Browse Prior Art Database

IPsec Configuration Policy Information Model (RFC3585)

IP.com Disclosure Number: IPCOM000019019D
Original Publication Date: 2003-Aug-01
Included in the Prior Art Database: 2003-Aug-27

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Jason: AUTHOR [+3]

Abstract

This document presents an object-oriented information model of IP Security (IPsec) policy designed to facilitate agreement about the content and semantics of IPsec policy, and enable derivations of task-specific representations of IPsec policy such as storage schema, distribution representations, and policy specification languages used to configure IPsec-enabled endpoints. The information model described in this document models the configuration parameters defined by IPSec. The information model also covers the parameters found by the Internet Key Exchange protocol (IKE). Other key exchange protocols could easily be added to the information model by a simple extension. Further extensions can further be added easily due to the object-oriented nature of the model.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group J. Jason

Request for Comments: 3585 Intel Corporation

Category: Standards Track L. Rafalow

IBM

E. Vyncke

Cisco Systems

August 2003

IPsec Configuration Policy Information Model

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

This document presents an object-oriented information model of IP

Security (IPsec) policy designed to facilitate agreement about the

content and semantics of IPsec policy, and enable derivations of

task-specific representations of IPsec policy such as storage schema,

distribution representations, and policy specification languages used

to configure IPsec-enabled endpoints. The information model

described in this document models the configuration parameters

defined by IPSec. The information model also covers the parameters

found by the Internet Key Exchange protocol (IKE). Other key

exchange protocols could easily be added to the information model by

a simple extension. Further extensions can further be added easily

due to the object-oriented nature of the model.

This information model is based upon the core policy classes as

defined in the Policy Core Information Model (PCIM) and in the Policy

Core Information Model Extensions (PCIMe).

Jason, et al. Standards Track [Page 1]

RFC 3585 IPsec Configuration Policy Model August 2003

Table of Contents

1. Introduction.................................................. 3

2. UML Conventions............................................... 4

3. IPsec Policy Model Inheritance Hierarchy...................... 6

4. Policy Classes................................................ 11

4.1. The Class SARule........................................ 13

4.2. The Class IKERule....................................... 17

4.3. The Class IPsecRule..................................... 18

4.4. The Association Class IPsecPolicyForEndpoint............ 18

4.5. The Association Class IPsecPolicyForSystem.............. 19

4.6. The Aggregation Class SAConditionInRule................. 19

4.7. The Aggregation Class PolicyActionInSARule.............. 20

5. Condition and Filter Classes.................................. 22

5.1. The Class SACondition................................... 23

5.2. The Class IPHeadersFilter............................... 23

5.3. The Class CredentialFilterEntry......................... 23

5.4. The Class IPSOFilterEntry............................... 25

5.5. The Class PeerIDPayloadFilterEntry...................... 26

5.6. The Association Class FilterOfSACondition............... 28

5.7. The Association Class AcceptCredentialFrom.............. 29

6. Action Classes.........................