M.Iyer Internet Draft Document: draft-iyer-ipvpn-infomodel-00.txt Alcatel Expires: August 2001 February 2001 IP VPN Policy Information Model Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document represents the object oriented information model for representing policy information associated with provisioning IP VPN services such as firewall, address translation, quality of service, encryption. This draft extends the core policy information model to cover the policies that need to be enforced to configure IP VPN services mentioned earlier. The information model defined in this document is independent of any implementation specifics related to the repository used to store the policy information. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [1]. Table of Contents 1. Introduction 2. UML Conventions 3. Inheritance Hierarchy 4. Containment Hierarchy 5. Class Definitions 6. PolicyRule class definition 7. Positioning w.r.t existing policy framework WG drafts: [PCIM], [QPIM] 8. Extending the IP VPN Policy Schema 9. Security Considerations 10.References 11.Author's Addresses 1. Introduction The term _IP VPN_ is used to denote VPN services delivered over an IP network. The goal of IP VPN provisioning is to align the network elements to provide consistent treatment to selected pieces of IP traffic. The network elements will require a combination of capabilities depending largely on their location in the topology and the technology being used. The classification and treatment of the traffic should be technology independent. However the models described in this document will lend themselves to easier implementation over certain standardized technologies in each of the traffic treatment areas. The IP VPN policy information model is based on the _Policy Framework Core Information Model_ [PCIM]. The core model has been extended to address the requirement that network elements deliver the services required by the network user. The network elements receive their configuration in the form of policies. The policies are stored and distributed using the policy framework described in [PFRAME]. The IP VPN policy information model references classes from the _Policy Framework Core Information Model_ [PCIM], the _QoS Policy Information Model_ [QPIM], the _MPLS Policy Information Model_[MPIM] and the _IPSEC Configuration Policy Model_ [IPSECIM]. The corresponding LDAP implementations could be built based on the _Policy Framework LDAP Core Schema_ [PCIM-LDAP] and _QoS Policy Schema_[QOSIM-LDAP] implementations. This document is organized as follows: 1. Section 2 provides a quick introduction to the Unified Modeling Language(UML) graphical notation used in this document 2. Section 3 defines the inheritance hierarchy in the context of the policy core information model 3. Section 4 defines the containment hierarchy in the context of the policy core information model 4. Section 5 provides details on the classes defined in the information model 5. Section 6 revisits the Policy Rule class[PCIM]. 6. Section 7 explains the positioning of this work w.r.t related work being done in the IETF. 7. Section 8 deals with extending the IP VPN policy schema 2. UML Notation The information model is presented in this document using UML notation since it a well accepted standard and provides a task independent way to model systems. 1. Boxes represent classes 2. A _o_ denotes an aggregation. An aggregation is essentially a reference. 3. A _x_ denotes containment. A contained object is owned entirely by the container. 4. The association line may be annotated with _multiplicity_ which indicates the number of objects aggregated or contained. - a range of the form _a..b_ indicates the minimum and maximum number of objects - an asterisk indicates any number of objects 3. Inheritance Hierarchy The inheritance hierarchy shows the new classes introduced in this document and their relationship to the relevant classes in [PCIM]. Policy | +----PolicyGroup[PCIM] | | | +-------gpsPolicyGroup[QPIM] | +----PolicyRule[PCIM] | | | +-------gpsPolicyRule[QPIM] | | | +----ipvpnServicePolicyRule (this document) | +----ipvpnPolicyDomain(this document) | +----PolicyConditionInPolicyRule[PCIM] | +----PolicyCondition[PCIM] | | | +-------PolicyTimePeriodCondition[PCIM] | | | +-------VendorPolicyCondition[PCIM] | | | +-------gpsPolicySimpleCondition[QPIM] | | | +-------gpsPolicyCompoundCondition[QPIM] | +----gpsPolicyTrfcProf[QPIM] | | | +-------qosPolicyPRTrfcProf[QPIM] | +----gpsPolicyVariable[QPIM] | | +----gpsPolicyValue[QPIM] | | | +-------gpsPolicyIPv4AddrValue[QPIM] | | | +-------gpsPolicyIPv6AddrValue[QPIM] | | | +-------ipvpnApplicationSignatureValue(this document) | | | +-------ipvpnEnforcerProfileValue(this document) | +----PolicyActionInPolicyRule[PCIM] | | +----PolicyAction[PCIM] | +-------VendorPolicyAction[PCIM] | +-------ipvpnPolicyRoutingAction(this document) | +-------ipvpnPolicyNATAction(this document) | +-------ipvpnPolicyTrafficTrunkAction(this document) | +-------ipvpnPolicyFirewallAction(this document) | +-------ipvpnPolicyEncryptionAction(this document) | +-------qoSPolicyPRAction[QPIM] | +-------qoSPolicyRSVPAction[QPIM] | +-------qoSPolicyRSVPSignalCtrlAction[QPIM] | +-------qoSPolicyRSVPInstallAction[QPIM] Classes imported from [MPIM] | | +----mplsPolicyRouteSpec[MPIM] | +----mplsPolicyTrafficTrunk[MPIM] | +----mplsPolicyFEC[MPIM] This [MPIM] draft is yet to be positioned in the appropriate WG. These classes may be redefined within this document if required. The intention here is to keep the class definitions to be identical to enable the easy translation from the IP VPN service requirements to MPLS traffic trunk configuration. Property Definitions imported from [QPIM] 1. gpIPv4AddrList - This Property is defined in [QPIM] to represent an unordered list of Ipv4 addresses. 2. gpIPv6AddrList - This Property is defined in [QPIM] to represent an unordered list of Ipv6 addresses. The new classes introduced are in the following areas: - ipvpnServicePolicyRule which extends the gpsPolicyRule class to include the semantics required to define an IP VPN service. - ipvpnApplicationSignatureValue, ipvpnEnforcerProfileValue which extend the gpsPolicyValue class to capture the L7 classification requirements and the enforcer capabilities respectively - ipvpnPolicyRoutingAction to capture the policy based routing which defines the topology of the IP VPN service - ipvpnPolicyNATAction, ipvpnPolicyFirewallAction, ipvpnPolicyEncryptionAction which extend PolicyAction to capture NAT, Firewall and Encryption requirements of the IP VPN service - ipvpnPolicyRoutingAction extends PolicyAction to capture the topology and policy based routing requirements of the IP VPN service. 4. Containment Hierarchy The containment hierarchy shows the composition of an ipvpnServicePolicyRule. The classes used in the figure can be located on the inheritance tree from the previous section. The ipvpnServicePolicyRule and newly introduced classes are described in further detail in subsequent sections. +-----------------+ |PolicyRepository | +-----------------+ x |1..n(placement) +------------------+ |ipvpnPolicyRoot | +------------------+ x x 1..n(placement) | | +----------+ | |1..n(placement) | | | +---------------------------------------------------+ | | | ipvpnServicePolicyRule |x-+ | +---------------------------------------------------+ | o o o o | | | | | | |1 | |1..n | | +--------------------------+ | +------------------------+ | | |gpsPolicyCompoundCondition| | |ipvpnPolicyRoutingAction| | | +--------------------------+ | +------------------------+ | | | | | |1 |1 | +-----------------+ +-----------------+ | | gpsPolicyGroup | |ipvpnPolicyDomain| | +-----------------+ +-----------------+ | o | |1..n +----------------------------+ +-----------+ | ipvpnPolicyReusableRoot | |PolicyRule | +----------------------------+ +-----------+ x x |1..n(placement) |1..n(placement) +---------------+ +---------------+ |PolicyCondition| | PolicyAction | +---------------+ +---------------+ The important aspects to be highlighted in the containment tree are: - the gpsPolicyCompoundCondition is used to provide a quick means of deciding whether the traffic under consideration belongs to the VPN service or not. - The ipvpnPolicyRoutingAction objects reflect the topology required for implementing the IP VPN service e.g. hub and spoke, full mesh, partial mesh, point to point etc. This component provides a complete description of the connectivity requirement of the IP VPN service. - The gpsPolicyGroup aggregates the complete set of policy rules to be enforced for traffic belonging to this IP VPN service. This component provides a complete description of the security and QoS requirements of the IP VPN service. - The ipvpnPolicyDomain reflects the administrative, functional and enforcement information related to the IP VPN service. 5. Class Definitions 5.1 The Class ipvpnServicePolicyRule The ipvpnServicePolicyRule represents the policies corresponding to an ipvpnService definition. It is associated with a gpsPolicyCompondCondition object and a gpsPolicyGroup object. It extends the semantics of the gpsPolicyRule by means of a contained ipvpnPolicyDomain object. The ipvpnServicePolicyRule can contain nested ipvpnServicePolicyRule(s). NAME ipvpnServicePolicyRule DESCRIPTION The class for holding the conditions and policies required to implement the ipvpnService. DERIVED FROM gpsPolicyRule ABSTRACT FALSE PROPERTIES ipvpnServicePolicyCondition [ref gpsPolicyCompoundCondition[1]], ipvpnServicePolicyRouting [ref ipvpnPolicyRoutingAction[1..n]], ipvpnServicePolicyGroup [ref gpsPolicyGroup[1]], ipvpnServicePolicyDomain [ref ipvpnServicePolicyDomain[1]] The aggregation gpsPolicyRuleInPolicyRule provides nesting of ipvpnServicePolicyRule(s). The aggregation PolicyRuleInPolicyGroup provides association of an unordered list of PolicyRules 5.1.1 The Reference ipvpnServicePolicyCondition This is a reference to a gpsPolicyCompoundCondition. It is used to decide whether the traffic matches the aggregate conditions of the ipvpnServicePolicyRule. This property summarizes the conditions of the policy rules within the gpsPolicyGroup. This will enable quick determination of whether any one of the contained policy rules will match the traffic. This property can be automatically derived by examining the policy rules, however the true potential is realized when it is summarized by the administrator. 5.1.2 The Reference ipvpnServicePolicyRouting This is a reference to one or more ipvpnPolicyRoutingAction(s) which implement the IP VPN service topology. The routing actions will enable to administrator to create point to point, hub and spoke, full mesh and partial mesh topologies. The routing actions capture the connectivity requirements of the IP VPN service. 5.1.3 The Reference ipvpnServicePolicyGroup This is a reference to a gpsPolicyGroup which contains the PolicyRules required to implement the ipvpnService. The policy rules capture the security and QoS requirements of the IP VPN service. 5.1.4 The Reference ipvpnServicePolicyDomain This is a reference to an ipvpnPolicyDomain object that holds various domain attributes of the ipvpnServicePolicyRule. The domain attributes are inherited by the nested ipvpnServicePolicyRule(s). The nested containers can override them. The overriding values cannot exceed the scope of the values in the parent ipvpnServicePolicyRule. 5.2 The Class ipvpnApplicationSignatureValue Specifies the L4-L7 characteristics of the packet including application level decodes which require stateful inspection of the packet e.g HTTP, FTP, SMTP, TELNET etc. NAME ipvpnApplicationSignatureValue DESCRIPTION The class for representing L7 application signature to be matched against the traffic DERIVED FROM qoSPolicyValue ABSTRACT FALSE PROPERTIES applicationSignature This class can have several sub classes which reflect the application protocol classification granularity. 5.2.1 The Property applicationSignature NAME applicationSignature DESCRIPTION The property that provides a signature used to identify the application by examining the PDUs SYNTAX String 5.3 The Class ipvpnEnforcerProfileValue Specifies the profile of the enforcer which is supposed to implement the policy. The enforcerProfileValue is specified within a qosPolicySimpleCondition for a qosPolicyVariable named "EnforcerProfile" NAME ipvpnEnforcerProfileValue DESCRIPTION The class for representing the profile of the enforcers which are expected to implement the policy. DERIVED FROM qoSPolicyValue ABSTRACT FALSE PROPERTIES enforcerProfile 5.3.1 The Property enforcerProfile NAME enforcerProfile DESCRIPTION The property that provides a profile used to identify the types of enforcers which are expected to enforce the policy SYNTAX String 5.4 The class ipvpnPolicyRoutingAction NAME ipvpnPolicyRoutingAction DESCRIPTION The class for representing the routing actions. The routing actions should support point to point, hub and spoke, full mesh and partial mesh topology requirements DERIVED FROM PolicyAction ABSTRACT FALSE PROPERTIES ipvpnPolicyRoutingSource [ref gpsPolicyIPv6AddrValue[1]], ipvpnPolicyRoutingDestination [ref gpsPolicyIPv6AddrValue[1]], ipvpnPolicyRoutingMandatoryHops [ref gpsPolicyIPv6AddrValue[0..n]] 5.4.1 The reference ipvpnPolicyRoutingSource This is a reference to an object of type gpsPolicyIPv6AddrValue, which points to the source of this routingAction specification. 5.4.2 The reference ipvpnPolicyRoutingDestination This is a reference to an object of type gpsPolicyIPv6AddrValue, which points to the destination of this routingAction specification. 5.4.3 The reference ipvpnPolicyRoutingMandatoryHops This is a reference to zero or more objects, which point to mandatory hops to be used for the traffic flowing from the ipvpnPolicyRoutingSource to the ipvpnPolicyRoutingDestination 5.5 The class ipvpnPolicyNATAction Specifies which source addresses need to be translated and to what new source addresses NAME NATAction DESCRIPTION The class for representing the network address translation action of the "If Condition then Action" semantics associated with a policy rule. DERIVED FROM PolicyAction ABSTRACT FALSE PROPERTIES TranslateFromIPv4Address TranslateToIPv4Address TranslateFromIPv6Address TranslateToIPv6Address 5.5.1 The property TranslateFromIPv4Address Specifies the original set of Ipv4 addresses that needs to be translated. NAME TranslateFromIPv4Address DESCRIPTION The original IPv4 address that needs to be translated. SYNTAX gpIPv4AddrList 5.5.2 The property TranslateToIPv4Address Specifies the final set of Ipv4 addresses that needs to be translated to. NAME TranslateToIPv4Address DESCRIPTION The final Ipv4 address that needs to be translated to. SYNTAX gpIPv4AddrList 5.5.3 The property TranslateFromIPv6Address Specifies the original set of Ipv6 addresses that needs to be translated. NAME TranslateFromIPv6Address DESCRIPTION The original Ipv6 address that needs to be translated. SYNTAX gpIPv6AddrList 5.5.4 The property TranslateToIPv6Address Specifies the final set of Ipv6 addresses that needs to be translated to. NAME TranslateToIPv6Address DESCRIPTION The final Ipv6 address that needs to be translated to. SYNTAX gpIPv6AddrList 5.6 The class ipvpnPolicyTrafficTrunkAction Specifies the action related to selection of the traffic trunk to be used to transport the traffic through the provider network. This class indicates the traffic trunk parameters that need to be matched when configuring the traffic trunk to be used. This class provides a per VPN bandwidth requirement in terms of traffic trunks. The properties of this action are based on related objects in [QPIM] and [MPIM]. NAME ipvpnPolicyTrafficTrunkAction DESCRIPTION The class for representing the characteristics of the traffic trunk to be used to transport this traffic traffic trunk action of the "If Condition then Action" semantics associated with a policy rule. DERIVED FROM PolicyAction ABSTRACT FALSE PROPERTIES ipvpnTrafficTrunk [ref mplsPolicyTrafficTrunk[0..n]], ipvpnRouteSpecification [ref mplsPolicyRouteSpec[0..n]], ipvpnTrafficProfile [ref qosPolicyPRTrfcProf[0..n]], ipvpnFEC [ref mplsPolicyFEC[0..1]]. 5.6.1 The reference ipvpnTrafficTrunk This property contains an object reference to an mplsPolicyTrafficTrunk instance. The mplsPolicyTrafficTrunk class is defined in [MPIM]. 5.6.2 The reference ipvpnRouteSpecification This property contains an object reference to an mplsPolicyRouteSpec instance. The mplsPolicyRouteSpec class is defined in [MPIM] 5.6.3 The reference ipvpnTrafficProfile This property contains an object reference to a qosPolicyPRTrfcProf instance. The qosPolicyPRTrfcProf class is defined in [QPIM]. 5.6.4 The reference ipvpnFEC This property contains an object reference to a mplsPolicyFEC instance. The qosPolicyFEC class is defined in [QPIM]. 5.7 The class ipvpnPolicyFirewallAction Specifies the firewall action to be enforced such as drop, pass, log, alert etc. The list of possible actions is limited by the attributes in the action object. NAME ipvpnPolicyFirewallAction DESCRIPTION The class for representing the firewall action of the "If Condition then Action" semantics associated with a policy rule. DERIVED FROM PolicyAction ABSTRACT FALSE PROPERTIES Action 5.7.1 The property Action The action defines the type of firewall action to be enforced NAME Action DESCRIPTION The firewall action to be enforced VALUES Integer(ENUM) _ {"Allow"=0;"Allow&Log"=1;"Allow&Alarm"=2;"Deny"= 3;"Deny&Log"=4;"Deny&Alarm"=5} 5.8 The class ipvpnEncryptionAction The encryption standard is assumed to be IPSEC. This class provides the IPSEC parameters required to set up the security association required to handle the encryption and decryption of packets NAME ipvpnEncryptionAction DESCRIPTION The class for representing the encryption action of the "If Condition then Action" semantics associated with a policy rule. DERIVED FROM PolicyAction ABSTRACT TRUE PROPERTIES IkeAuthentication IkeEncryption IkeDHGroup IkeTimeout IkeTrafficBasedExpiry IpsecAuthentication IpsecEncryption IpsecDHGroup IpsecTimeout IpsecTrafficBasedExpiry IkePeerAuthenticationMethod 5.8.1 The property IkeAuthentication The property specifies the authentication algorithm to be used. NAME IkeAuthentication DESCRIPTION The property that specifies the authentication algorithm SYNTAX String 5.8.2 The property IkeEncryption The property specifies the encryption algorithm to be used. NAME IkeEncryption DESCRIPTION The property that specifies the encryption algorithm SYNTAX String 5.8.3 The property IkeDHGroup The property specifies the DHGroup to be used during IKE negotiations NAME IkeDHGroup DESCRIPTION The property that specifies the DHGroup to be used during IKE negotiations SYNTAX String 5.8.4 The property IkeTimeout The property specifies the IKE Timeout to be used. NAME IkeTimeout DESCRIPTION The property that specifies the IKE timeout SYNTAX Integer 5.8.5 The property IkeTrafficBasedExpiry The property specifies the IKE Traffic based expiry to be used. NAME IkeTrafficBasedExpiry DESCRIPTION The property that specifies the IKE traffic based expiry to be used SYNTAX Integer 5.8.6 The property IPSECAuthentication The property specifies the authentication algorithm to be used. NAME IPSECAuthentication DESCRIPTION The property that specifies the authentication algorithm SYNTAX String 5.8.7 The property IPSECEncryption The property specifies the encryption algorithm to be used. NAME IPSECEncryption DESCRIPTION The property that specifies the encryption algorithm SYNTAX String 5.8.8 The property IPSECDHGroup The property specifies the DHGroup to be used during IPSEC negotiations NAME IPSECDHGroup DESCRIPTION The property that specifies the DHGroup to be used during the Phase II negotiations SYNTAX String 5.8.9 The property IPSECTimeout The property specifies the IPSEC Key Timeout to be used. NAME IPSECTimeout DESCRIPTION The property that specifies the IPSEC Key timeout SYNTAX Integer 5.8.10 The property IPSECTrafficBasedExpiry The property specifies the IPSEC Traffic based Key expiry to be used. NAME IPSECTrafficBasedExpiry DESCRIPTION The property that specifies the IPSEC traffic based Key expiry to be used SYNTAX Integer 5.8.11 The property IkePeerAuthenticationMethod The method used by the Ike peers to authenticate each other NAME IkePeerAuthenticationMethod DESCRIPTION The property that specifies the method used by the Ike peers to authenticate each other SYNTAX unsigned 16-bit integer VALUE 0 - a special value which indicates that this particular proposal should be repeated once for each authentication method that corresponds to the credentials installed on the machine. For example, if the system has a pre-shared key and a certificate, a proposal list could be constructed which includes a proposal that specifies pre-shared key and proposals for any of the public-key authentication methods. 1 - Pre-shared key 2 - DSS signatures 3 - RSA signatures 4 - Encryption with RSA 5 - Revised encryption with RSA 6 - Kerberos (issue with assigning number) 5.9 The Class ipvpnPolicyDomain This class holds all the non policy related information for the ipvpnServicePolicyRule. This pertains to the administration, the function and the enforcement domains of the ipvpnServicePolicyRule. NAME ipvpnPolicyDomain DESCRIPTION The ipvpnPolicyDomain holds all the non policy related information for the policies contained in an ipvpnNamedPolicyContainer. DERIVED FROM Policy PROPERTIES policyAdministratorDomain policyFunctionDomain policyEnforcementDomain 5.9.1 The Property policyAdministratorDomain This property relates to the administrative rights to the ipvpnServicePolicy NAME policyAdministratorDomain DESCRIPTION An administrator who belongs to the domain mentioned in this property has administration rights over the ipvpnNamedPolicyContainer. SYNTAX String 5.9.2 The Property policyFunctionDomain This property relates to the function of the ipvpnServicePolicy NAME policyFunctionDomain DESCRIPTION The property relates to the function of the ipvpnServicePolicy such as firewall, QoS, etc. SYNTAX String 5.9.3 The Property policyEnforcementDomain This property relates to the enforcers who need to implement the policies in the ipvpnServicePolicyRule. NAME policyEnforcementDomain DESCRIPTION This property relates to enforcers which need to implement the policies in the ipvpnServicePolicyRule SYNTAX String 6. Policy Rule Class This class represents the core policy class, which is defined in [PCIM]. The attributes of the PolicyRule are mentioned once again in this document for convenience. NAME PolicyRule DESCRIPTION The central class for representing the "If Condition then Action" semantics associated with a policy rule. DERIVED FROM Policy ABSTRACT FALSE PROPERTIES CIM_System.CreationClassName[key] CIM_System.Name[key] CreationClassName[key] PolicyRuleName[key] Enabled ConditionListType RuleUsage Priority Mandatory SequencedActions PolicyRoles 7. Positioning w.r.t. existing policy framework WG drafts: [PCIM], [QPIM] The IP VPN information model is derived from [PCIM]. It extends the classes defined in the [PCIM]. It is a policy application which uses the building blocks provided by the [PCIM]. The IP VPN information model reuses a number of extensions defined in [QPIM]. The expectation (mirrored in the [QPIM]) is that these extensions will be standardized in a separate draft in future. The policy framework group is currently focussed on defining the QoS information model to flush out the constructs before using them in other functional areas. The IP VPN information model is an attempt to satisfy the more immediate requirements of the IP VPN technology vendors keeping in mind the goals of the [QPIM]. This draft will try to track the changes being made to the [QPIM] wherever appropriate. This will ensure a parallel evolution of the IP VPN information model on the lines of the [QPIM]. 8. Extending the IP VPN information model The IP VPN information model can be extended to adapt to the changing landscape of technologies and classification criteria. The important areas, which are most likely to see extensions, are listed below. 1. PolicyAction[PCIM] The policy action class will be extended to include new functionality being addressed in the service provider requirements for IP VPNs. These extensions could extend from the action classes defined in this document if they fit within the action categories identified by the policy actions defined in this document. 2. IpvpnApplicationSignatureValue(this document) The application signature value class could be extended to satisfy requirements of new applications to be supported within IP VPNs , e.g. SLA support for a new VOIP application schemes of identifying a network as well as new applications. The Application tag is an abstract class and needs to be extended with protocol specific filters The IP VPN policy information model supports the currently known IP VPN services namely connectivity, security and QoS. The IP VPN Policy Information model can be extended to support new network requirements generated as a result of new network functions and the corresponding IP VPN services. 9. Security Considerations This document does not raise any new security considerations beyond the ones existing in the [PCIM]. 10. References [PFRAME] W. Weiss, H. Mahon, B. Moore, J. Strassner , G. Waters, A. Westerinen, J. Wheeler, "Policy Framework", , Sept 99. [PCIM] J. Strassner, E. Ellesson, B. Moore, "Policy Core Information Model _ Version 1 Specification", Internet Draft , Oct 2000 [QPIM] Y. Snir, Y Ramberg, J. Strassner, R. Cohen, _Policy Framework QoS Information Model_, Internet Draft , November 2000 [QOSIM-LDAP] Y. Snir, Y Ramberg, J. Strassner, R. Cohen, _QoS Policy Schema_, Internet Draft , Feb 2000 [IPSECIM] Jamie Jason, _IPsec Configuration Policy Model_, Internet Draft , July 2000 [SLS] Yves T' joens et all _Service Level Specification Semantics and Parameters_, Internet Draft , Oct 2000 [QDDIM] Strassner, et al. _Information Model for Describing Network Device QoS Mechanisms for Differentiated Services_, Internet Draft , Nov 2000 [MPIM] R. Chadha et all, _Policy Framework MPLS Information Model for QoS and TE_, Internet Draft ,November 2000 11. Author's Addresses Mahadevan Iyer Alcatel Inc 595 Yosemite Blvd, Milpitas, CA Email: mahadevan.iyer@ind.alcatel.com Full Copyright Statement "Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into