[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Protocol Action: COPS Usage for Policy Provisioning to Proposed Standard
- To: IETF-Announce: ;
- Subject: Protocol Action: COPS Usage for Policy Provisioning to Proposed Standard
- From: The IESG <iesg@ietf.org>
- Date: Tue, 06 Feb 2001 09:23:27 -0800
- Cc: RFC Editor <rfc-editor@isi.edu>, IANA <iana@iana.org>
- Cc: Internet Architecture Board <iab@isi.edu>
- Cc: rap@ops.ietf.org
- Delivery-date: Tue, 06 Feb 2001 09:24:54 -0800
- Envelope-to: rap-data@psg.com
The IESG has approved the Internet-Draft 'COPS Usage for Policy
Provisioning' <draft-ietf-rap-pr-05.txt> as a Proposed Standard. This
document is the product of the Resource Allocation Protocol Working
Group. The IESG contact persons are Bert Wijnen and Randy Bush.
Technical Summary
This document describes the use of the COPS protocol [COPS] for
support of policy provisioning (COPS-PR). This specification is
independent of the type of policy being provisioned (QoS,
Security, etc.), but rather focuses on the mechanisms and
conventions used to communicate provisioned information between
PDPs and PEPs. The protocol extensions described in this
document do not make assumptions about the policy data model
being communicated, but describe the message formats and objects
that carry the modeled policy data.
Working Group Summary
The RAP WG has consensus on publication of this document as a
Proposed Standard.
Protocol Quality
The specification has been reviewed for the IESG by Bert Wijnen.
Notes to RFC-Editor:
1.Please in section 1.1, remove the last 2 paragraphs.
So section 1.1 should read:
1.1. Why COPS for Provisioning?
COPS-PR has been designed within a framework that is optimized for
efficiently provisioning policies across devices, based on the
requirements defined in [RAP]. First, COPS-PR allows for efficient
transport of attributes, large atomic transactions of data, and
efficient and flexible error reporting. Second, as it has a single
connection between the policy client and server per area of policy
control identified by a COPS Client-Type, it guarantees only one
server updates a particular policy configuration at any given
time. Such a policy configuration is effectively locked, even from
local console configuration, while the PEP is connected to a PDP
via COPS. COPS uses reliable TCP transport and, thus, uses a state
sharing/synchronization mechanism and exchanges differential
updates only. If either the server or client are rebooted (or
restarted) the other would know about it quickly. Last, it is
defined as a real-time event-driven communications mechanism,
never requiring polling between the PEP and PDP.
2.Pls replace the security section with this text:
8. Security Considerations
The COPS protocol [COPS], from which this document derives, describes the
mandatory security mechanisms that MUST be supported by all COPS
implementations. These mandatory security mechanisms are used by the COPS
protocol to transfer opaque information from PEP to PDP and vice versa in an
authenticated and secure manner. COPS for Policy Provisioning simply defines
a structure for this opaque information already carried by the COPS
protocol. As such, the security mechanisms described for the COPS protocol
will also be deployed in a COPS-PR environment, thereby ensuring the
integrity of the COPS-PR information being communicated. Furthermore, in
order to fully describe a practical set of structured data for use with
COPS-PR, a PIB (Policy Information Base) will likely be written in a
separate document. The authors of such a PIB document need to be aware of
the security concerns associated with the specific data they have defined.
These concerns MUST be fully specified in the security considerations
section of the PIB document along with the required security mechanisms for
transporting this newly defined data.