update on the document -- looking for volunteers. use-cases are required and don't need to be put in the document, but could be sent to the mailing list. NSI is working on some and should start providing them. John asserts that what they're doing is a use case. What/who is the customer? NSI and NMC. (Others talk about e.g. inventory management.) Visualization of networking. Who is working on that? GK: NMC is a large user of this. EM: the domain controller needs this too (and has to have the detailed view.) the IDC (the PCE in the IDC). Monitoring Signaling, PCE DC, IDC User-facing and NN abstracted view ESCPS Charter says: pathfinding, monitoring, provisioning JRV says the NSI view is much simpler CdL: Is this just a matter of provisioning? all agree, but we need to define a mapping. CdL: part of this is still research (like the big question of aggregation) in the lambda world, there are not unlimited resources, so it's easier. One does not exclude the other. NML's goal is to try to create a language that will represent a spectrum of aggregations. jrv talks about what perfSONAR needs to represent for debugging. we require repeatable experiments. for things like GENI and Frederika, we need more information about the underlying topology to describe what we actually measured. martin mentions the closest MP problem. JRV: NSI needs a very abstract view. CG: the difference is the service place vs the control plane vs the data plane. RHJ: an example: deliberately choose different paths and different technologies to isolate a problem in an application. CG: if a connection goes thru a given path or technology, you need to represent that. RHJ: pS wants to record the minimum topology unless there is a problem and then it needs more. review of the schema document: network object, node, port, link, service, group each network object has location, lifetime, relations node: connected to or part of the network port: connects a node or a group to a link, has a relation to 0,1,2 links (which are unidirectional) has a type, which can be e.g. a link or "cross-connect" link: is a link still pt2pt? (we still think it is.) multi-drop can be modeled with a specific device doing splitting. arbitrary mp to mp is a network (says martin and others agree) group: bidirectional link -- convenience topology -- connected element path - ordered collection of network elements domain (with various types of domains) victor's document (not all appropriate) jrv: topology is the same, they have a network which is a group what they have is a topological construct (but so is domain) jrv: "a network is a thing across which things can by signaled" guy says we might want technology domains (ethernet vs sdh) Yuri Demchenko - Topology attributes in NRP resource provisioning. part of Phosphorous track security related context (session context) across multiple domain. stages: reservation, deployment (using path identifer to carry key), access/use (using access tokens), billing/decommissioning XACML policy format and policy obligations policy subjects, set of rules request sends set of attributes, Subject, Resource, Action, Environement specific criteria applied - conditional auth decision based on all links to phosphorous deliverables policy engine will check to see if the stuff from the previous domain matches its own policy. (easy to refactor to use NML) various topology descriptions were examined previously. "realm" introduced for security/trust relations to make the decision, identify the resource and the subject and consult the policy auth service (XACML policy decision point) there are network metrics represented as attributes that can also be used to make decisions -- could also embed a function to check these variables plans to push the resultant XACML profiles back into OGF is a logical (infrastructure) composition layer a solution? is this in scope for NML? some is. we need enough articulation to hang the right policy attributes on. Some things (like security association?) are out of scope and maybe. Authorization and AuthN stuff in NSI. YD: security, including AAA, should be orthogonal to the services. but we have to define the way to call these services. ------------------ 2nd session: NSI has proposed terminology and conceps network is a topology and resource. it has ports. could be a group that has ports. the network has the ability to create segments, which are connections between forwarding ports. if it makes sense that forwarding ports are the same as logical ports. FD: you have a network with ports and you want to make connections between them. can a network have one ethernet and another wdm port? yes. does the network have adaptation capabilities? yes, it could. JRV: a network provides segments between ports, controlled by an agent. decides policy, authenticates, etc. one example has has a case there the PEP and PDP are distinct. (policy decision/enforcement points). does the NSI "network" have a single policy? an exchange might have no policy. a gole. would the ports be part of the network? yes. So the policy question might be different for a GOLE. do we need to describe the network independently of the agent that controlls it? they are something separate, but they are also something together. there is a network and there is a set of resources that the agent controls. proposal: "network" is a set of ports JRV: a network is something that can you create segment across agreement: a network is a collection of ports. are they on the same layer? (maybe not) is there an implication that they are connected? maybe there is. we need volunteers and people moving forward.