SACM Working Group H. Birkholz Internet-Draft Fraunhofer SIT Intended status: Standards Track N. Cam-Winget Expires: January 20, 2018 Cisco Systems July 19, 2017 YANG subscribed notifications via SACM Statements draft-birkholz-sacm-yang-content-00 Abstract This document summarizes the data model designed at the IETF 99 Hackathon and is intended to grow in to a definition of general XML SACM statements (and later JSON and CBOR, respectively) for virtually every kind of Content Element (e.g. software identifiers, assessment guidance/results, ECA Policy rules, VDD, etc.). The SACM Statement data structure is based on the Information Element (IE) definitions provided by the SACM Information Model. The initial Content Element type transferred are YANG Subscribed Notification acquired via YANG push. In combination with the Origin Metadata Annotation defined in draft-ietf-netmod-revised-datastores the data model defined in this document will ultimately be able to express collected endpoint characteristics, imperative guidance that define and orchestrate assessment instructions, and also the declarative guidance for endpoint attributes. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 20, 2018. Birkholz & Cam-Winget Expires January 20, 2018 [Page 1] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 3. Brokering of YANG push telemetry via SACM statements . . . . 3 4. Encapsulation of YANG notifications in SACM content-elements 3 4.1. Enumeration definition for content-type . . . . . . . . . 4 4.2. Element definition for content-metadata . . . . . . . . . 4 4.3. Definition of the yang-output-metadata element included in content-metadata . . . . . . . . . . . . . . . . . . . 5 5. SACM Component Composition . . . . . . . . . . . . . . . . . 7 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 9. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 7 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 7 11. Normative References . . . . . . . . . . . . . . . . . . . . 7 Appendix A. Minimal SACM Statement Definition for YANG Output . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 1. Introduction YANG modules are a powerful established tool to provide endpoint attributes (IE) with well-defined semantics. YANG push [I-D.ietf-netconf-yang-push] and the corresponding YANG subscribed notification [I-D.ietf-netconf-subscribed-notifications] drafts make use of these modules to create streams of notifications (telemetry) providing SACM content on the data plane. Correspondingly, filter expressions used in the context of YANG subscriptions constitute SACM content that is imperative guidance consumed by SACM components on the management plane. Birkholz & Cam-Winget Expires January 20, 2018 [Page 2] Internet-DraYANG subscribed notifications via SACM Statements July 2017 The SACM component illustrated in this draft incorporates a YANG Push client function and an xmpp-grid publisher function. The output of the YANG Push client function is encapsulated in a SACM Content Element envelope, which is again encapsulated in a SACM statement envelope. The corresponding SACM statements are published via the xmpp-grid publisher function into a SACM Domain. 2. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119, BCP 14 [RFC2119]. 3. Brokering of YANG push telemetry via SACM statements Every SACM content is published into a SACM domain using a statement envelope/encapsulation. The general structure of a Statement is based in the Information Element defintion in [I-D.ietf-sacm-information-model] and can be summarized as follows: o a statement encapsulates statement-metadata and content-elements o a content-element encapsulates content-metadata and SACM content In the scope of this document, only one type of SACM content is covered: YANG output. Correspondingly, only the minimal required structure of statements, statement-metadata, content-elements, and content-metadata are defined. A complete XML schema definition of this minimal statement can be found in Appendix A. 4. Encapsulation of YANG notifications in SACM content-elements A YANG notification is associated with a set of YANG specific metadata. Hence, a YANG notification published to a SACM Domain MUST be encapsulated with its corresponding metadata in a Content Element as defined below. YANG output that is SACM content is represented as an element defintion included in the content choice of the content-element. Birkholz & Cam-Winget Expires January 20, 2018 [Page 3] Internet-DraYANG subscribed notifications via SACM Statements July 2017 4.1. Enumeration definition for content-type One occurrence of the yang-output element MUST be instantiated in the content-metadata element if YANG push output is to be transferred. Also, the content-type must be set to the enumeration value "yang- output", respectively. In general, the list of content-type enumerations is including every subject as defined in the SACM Information Model. For the scope of this document, the list of potential content is reduced to "yang- output" only. 4.2. Element definition for content-metadata The list of optional elements included in content-metadata will incorporate any every potential metadata type. For the scope of this document, the list of elements is also limited to the minimal required set of metadata elements and the yang-output metadata element to support the encapsulation of NETCONF subscribed notifications and YANG query result. As defined above, one occurrence of the yang-output element has to be included in the content-metadata element. The general content-metadata elements are illustrated in the Appendix A. Birkholz & Cam-Winget Expires January 20, 2018 [Page 4] Internet-DraYANG subscribed notifications via SACM Statements July 2017 4.3. Definition of the yang-output-metadata element included in content-metadata The composition of metadata that can be associated with a XML NETCONF result depends on multiple factors: o acquisition method: query / subscription o encoding: XML / JSON / CBOR o subscription interval: periodic / on-change o filter-type: xpath / subtree Additionally, the actual filter expression (or in future iterations of this work a referencing label, such as a URI, UUID or other composed identifier) has to be included in the content-metadata. Birkholz & Cam-Winget Expires January 20, 2018 [Page 5] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 6] Internet-DraYANG subscribed notifications via SACM Statements July 2017 5. SACM Component Composition A SACM Component able to process YANG subscribed notifications requires at least two functions: o a YANG push client function [I-D.ietf-netconf-yang-push], [I-D.ietf-netconf-subscribed-notifications] o an xmpp-grid provider function [I-D.ietf-mile-xmpp-grid] Orchestattion of functions inside a component, their discovery as capabiliites and the internal communication of SACM content inside a SACM component is out of scope of this document for now. 6. IANA considerations This document includes requests to IANA. 7. Security Considerations TBD 8. Acknowledgements Christoph Vigano, Guangying Zheng, Eric Voit, Alexander Clemm 9. Change Log First version -00 10. Contributors 11. Normative References [I-D.ietf-mile-xmpp-grid] Cam-Winget, N., Appala, S., and S. Pope, "Using XMPP Protocol and its Extensions for Use with IODEF", draft- ietf-mile-xmpp-grid-03 (work in progress), July 2017. [I-D.ietf-netconf-subscribed-notifications] Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and A. Tripathy, "Custom Subscription to Event Notifications", draft-ietf-netconf-subscribed-notifications-03 (work in progress), July 2017. Birkholz & Cam-Winget Expires January 20, 2018 [Page 7] Internet-DraYANG subscribed notifications via SACM Statements July 2017 [I-D.ietf-netconf-yang-push] Clemm, A., Voit, E., Prieto, A., Tripathy, A., Nilsen- Nygaard, E., Bierman, A., and B. Lengyel, "Subscribing to YANG datastore push updates", draft-ietf-netconf-yang- push-07 (work in progress), June 2017. [I-D.ietf-sacm-information-model] Waltermire, D., Watson, K., Kahn, C., Lorenzin, L., Cokus, M., Haynes, D., and H. Birkholz, "SACM Information Model", draft-ietf-sacm-information-model-10 (work in progress), April 2017. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Appendix A. Minimal SACM Statement Definition for YANG Output The definitions of statements, statement-metadata, content-element, and content-metadata are provided by the SACM Information Model [I-D.ietf-sacm-information-model]. Due to the stripping down of content-elements to YANG output, the enumerations still included in the relationship type are not able to point to other content actually. Birkholz & Cam-Winget Expires January 20, 2018 [Page 8] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 9] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 10] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 11] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 12] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 13] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 14] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 15] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 16] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 17] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 18] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 19] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 20] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 21] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 22] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 23] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 24] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 25] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Birkholz & Cam-Winget Expires January 20, 2018 [Page 26] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Authors' Addresses Birkholz & Cam-Winget Expires January 20, 2018 [Page 27] Internet-DraYANG subscribed notifications via SACM Statements July 2017 Henk Birkholz Fraunhofer SIT Rheinstrasse 75 Darmstadt 64295 Germany Email: henk.birkholz@sit.fraunhofer.de Nancy Cam-Winget Cisco Systems 3550 Cisco Way San Jose, CA 95134 USA Email: ncamwing@cisco.com Birkholz & Cam-Winget Expires January 20, 2018 [Page 28]