael Richardson
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 [TODO: I-D.draft-ietf-anima-rfc8366bis] defines a digital artifact called voucher as a YANG-defined JSON document that is signed using a Cryptographic Message Syntax (CMS) structure. This document introduces a variant of the voucher artifact in which CMS is replaced by the JSON Object Signing and Encryption (JOSE) mechanism described in RFC7515 to support deployments in which JOSE is preferred over CMS. In addition to explaining how the format is created, the "application/voucher-jws+json" media type is registered and examples are provided.
 BRSKI with Pledge in Responder Mode (BRSKI-PRM)
 
 draft-ietf-anima-brski-prm-12.txt
 Date: 04/03/2024
 Authors: Steffen Fries, Thomas Werner, Eliot Lear, Michael Richardson
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document defines enhancements to Bootstrapping a Remote Secure Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in domains featuring no or only limited connectivity between a pledge and the domain registrar. It specifically changes the interaction model from a pledge-initiated mode, as used in BRSKI, to a pledge- responding mode, where the pledge is in server role. For this, BRSKI with Pledge in Responder Mode (BRSKI-PRM) introduces a new component, the Registrar-Agent, which facilitates the communication between pledge and registrar during the bootstrapping phase. To establish the trust relation between pledge and registrar, BRSKI-PRM relies on object security rather than transport security. The approach defined here is agnostic to the enrollment protocol that connects the domain registrar to the domain CA.
 A Generic Autonomic Deployment and Management Mechanism for Resource-based Network Services
 
 draft-ietf-anima-network-service-auto-deployment-06.txt
 Date: 02/04/2024
 Authors: Sheng Jiang, Joanna Dang, Zongpeng Du
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document specifies an autonomic mechanism for resource-based network services deployment and management, using the GeneRic Autonomic Signaling Protocol (GRASP) to dynamically exchange the information among the autonomic nodes. It supports the coordination and consistently operations within an autonomic network domain. This mechanism is generic for most, if not all, of kinds of network resources, although this document only defines the process of quality transmission service deployment and management. It can be easily extended to support network services deployment and management that is based on other types of network resources.
 A Voucher Artifact for Bootstrapping Protocols
 
 draft-ietf-anima-rfc8366bis-11.txt
 Date: 04/03/2024
 Authors: Kent Watsen, Michael Richardson, Max Pritikin, Toerless Eckert, Qiufang Ma
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document defines a strategy to securely assign a pledge to an owner using an artifact signed, directly or indirectly, by the pledge's manufacturer. This artifact is known as a "voucher". This document defines an artifact format as a YANG-defined JSON or CBOR document that has been signed using a variety of cryptographic systems. The voucher artifact is normally generated by the pledge's manufacturer (i.e., the Manufacturer Authorized Signing Authority (MASA)). This document updates RFC8366, merging a number of extensions into the YANG. The RFC8995 voucher request is also merged into this document.
 BRSKI-AE: Alternative Enrollment Protocols in BRSKI
 
 draft-ietf-anima-brski-ae-10.txt
 Date: 01/03/2024
 Authors: David von Oheimb, Steffen Fries, Hendrik Brockhaus
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document defines an enhancement of Bootstrapping Remote Secure Key Infrastructure (BRSKI, RFC 8995). It supports alternative certificate enrollment protocols, such as CMP, that use authenticated self-contained signed objects for certification messages. This offers the following advantages. The origin of requests and responses can be authenticated independently of message transfer. This supports end-to-end authentication (proof of origin) also over multiple hops, as well as asynchronous operation of certificate enrollment. This in turn provides architectural flexibility where and when to ultimately authenticate and authorize certification requests while retaining full-strength integrity and authenticity of certification requests.
 Discovery for BRSKI variations
 
 draft-ietf-anima-brski-discovery-00.txt
 Date: 16/04/2024
 Authors: Toerless Eckert, Esko Dijk
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
 This document specifies how BRSKI entities, such as registrars, proxies, pledges or others that are acting as responders, can be discovered and selected by BRSKI entities acting as initiators.

data-group-menu-data-url="/group/groupmenu.json">

Autonomic Networking Integrated Model and Approach (anima)

WG Name Autonomic Networking Integrated Model and Approach
Acronym anima
Area Operations and Management Area (ops)
State Active
Charter charter-ietf-anima-02 Approved
Document dependencies
Additional resources Issue tracker, Wiki, Zulip Stream
Personnel Chairs Sheng Jiang, Toerless Eckert
Area Director Mahesh Jethanandani
Tech Advisor Nancy Cam-Winget
Delegates Michael Richardson, Mike McBride
Secretary Michael Richardson
Liaison Contacts Sheng Jiang, Toerless Eckert
Mailing list Address anima@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/anima
Archive https://mailarchive.ietf.org/arch/browse/anima/
Chat Room address https://zulip.ietf.org/#narrow/stream/anima

Charter for Working Group

The Autonomic Networking Integrated Model and Approach (ANIMA) working group develops and maintains specifications and documentation for interoperable protocols and procedures for automated network management and control of professionally-managed networks.

The vision is a network that configures, heals, optimizes and protects itself. The strategy is the incremental introduction of components to smoothly evolve existing and new networks accordingly.

ANIMA work will rely on the framework described in draft-ietf-anima-reference-model already approved for publication. Work not related to this framework is welcome for review, but WG adoption of such work requires explicit rechartering. The two concrete areas of the reference model are (1) the Autonomic Networking Infrastructure (ANI), and (2) Autonomic Functions (AF) built from software modules called Autonomic Service Agents (ASA).

The ANI is specified through prior ANIMA work. It is composed of the Autonomic Control Plane (ACP; RFC 8368), Bootstrap over Secure Key Infrastructures (BRSKI) including Vouchers (RFC8366), and the Generic Autonomic Signaling Protocol (GRASP). ANIMA will work on closing gaps and extending the ANI and its components.

ANIMA will start to define Autonomic Functions (AF) to enable service automation in networks; it will also work on generic aspects of ASA including design guidelines and lifecycle management, coordination and dependency management.

The reference model also discusses Intent, but ANIMA will not work on this without explicit rechartering. It will rely on the Network Management Research Group (NMRG) to define the next steps for this topic. ANIMA will coordinate with other IETF and IRTF groups as needed.

The scope of possible work items are (additional works are subject to extra approval from the responsible AD):

  • Extensions to the ANI, including variations of ANI deployment (e.g. in virtualised environments), information distribution within an AN, ANI OAMP interfaces (Operations, Administration, Management, Provisioning), interaction with YANG-based mechanisms, defining the domain boundary and membership management of the domain.

  • Support for Autonomic Service Agents, including design and implementation guidelines for ASAs, life cycle management, authorization and coordination of ASA.

  • BRSKI features, including proxies, enrollment, adaptions over various network protocols, variations of voucher formats.

  • Generic use cases of Autonomic Network and new GRASP extensions/options for them, including bulk transfer, DNS-SD interworking, autonomic resource management, autonomic SLA assurance, autonomic multi-tenant management, autonomic network measurement.

  • Integration with Network Operations Centers (NOCs), including autonomic discovery/connectivity to NOC, YANG-based ANI/ASA management by the NOC and reporting AF from node to NOC.

Milestones

Date Milestone Associated documents
Jul 2020 Recharter or close the WG
Mar 2020 Submit Guidelines for Developing Autonomic Service Agents to the IESG
Mar 2020 Submit Lifecycle and Management of Autonomic Service Agents to the IESG
Dec 2019 Submit Constrained Join Proxy for Bootstrapping Protocols to the IESG
Dec 2019 Submit Constrained Voucher Artifacts for Bootstrapping Protocols to the IESG
Nov 2019 Submit Information distribution over GRASP to the IESG