RFC 3460
Policy Core Information Model (PCIM) Extensions
7. Association and Aggregation Definitions
The following definitions supplement those in PCIM itself. PCIM definitions that are not DEPRECATED here are still current parts of the overall Policy Core Information Model.7.1. The Aggregation "PolicySetComponent"
PolicySetComponent is a new aggregation class that collects instances of PolicySet subclasses (PolicyGroups and PolicyRules) into coherent sets of policies.
NAME PolicySetComponent
DESCRIPTION A concrete class representing the components of a
policy set that have the same decision strategy, and
are prioritized within the set.
DERIVED FROM PolicyComponent
ABSTRACT FALSE
PROPERTIES GroupComponent[ref PolicySet[0..n]]
PartComponent[ref PolicySet[0..n]]
Priority
The definition of the Priority property is unchanged from its
previous definition in [PCIM].
NAME Priority
DESCRIPTION A non-negative integer for prioritizing this
PolicySet component relative to other components of
the same PolicySet. A larger value indicates a
higher priority.
SYNTAX uint16
DEFAULT VALUE 0
7.2. Deprecate PCIM's Aggregation "PolicyGroupInPolicyGroup"
The new aggregation PolicySetComponent is used directly to represent
aggregation of PolicyGroups by a higher-level PolicyGroup. Thus the
aggregation PolicyGroupInPolicyGroup is no longer needed, and can be
deprecated.
NAME PolicyGroupInPolicyGroup
DEPRECATED FOR PolicySetComponent
DESCRIPTION A class representing the aggregation of PolicyGroups
by a higher-level PolicyGroup.
DERIVED FROM PolicyComponent
ABSTRACT FALSE
PROPERTIES GroupComponent[ref PolicyGroup[0..n]]
PartComponent[ref PolicyGroup[0..n]]
7.3. Deprecate PCIM's Aggregation "PolicyRuleInPolicyGroup"
The new aggregation PolicySetComponent is used directly to represent
aggregation of PolicyRules by a PolicyGroup. Thus the aggregation
PolicyRuleInPolicyGroup is no longer needed, and can be deprecated.
NAME PolicyRuleInPolicyGroup
DEPRECATED FOR PolicySetComponent
DESCRIPTION A class representing the aggregation of PolicyRules
by a PolicyGroup.
DERIVED FROM PolicyComponent
ABSTRACT FALSE
PROPERTIES GroupComponent[ref PolicyGroup[0..n]]
PartComponent[ref PolicyRule[0..n]]
7.4. The Abstract Association "PolicySetInSystem"
PolicySetInSystem is a new association that defines a relationship
between a System and a PolicySet used in the administrative scope of
that system (e.g., AdminDomain, ComputerSystem). The Priority
property is used to assign a relative priority to a PolicySet within
the administrative scope in contexts where it is not a component of
another PolicySet.
NAME PolicySetInSystem
DESCRIPTION An abstract class representing the relationship
between a System and a PolicySet that is used in the
administrative scope of the System.
DERIVED FROM PolicyInSystem
ABSTRACT TRUE
PROPERTIES Antecedent[ref System[0..1]]
Dependent [ref PolicySet[0..n]]
Priority
The Priority property is used to specify the relative priority of the
referenced PolicySet when there are more than one PolicySet instances
applied to a managed resource that are not PolicySetComponents and,
therefore, have no other relative priority defined.
NAME Priority
DESCRIPTION A non-negative integer for prioritizing the
referenced PolicySet among other PolicySet
instances that are not components of a common
PolicySet. A larger value indicates a higher
priority.
SYNTAX uint16
DEFAULT VALUE 0
7.5. Update PCIM's Weak Association "PolicyGroupInSystem"
Regardless of whether it a component of another PolicySet, a
PolicyGroup is itself defined within the scope of a System. This
association links a PolicyGroup to the System in whose scope the
PolicyGroup is defined. It is a subclass of the abstract
PolicySetInSystem association. The class definition for the
association is as follows:
NAME PolicyGroupInSystem
DESCRIPTION A class representing the fact that a PolicyGroup is
defined within the scope of a System.
DERIVED FROM PolicySetInSystem
ABSTRACT FALSE
PROPERTIES Antecedent[ref System[1..1]]
Dependent [ref PolicyGroup[weak]]
The Reference "Antecedent" is inherited from PolicySetInSystem, and
overridden to restrict its cardinality to [1..1]. It serves as an
object reference to a System that provides a scope for one or more
PolicyGroups. Since this is a weak association, the cardinality for
this object reference is always 1, that is, a PolicyGroup is always
defined within the scope of exactly one System.
The Reference "Dependent" is inherited from PolicySetInSystem, and
overridden to become an object reference to a PolicyGroup defined
within the scope of a System. Note that for any single instance of
the association class PolicyGroupInSystem, this property (like all
reference properties) is single-valued. The [0..n] cardinality
indicates that a given System may have 0, 1, or more than one
PolicyGroups defined within its scope.
7.6. Update PCIM's Weak Association "PolicyRuleInSystem"
Regardless of whether it a component of another PolicySet, a
PolicyRule is itself defined within the scope of a System. This
association links a PolicyRule to the System in whose scope the
PolicyRule is defined. It is a subclass of the abstract
PolicySetInSystem association. The class definition for the
association is as follows:
NAME PolicyRuleInSystem
DESCRIPTION A class representing the fact that a PolicyRule is
defined within the scope of a System.
DERIVED FROM PolicySetInSystem
ABSTRACT FALSE
PROPERTIES Antecedent[ref System[1..1]]
Dependent[ref PolicyRule[weak]]
The Reference "Antecedent" is inherited from PolicySetInSystem, and
overridden to restrict its cardinality to [1..1]. It serves as an
object reference to a System that provides a scope for one or more
PolicyRules. Since this is a weak association, the cardinality for
this object reference is always 1, that is, a PolicyRule is always
defined within the scope of exactly one System.
The Reference "Dependent" is inherited from PolicySetInSystem, and overridden to become an object reference to a PolicyRule defined within the scope of a System. Note that for any single instance of the association class PolicyRuleInSystem, this property (like all Reference properties) is single-valued. The [0..n] cardinality indicates that a given System may have 0, 1, or more than one PolicyRules defined within its scope.7.7. The Abstract Aggregation "PolicyConditionStructure"
NAME PolicyConditionStructure DESCRIPTION A class representing the aggregation of PolicyConditions by an aggregating instance. DERIVED FROM PolicyComponent ABSTRACT TRUE PROPERTIES PartComponent[ref PolicyCondition[0..n]] GroupNumber ConditionNegated7.8. Update PCIM's Aggregation "PolicyConditionInPolicyRule"
The PCIM aggregation "PolicyConditionInPolicyRule" is updated, to make it a subclass of the new abstract aggregation PolicyConditionStructure. The properties GroupNumber and ConditionNegated are now inherited, rather than specified explicitly as they were in PCIM. NAME PolicyConditionInPolicyRule DESCRIPTION A class representing the aggregation of PolicyConditions by a PolicyRule. DERIVED FROM PolicyConditionStructure ABSTRACT FALSE PROPERTIES GroupComponent[ref PolicyRule[0..n]]7.9. The Aggregation "PolicyConditionInPolicyCondition"
A second subclass of PolicyConditionStructure is defined, representing the compounding of policy conditions into a higher-level policy condition. NAME PolicyConditionInPolicyCondition DESCRIPTION A class representing the aggregation of PolicyConditions by another PolicyCondition. DERIVED FROM PolicyConditionStructure ABSTRACT FALSE PROPERTIES GroupComponent[ref CompoundPolicyCondition[0..n]]
7.10. The Abstract Aggregation "PolicyActionStructure"
NAME PolicyActionStructure DESCRIPTION A class representing the aggregation of PolicyActions by an aggregating instance. DERIVED FROM PolicyComponent ABSTRACT TRUE PROPERTIES PartComponent[ref PolicyAction[0..n]] ActionOrder The definition of the ActionOrder property appears in Section 7.8.3 of PCIM [1].7.11. Update PCIM's Aggregation "PolicyActionInPolicyRule"
The PCIM aggregation "PolicyActionInPolicyRule" is updated, to make it a subclass of the new abstract aggregation PolicyActionStructure. The property ActionOrder is now inherited, rather than specified explicitly as it was in PCIM. NAME PolicyActionInPolicyRule DESCRIPTION A class representing the aggregation of PolicyActions by a PolicyRule. DERIVED FROM PolicyActionStructure ABSTRACT FALSE PROPERTIES GroupComponent[ref PolicyRule[0..n]]7.12. The Aggregation "PolicyActionInPolicyAction"
A second subclass of PolicyActionStructure is defined, representing the compounding of policy actions into a higher-level policy action. NAME PolicyActionInPolicyAction DESCRIPTION A class representing the aggregation of PolicyActions by another PolicyAction. DERIVED FROM PolicyActionStructure ABSTRACT FALSE PROPERTIES GroupComponent[ref CompoundPolicyAction[0..n]]7.13. The Aggregation "PolicyVariableInSimplePolicyCondition"
A simple policy condition is represented as an ordered triplet {variable, operator, value}. This aggregation provides the linkage between a SimplePolicyCondition instance and a single PolicyVariable. The aggregation PolicyValueInSimplePolicyCondition links the SimplePolicyCondition to a single PolicyValue. The Operator property of SimplePolicyCondition represents the third element of the triplet, the operator.
The class definition for this aggregation is as follows:
NAME PolicyVariableInSimplePolicyCondition
DERIVED FROM PolicyComponent
ABSTRACT False
PROPERTIES GroupComponent[ref SimplePolicyCondition[0..n]]
PartComponent[ref PolicyVariable[1..1] ]
The reference property "GroupComponent" is inherited from
PolicyComponent, and overridden to become an object reference to a
SimplePolicyCondition that contains exactly one PolicyVariable. Note
that for any single instance of the aggregation class
PolicyVariableInSimplePolicyCondition, this property is single-
valued. The [0..n] cardinality indicates that there may be 0, 1, or
more SimplePolicyCondition objects that contain any given policy
variable object.
The reference property "PartComponent" is inherited from
PolicyComponent, and overridden to become an object reference to a
PolicyVariable that is defined within the scope of a
SimplePolicyCondition. Note that for any single instance of the
association class PolicyVariableInSimplePolicyCondition, this
property (like all reference properties) is single-valued. The
[1..1] cardinality indicates that a SimplePolicyCondition must have
exactly one policy variable defined within its scope in order to be
meaningful.
7.14. The Aggregation "PolicyValueInSimplePolicyCondition"
A simple policy condition is represented as an ordered triplet
{variable, operator, value}. This aggregation provides the linkage
between a SimplePolicyCondition instance and a single PolicyValue.
The aggregation PolicyVariableInSimplePolicyCondition links the
SimplePolicyCondition to a single PolicyVariable. The Operator
property of SimplePolicyCondition represents the third element of the
triplet, the operator.
The class definition for this aggregation is as follows:
NAME PolicyValueInSimplePolicyCondition
DERIVED FROM PolicyComponent
ABSTRACT False
PROPERTIES GroupComponent[ref SimplePolicyCondition[0..n]]
PartComponent[ref PolicyValue[1..1] ]
The reference property "GroupComponent" is inherited from
PolicyComponent, and overridden to become an object reference to a
SimplePolicyCondition that contains exactly one PolicyValue. Note
that for any single instance of the aggregation class PolicyValueInSimplePolicyCondition, this property is single-valued. The [0..n] cardinality indicates that there may be 0, 1, or more SimplePolicyCondition objects that contain any given policy value object. The reference property "PartComponent" is inherited from PolicyComponent, and overridden to become an object reference to a PolicyValue that is defined within the scope of a SimplePolicyCondition. Note that for any single instance of the association class PolicyValueInSimplePolicyCondition, this property (like all reference properties) is single-valued. The [1..1] cardinality indicates that a SimplePolicyCondition must have exactly one policy value defined within its scope in order to be meaningful.7.15. The Aggregation "PolicyVariableInSimplePolicyAction"
A simple policy action is represented as a pair {variable, value}. This aggregation provides the linkage between a SimplePolicyAction instance and a single PolicyVariable. The aggregation PolicyValueInSimplePolicyAction links the SimplePolicyAction to a single PolicyValue. The class definition for this aggregation is as follows: NAME PolicyVariableInSimplePolicyAction DERIVED FROM PolicyComponent ABSTRACT False PROPERTIES GroupComponent[ref SimplePolicyAction[0..n]] PartComponent[ref PolicyVariable[1..1] ] The reference property "GroupComponent" is inherited from PolicyComponent, and overridden to become an object reference to a SimplePolicyAction that contains exactly one PolicyVariable. Note that for any single instance of the aggregation class PolicyVariableInSimplePolicyAction, this property is single-valued. The [0..n] cardinality indicates that there may be 0, 1, or more SimplePolicyAction objects that contain any given policy variable object. The reference property "PartComponent" is inherited from PolicyComponent, and overridden to become an object reference to a PolicyVariable that is defined within the scope of a SimplePolicyAction. Note that for any single instance of the association class PolicyVariableInSimplePolicyAction, this property (like all reference properties) is single-valued. The [1..1] cardinality indicates that a SimplePolicyAction must have exactly one policy variable defined within its scope in order to be meaningful.
7.16. The Aggregation "PolicyValueInSimplePolicyAction"
A simple policy action is represented as a pair {variable, value}. This aggregation provides the linkage between a SimplePolicyAction instance and a single PolicyValue. The aggregation PolicyVariableInSimplePolicyAction links the SimplePolicyAction to a single PolicyVariable. The class definition for this aggregation is as follows: NAME PolicyValueInSimplePolicyAction DERIVED FROM PolicyComponent ABSTRACT False PROPERTIES GroupComponent[ref SimplePolicyAction[0..n]] PartComponent[ref PolicyValue[1..1] ] The reference property "GroupComponent" is inherited from PolicyComponent, and overridden to become an object reference to a SimplePolicyAction that contains exactly one PolicyValue. Note that for any single instance of the aggregation class PolicyValueInSimplePolicyAction, this property is single-valued. The [0..n] cardinality indicates that there may be 0, 1, or more SimplePolicyAction objects that contain any given policy value object. The reference property "PartComponent" is inherited from PolicyComponent, and overridden to become an object reference to a PolicyValue that is defined within the scope of a SimplePolicyAction. Note that for any single instance of the association class PolicyValueInSimplePolicyAction, this property (like all reference properties) is single-valued. The [1..1] cardinality indicates that a SimplePolicyAction must have exactly one policy value defined within its scope in order to be meaningful.7.17. The Association "ReusablePolicy"
The association ReusablePolicy makes it possible to include any subclass of the abstract class "Policy" in a ReusablePolicyContainer. NAME ReusablePolicy DESCRIPTION A class representing the inclusion of a reusable policy element in a ReusablePolicyContainer. Reusable elements may be PolicyGroups, PolicyRules, PolicyConditions, PolicyActions, PolicyVariables, PolicyValues, or instances of any other subclasses of the abstract class Policy.
DERIVED FROM PolicyInSystem ABSTRACT FALSE PROPERTIES Antecedent[ref ReusablePolicyContainer[0..1]]7.18. Deprecate PCIM's "PolicyConditionInPolicyRepository"
NAME PolicyConditionInPolicyRepository DEPRECATED FOR ReusablePolicy DESCRIPTION A class representing the inclusion of a reusable PolicyCondition in a PolicyRepository. DERIVED FROM PolicyInSystem ABSTRACT FALSE PROPERTIES Antecedent[ref PolicyRepository[0..1]] Dependent[ref PolicyCondition[0..n]]7.19. Deprecate PCIM's "PolicyActionInPolicyRepository"
NAME PolicyActionInPolicyRepository DEPRECATED FOR ReusablePolicy DESCRIPTION A class representing the inclusion of a reusable PolicyAction in a PolicyRepository. DERIVED FROM PolicyInSystem ABSTRACT FALSE PROPERTIES Antecedent[ref PolicyRepository[0..1]] Dependent[ref PolicyAction[0..n]]7.20. The Association ExpectedPolicyValuesForVariable
This association links a PolicyValue object to a PolicyVariable object, modeling the set of expected values for that PolicyVariable. Using this association, a variable (instance) may be constrained to be bound- to/assigned only a set of allowed values. For example, modeling an enumerated source port variable, one creates an instance of the PolicySourcePortVariable class and associates with it the set of values (integers) representing the allowed enumeration, using appropriate number of instances of the ExpectedPolicyValuesForVariable association. Note that a single variable instance may be constrained by any number of values, and a single value may be used to constrain any number of variables. These relationships are manifested by the n-to-m cardinality of the association. The purpose of this association is to support validation of simple policy conditions and simple policy actions, prior to their deployment to an enforcement point. This association, and the
PolicyValue object that it refers to, plays no role when a PDP or a PEP is evaluating a simple policy condition, or executing a simple policy action. See Section 5.8.3 for more details on this point. The class definition for the association is as follows: NAME ExpectedPolicyValuesForVariable DESCRIPTION A class representing the association of a set of expected values to a variable object. DERIVED FROM Dependency ABSTRACT FALSE PROPERTIES Antecedent [ref PolicyVariable[0..n]] Dependent [ref PolicyValue [0..n]] The reference property Antecedent is inherited from Dependency. Its type and cardinality are overridden to provide the semantics of a variable optionally having value constraints. The [0..n] cardinality indicates that any number of variables may be constrained by a given value. The reference property "Dependent" is inherited from Dependency, and overridden to become an object reference to a PolicyValue representing the values that a particular PolicyVariable can have. The [0..n] cardinality indicates that a given policy variable may have 0, 1 or more than one PolicyValues defined to model the set(s) of values that the policy variable can take.7.21. The Aggregation "ContainedDomain"
The aggregation ContainedDomain provides a means of nesting of one ReusablePolicyContainer inside another one. The aggregation is defined at the level of ReusablePolicyContainer's superclass, AdminDomain, to give it applicability to areas other than Core Policy. NAME ContainedDomain DESCRIPTION A class representing the aggregation of lower level administrative domains by a higher-level AdminDomain. DERIVED FROM SystemComponent ABSTRACT FALSE PROPERTIES GroupComponent[ref AdminDomain [0..n]] PartComponent[ref AdminDomain [0..n]]
7.22. Deprecate PCIM's "PolicyRepositoryInPolicyRepository"
NAME PolicyRepositoryInPolicyRepository DEPRECATED FOR ContainedDomain DESCRIPTION A class representing the aggregation of PolicyRepositories by a higher-level PolicyRepository. DERIVED FROM SystemComponent ABSTRACT FALSE PROPERTIES GroupComponent[ref PolicyRepository[0..n]] PartComponent[ref PolicyRepository[0..n]]7.23. The Aggregation "EntriesInFilterList"
This aggregation is a specialization of the Component aggregation; it is used to define a set of filter entries (subclasses of FilterEntryBase) that are aggregated by a FilterList. The cardinalities of the aggregation itself are 0..1 on the FilterList end, and 0..n on the FilterEntryBase end. Thus in the general case, a filter entry can exist without being aggregated into any FilterList. However, the only way a filter entry can figure in the PCIMe model is by being aggregated into a FilterList by this aggregation. The class definition for the aggregation is as follows: NAME EntriesInFilterList DESCRIPTION An aggregation used to define a set of filter entries (subclasses of FilterEntryBase) that are aggregated by a particular FilterList. DERIVED FROM Component ABSTRACT False PROPERTIES GroupComponent[ref FilterList[0..1]], PartComponent[ref FilterEntryBase[0..n], EntrySequence7.23.1. The Reference GroupComponent
This property is overridden in this aggregation to represent an object reference to a FilterList object (instead of to the more generic ManagedSystemElement object defined in its superclass). It also restricts the cardinality of the aggregate to 0..1 (instead of the more generic 0-or-more), representing the fact that a filter entry always exists within the context of at most one FilterList.
7.23.2. The Reference PartComponent
This property is overridden in this aggregation to represent an object reference to a FilterEntryBase object (instead of to the more generic ManagedSystemElement object defined in its superclass). This object represents a single filter entry, which may be aggregated with other filter entries to form the FilterList.7.23.3. The Property EntrySequence
An unsigned 16-bit integer indicating the order of the filter entry relative to all others in the FilterList. The default value '0' indicates that order is not significant, because the entries in this FilterList are ANDed together.7.24. The Aggregation "ElementInPolicyRoleCollection"
The following aggregation is used to associate ManagedElements with a PolicyRoleCollection object that represents a role played by these ManagedElements. NAME ElementInPolicyRoleCollection DESCRIPTION A class representing the inclusion of a ManagedElement in a collection, specified as having a given role. All the managed elements in the collection share the same role. DERIVED FROM MemberOfCollection ABSTRACT FALSE PROPERTIES Collection[ref PolicyRoleCollection [0..n]] Member[ref ManagedElement [0..n]]7.25. The Weak Association "PolicyRoleCollectionInSystem"
A PolicyRoleCollection is defined within the scope of a System. This association links a PolicyRoleCollection to the System in whose scope it is defined. When associating a PolicyRoleCollection with a System, this should be done consistently with the system that scopes the policy rules/groups that are applied to the resources in that collection. A PolicyRoleCollection is associated with the same system as the applicable PolicyRules and/or PolicyGroups, or to a System higher in the tree formed by the SystemComponent association. The class definition for the association is as follows:
NAME PolicyRoleCollectionInSystem
DESCRIPTION A class representing the fact that a
PolicyRoleCollection is defined within the scope of
a System.
DERIVED FROM Dependency
ABSTRACT FALSE
PROPERTIES Antecedent[ref System[1..1]]
Dependent[ref PolicyRoleCollection[weak]]
The reference property Antecedent is inherited from Dependency, and
overridden to become an object reference to a System, and to restrict
its cardinality to [1..1]. It serves as an object reference to a
System that provides a scope for one or more PolicyRoleCollections.
Since this is a weak association, the cardinality for this object
reference is always 1, that is, a PolicyRoleCollection is always
defined within the scope of exactly one System.
The reference property Dependent is inherited from Dependency, and
overridden to become an object reference to a PolicyRoleCollection
defined within the scope of a System. Note that for any single
instance of the association class PolicyRoleCollectionInSystem, this
property (like all Reference properties) is single-valued. The
[0..n] cardinality indicates that a given System may have 0, 1, or
more than one PolicyRoleCollections defined within its scope.
8. Intellectual Property
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11.
Copies of claims of rights made available for publication and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
9. Acknowledgements
The starting point for this document was PCIM itself [1], and the first three submodels derived from it [11], [12], [13]. The authors of these documents created the extensions to PCIM, and asked the questions about PCIM, that are reflected in PCIMe.10. Contributors
This document includes text written by a number of authors (including the editor), that was subsequently merged by the editor. The following people contributed text to this document: Lee Rafalow IBM Corporation, BRQA/501 4205 S. Miami Blvd. Research Triangle Park, NC 27709 Phone: +1 919-254-4455 Fax: +1 919-254-6243 EMail: rafalow@us.ibm.com Yoram Ramberg Cisco Systems 4 Maskit Street Herzliya Pituach, Israel 46766 Phone: +972-9-970-0081 Fax: +972-9-970-0219 EMail: yramberg@cisco.com Yoram Snir Cisco Systems 4 Maskit Street Herzliya Pituach, Israel 46766 Phone: +972-9-970-0085 Fax: +972-9-970-0366 EMail: ysnir@cisco.com
Andrea Westerinen Cisco Systems Building 20 725 Alder Drive Milpitas, CA 95035 Phone: +1-408-853-8294 Fax: +1-408-527-6351 EMail: andreaw@cisco.com Ritu Chadha Telcordia Technologies MCC 1J-218R 445 South Street Morristown NJ 07960. Phone: +1-973-829-4869 Fax: +1-973-829-5889 EMail: chadha@research.telcordia.com Marcus Brunner NEC Europe Ltd. C&C Research Laboratories Adenauerplatz 6 D-69115 Heidelberg, Germany Phone: +49 (0)6221 9051129 Fax: +49 (0)6221 9051155 EMail: brunner@ccrle.nec.de Ron Cohen Ntear LLC EMail: ronc@ntear.com John Strassner INTELLIDEN, Inc. 90 South Cascade Avenue Colorado Springs, CO 80903 Phone: +1-719-785-0648 EMail: john.strassner@intelliden.com
11. Security Considerations
The Policy Core Information Model (PCIM) [1] describes the general security considerations related to the general core policy model. The extensions defined in this document do not introduce any additional considerations related to security.12. Normative References
[1] Moore, B., Ellesson, E., Strassner, J. and A. Westerinen, "Policy Core Information Model -- Version 1 Specification", RFC 3060, February 2001. [2] Distributed Management Task Force, Inc., "DMTF Technologies: CIM Standards CIM Schema: Version 2.5", available at http://www.dmtf.org/standards/cim_schema_v25.php. [3] Distributed Management Task Force, Inc., "Common Information Model (CIM) Specification: Version 2.2", June 14, 1999, available at http://www.dmtf.org/standards/documents/CIM/DSP0004.pdf. [4] Mockapetris, P., "Domain Names - implementation and specification", STD 13, RFC 1035, November 1987. [5] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997. [6] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. [7] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998. [8] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.13. Informative References
[9] Hovey, R. and S. Bradner, "The Organizations Involved in the IETF Standards Process", BCP 11, RFC 2028, October 1996. [10] Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J. and Waldbusser, "Terminology for Policy-Based Management", RFC 3198, November 2001.
[11] Snir, Y., and Y. Ramberg, J. Strassner, R. Cohen, "Policy QoS Information Model", Work in Progress. [12] Jason, J., and L. Rafalow, E. Vyncke, "IPsec Configuration Policy Model", Work in Progress. [13] Chadha, R., and M. Brunner, M. Yoshida, J. Quittek, G. Mykoniatis, A. Poylisher, R. Vaidyanathan, A. Kind, F. Reichmeyer, "Policy Framework MPLS Information Model for QoS and TE", Work in Progress. [14] S. Waldbusser, and J. Saperia, T. Hongal, "Policy Based Management MIB", Work in Progress. [15] B. Moore, and D. Durham, J. Halpern, J. Strassner, A. Westerinen, W. Weiss, "Information Model for Describing Network Device QoS Datapath Mechanisms", Work in Progress.Author's Address
Bob Moore IBM Corporation, BRQA/501 4205 S. Miami Blvd. Research Triangle Park, NC 27709 Phone: +1 919-254-4436 Fax: +1 919-254-6243 EMail: remoore@us.ibm.com
Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.