[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

snmpconf RE: Policy issues: definition of Roles

A role is just one of possibly many selectors that is used to download a 
subset of appropriate policies from a much larger set of availale policies.

A role can be specified as part of a policy condition or action, both of 
which are components of a policy rule as defined in the Policy Core 
Information Model.


At 05:23 PM 1/31/00 -0800, Andrew Smith wrote:
>e.g. "HTTP traffic gets AF treatment on all Ethernet and FDDI interfaces" is
>a policy rule that references two roles: "Ethernet interfaces" and "FDDI
>interfaces". You wouldn't bother sending that rule to token-ring devices.
>(I guess I'm really an assembler programmer so I don't understand these
>"class" and "subclass" things you talk about).
>P.S. Maybe we should drop the "policy framework" list from this thread since
>this appears to be purely a "device" thing. But I did think we were
>attempting the (maybe thankless) task of unifying the terminology between
>all the WGs.
>-----Original Message-----
>From: Ken Roberts [mailto:kjr@nortelnetworks.com]
>Sent: Monday, January 31, 2000 4:42 PM
>To: Andrew Smith; 'Bob Natale'
>Cc: policy@raleigh.ibm.com; 'snmpconf@snmp.com'
>Subject: RE: Policy issues: definition of Roles
>Gents & others,
>I'm a little confused by Andrew's statement of a policy that has multiple
>roles. I understood a policy had rules. Rules may be crafted to include the
>notion of roles but are they separate rules or sub classes of one rule?
>When the statement "A policy that references roles W and X" is made does
>this imply there is a matrix relationship that can be established from one
>parent policy (/rule)? How is this managed? Why is this required? If
>policies have hierarchical structure can this not be done with containment
>or another relationship?
>I think I had better re-read the thread as maybe I've missed something.
>Ken Roberts
>INM Product Architecture
>Nortel Networks
>?ESN   :        655-7844                        ?Direct  : 408-565-7844
>?  Fax    :        408-565-8226
>? email :      kjr@nortelnetworks.com
>This message may contain information proprietary to Nortel Networks
>Corporation so any
>unauthorised disclosure, copying or distribution of its contents is strictly
>  -----Original Message-----
>From:   Andrew Smith [mailto:andrew@extremenetworks.com]
>Sent:   Monday, January 31, 2000 3:36 PM
>To:     'Bob Natale'
>Cc:     policy@raleigh.ibm.com; 'snmpconf@snmp.com'
>Subject:        RE: Policy issues: definition of Roles
>And, in particular, you only need to tell the device about those roles that
>are relevant to it - that is where the big savings are, I think. e.g.
>1. Device A has roles W, X and Y.
>2. Device B has roles W, X and Z.
>3. A policy that references roles W and X should be downloaded to both
>4. A policy that references roles W and Y should be downloaded only to
>device A, not device B.
>The role combination concept in the PIB was introduced specifically in order
>to do this: you have to be able to list only those roles that are relevant
>to the policy, not necessarily ALL roles on the device, in a role
>(Apologies if I'm repeating stuff here).
> > -----Original Message-----
> > From: Bob Natale [mailto:bnatale@acecomm.com]
> > Sent: Monday, January 31, 2000 3:27 PM
> > To: Andrew Smith
> > Cc: policy@raleigh.ibm.com
> > Subject: RE: Policy issues: definition of Roles
> > That works fine for me.  All I care about on this thread is that a
> > "role combination" DOES NOT HAVE to include ALL of the roles supported
> > by a network entity/component (although there MAY well be a role
> > combination which does incorporate all roles supported by a network
> > entity/component).