►
From YouTube: IETF113-I2NSF-20220324-1200
Description
I2NSF meeting session at IETF113
2022/03/24 1200
https://datatracker.ietf.org/meeting/113/proceedings/
B
Hi,
linda
this
is
roman.
I'm
also
confirming
that
I
hear
I
see
you,
but
I
can't
hear
him
and
I
just
saw
riff
rifaat
put
his
stuff
down,
so
I
think
he's
coming
back
to
be
our
in-person
helper,
okay,
good
good.
A
Well,
it's
similar
talk
and
time
to
start
okay,
so
this
is
interface
to
network
security
functions
and
the
sessions
recorded.
A
A
Thank
you,
so
I
encourage
everybody
to
look
at
the
notes
and
make
sure
your
name
and
your
questions.
Your
answers
are
captured
correctly.
Many
many
thanks
to
sue
harris
for
volunteer
taking
the
notes
for
us.
Thank
you,
sir.
A
So
here's
the
agenda
of
the
meeting
any
questions
for
the
agenda.
A
No
question:
let's
just
go
further
so
for
we
haven't
met
for
quite
a
few
ietfs
because
of
a
data
model
has
been
under
review.
There's
lots
of
like
minor
changes,
so
couldn't
warrant
a
face-to-face
meeting
time.
A
So
now
we
have
three
drafts
under
iesg
review,
right
capability
data
model,
an
sf
phasing
interface
and
asset
monitoring
data
models.
Lately
there
are
still
many
dialogue
on
them.
I
think
the
rome
can
you
correct
me
if
I'm
correct
that
capability
data
model,
we
still
miss
need
one
more
yes
for
this
to
move
forward.
B
B
Yeah
it'll
be
either
if
we're
short,
it's
either
kind
of
a
yes
or
no
objection.
Data
tracker
waiting
to
respond.
B
A
B
Yeah,
okay,
so
the
capability
document
we
need
to
convert
the
we
have
there's
enough
ballots.
The
discusses
need
to
be
clear
for
the
nsf
facing
interfaces
same
situation.
Enough
ballots
discusses
need
to
clear
for
the
monitoring
data
model,
though
that
has
both
discusses,
but
also
needs
more
balance.
A
D
So,
okay,
actually
three
data
young
model
capability
and
spacing
and
monitoring
interface.
Actually,
the
discussion
discuss.
Okay
bullet
will
be
lifted
because
I
addressed
the
oral
discuss
comment
so
also
I
send
an
email
address,
so
leave
those,
maybe
one
or
two
discuss,
but
I
believe
I
addressed
all
of
them.
Okay,
so
I
believe
I
think
so
we
can
get
approval
from
ict.
B
Go
ahead
thanks,
so,
first
of
all,
it's
I've
done
some
meetings,
kind
of
with
lyndon
the
pandemic.
I
haven't
done
with
one
with
you
live
paul,
so
it's
nice
to
see
your
face.
B
So
I
I
I
know
we're
clearing
talking
about
clearing
discusses.
The
other
thing
I
would
say
is
about
being
off
by
one
in
certain
cases
is,
I
believe
that
ben's
discusses
are
going
to
be
picked
up
by
by
paul.
Paul
has
not
had
a
chance
to
really
be
paul.
Reuters
has
hasn't
the
other
sec
ad.
Now
the
incoming
one
hasn't
had
a
chance
to,
I
think,
do
all
the
data
tracker
magic.
A
And
we
have
two
working
group
drafts
waiting
to
be
sent
to
like
for
last
call.
One
is
a
consumer-facing
interface
data
model.
Another
one
is
registration,
interface
data
model.
Those
two
are
to
be
discussed
today,
because
there
were
comments
about
those
two
and
also
nsf
facing
interface.
Data
model
are
not
consistent,
so
paul
is
going
to
give
us
an
update
on
the
changes
and
whether
we
should
make
them
consistent
or
not.
A
With
that
we
go
to
the
first
presentation,
so
palin:
can
you
do
the
presentation
from
your
end
or
do
you
want
me
to
show
the
slides.
A
C
C
So
this
compared
to
the
first
edition,
we
revised
the
drafts
traffic
name
to
i2
answer
remote
attestation,
interface,
young
data
model
and
the
the
first
reason
is
that
it's
more
easy
to
align
with
the
right
with
the
recharger
of
items
or
the
potential
each
other
of
i2
and
sf,
which
we
will
discuss
later,
and
the
second
reason
is
that
the
term
of
trust-
enhanced
is
not
a
specific
term
which
may
bring
some
potential
controversial
misunderstanding.
C
So
the
second
item
is
that
we
added
a
new
paragraph
about
the
definition
of
granularity
of
remote
station
in
iphone
7.
and
right
now.
In
my
opinion,
I
think
there
are
three
components
in
united
self-deserving
remote
stations
and
there
are
nsfs
and
maybe
the
basic
platform
to
carry
the
asf
and
then
without
trust,
which
can
be
show
the
device
identity.
C
The
last
one
is
that
the
reference
value
of
remote
station
can
you
hear
me
now.
C
C
Okay,
the
last
item
is
the
reference
value
of
remote
station
and
this
hasn't
been
defined
by
rights
group.
Yet
there
have
some
personal
draft
but
hasn't
been
adopted
as
working
group
dropped.
So
I
just
wrote
a
temporary
interface
and
add
it
to
the
draft.
Next
slide
is
yeah.
This
is
a
main
topic.
It's
a
relationship
between
rights
and
i2s,
remote
addition.
C
So
I
think
that
the
rights
has
defined
the
basic
architecture
of
remote
station
and
they
find
different
types
of
remote
station
evidence
like
based
on
tpm
and
te,
and
maybe
uccs
and
other
graphs,
like
testing
results
and
in
the
itunes
remote
edition.
I
think
that
we
just
focus
on
the
remote
station
of
nsf,
especially
in
the
iphone
7
architecture,
and
the
remote
station
target
is
nsf
and
its
platform,
and
the
root
of
trust
in
irsf
is
unlimited.
C
So
it's
a
it
may
be
a
tpm,
maybe
a
te
or
even
like
a
quan
qpc,
I'm
not
sure,
and
the
verifier
and
the
relevant
party
in
itunes
i2sf
a
maybe
a
security
controller
which
is
to
be
determined
because.
C
Next
slide
is
about
the
necessity
of
itunes
for
remote
station.
I
think
there
are
three
main
reasons
and
the
first
one
is
the
security
reasons
and
in
a
remote
environment
the
deployment
of
sf
may
be
inappropriate
and
then
there
may
have
potential
attack,
but
the
remote
has
remote
platform
that
who
carries
an
isf
and
the
third
one
is
that
we
may
want
to
know
the
security
status
of
trustworthiness
of
the
nsf,
so
the
second
mentor.
C
A
main
reason
is
that
the
practicability
reasons,
and
because
that
the
target
and
the
granularity
in
this
remote
session,
it
should
be
the
asf
and
the
rest
architecture-
is
not
very
convenient
to
use
in
iphone
directly,
because
that
a
different
device
may
have
different
route
of
trust
and
one
unified
remote
station
interface
would
be
more
convenient
for
to
nsf
to
implementation,
and
there
are
some
future
extension
reasons
and
this
topic
may
not
include
in
ietf,
but
I
think
there
are
worse
awards
to
mention
about,
and
first
maybe
it's
a
zero
trust
concept
may
use
advanced,
remote
heitation
to
assess
and
sf
trust
status,
and
maybe
the
sassy
sase
they
may
want
to
use
the
itunes
remote
station
to
enhance
edge
security
function
and
then
the
security
automation.
C
I
may
use
iphone
sf
remote
station
to
manage
the
asf
and
the
last
bullet
is
that
a
decentralized
security
intelligence
sharing
may
use
remote
attestation
to
judge
the
trustworthiness
of
such
intelligence.
For
example,
if
a
device
is
untrusted,
so
its
security
intelligence
may
not
useful
next
slide
is
about
the
current
interface
overview
of
the
of
this
draft
right
now.
This
draft
only
focus
on
the
sf
remote
station
interface
and
the
reference
value
interface.
C
This
two
interface
is
the
basic
interface
of
this
architecture
and
the
the
endoscope
the
connection
between
the
security
controller
and
the
industry
may
not
have
to
be
an
interface
because
it
may
be
offline
method
like
x5.9.
C
C
So
this
is
the
issue
that
needs
to
be
discussed,
and
first
one
is
the
chart
model
of
itunes
to
nsf,
and
I
think
people
may
we
need
to
define
which
component
we
need
to
trust
which
we
don't
have
to
trust
and
in
the
potential
recharger
which
paul
sent
to
the
minimalist,
and
he
mentioned
that
both
the
nsf
user,
the
security
controller
itself
need
to
be
a
remote
attestation.
I
think
this
is
a
a
question
which
we
need
to
discuss
later.
I
don't
have
a
an
obvious
answer.
C
C
Like
the
platform,
the
platform
could
be
a
traditional
os
operation
system
or
a
virtualization
platform
like
a
hypervisor,
and
if
the
platform
does
not
support
virtualization,
then
the
asset
will
be
application
or
process
in
the
os.
If
the
platform
is
a
hypervisor
and
think
that
the
granularity
of
isf
deserve
a
remote
headstation
will
be
a
virtual
machine,
because
I
think
that
in
in
some
technology
like
tpm,
the
vtpm
may
be
not
convincible,
because
it's
the
virtualization,
it's
not
physical.
C
H
B
D
I
think
yeah
very
nice
representation.
Thank
you,
your
own,
okay,
sure,
okay,
maybe
so
my
comment
is,
I
think
I
checked
the
let's
working
group.
Basically,
they
are
focused
on
the
architectural
procedure
rather
than
some
interface
young
data
model.
So
in
order
to
provide
remote
attestation
to
protect
some
inside
over
sprite
chain
attack,
I
think
this
work
is,
I
think,
very
important.
Also.
D
Currently,
the
draft
has
a
right
direction,
so
we
take
advantage
of
the
previous,
our
itunes
up
to
the
young
data
model
and
we
can
synchronize
with
the
okay
penguins
remote
attestation.
So
so
I
think
it
is
a
feasible
to
make
also
improvement
proof
using
of
the
future
hackathon
project
with
the
paneling
and
our
group
together.
G
I
I
have
a
aging
question
and-
and
I
think
you
me
in
this
draft-
you
mean
to
do
the
remote
attestation
for
the
virtualization
platform
and,
as
I
know
in
etsi
isd
nfv,
they
are
also
doing
the
remote
develop
their
standards
about
the
remote
station
over
for
the
nfv.
So
I
I
don't
know
whether
there
will
be
overlaps,
and
so
I
I
don't
know
how
how
deep
this
draft
will
go
for
about
the
virtualization.
C
Yeah
as
a
virtualization
is
just
one
scenario
of
our
draft,
I
think
and
right
now
I
haven't
think
too
deep
about
how
to
implement
the
remote
station
in
the
virtualization
environment
and
I'm
not
sure
how
I
actually
work
about
the
virtualization
draft.
So
I
we,
I
think
I
can
just
research
it
later
and
I
can't
give
you
a
direct
answer
right
now.
Sorry.
G
Okay,
okay,
another
another
question
or
a
comment
is
about.
You
mentioned
the
sassy
security
access.
H
G
And
yeah,
I
I
think
this
may
be.
I
don't
have
maybe
a
helpful
to
be
used
in
this
scenario,
so
yeah.
H
G
But
I
don't
know
how
they
can
be
implemented
or
enhanced,
because
but
if
the
ideal
asset
can
be
used
in
this
scenario,
it
will
increase
the
applicable
or
deployment
in
the
industrial
of
i2
and
theft.
So
I
think
maybe
we
could
consider
this
in
the
recharge,
yeah.
Okay,.
C
Yes,
I
I
I
agree
to
your
comment
because
I
think
assassin
is
a
more
advanced
technology
of
beyond
the
iphone
sf,
but
I
think
isf
is
based
on
the
is
a
flow
based
network
of
security
function
and
the
sashi
is
about
the
flow-based
and
non-flow
beta
security
function.
So
I'm
not
sure
we
can
cover
these
two
different
types,
but
I
agree
with
you:
we
can
consider
more
about
the
sassy
in
the
returning.
Thank
you.
B
Thanks
thanks
for
the
presentation,
it
was
really
helpful
to
also
have
the
side
by
side
with
with
the
rats
and
what
you're
talking
about
and
the
way
you
overlaid.
The
architecture
made
it
really
kind
of
clear
what
you're
talking
about.
I
have
no
ad
hat
on
here.
I
have
two
clarifying
questions
asked,
so
just
I'll
ask
them
back
to
back.
So
the
first
one
was
given
that
we're
talking
about
the
network.
You
know
virtualized
kind
of
network
functions.
B
Given
those
intermediaries
was
my
first
question
and
then
my
second
question
was
there:
there
is
some
work
with
the
yang
model
in
chara
that
appears
to
be
doing
attestation
about
kind
of
properties
from
the
tpm,
which
seems
like
the
same
root
of
trust
that
you're
talking
about.
I
I
didn't
understand.
B
C
Question
is
about
in
the
virtualization
scenario
and
since
the
tpm
is
a
hardware,
so
the
vtpm
may
be
not
trusted.
So
we
think
that
the
hypervisor
is
the
operation
system
is
the
platform.
So
we,
the
the
the
the
the
vm,
the
virtual
machine,
rides
on
that
we
consider
it
as
as
a
maybe
a
process,
maybe
a
match
which
will
load
to
the
hypervisor
and
the
way
when,
at
the
start
of
the
running
of
the
virtual
machine,
we
will
measurement
the
image
of
that
vm.
C
So
we
will
to
see
if
it's
trusted
and
that's
my
opinion,
because
I
think
that
the
tpm
is
not
very
mature
technology.
So
we
need
to
do
not
use
that
yeah.
And
the
second
question
you
mentioned
is
that
china
and
I
think
china
is
about
the
how
to
measurement
how
to
measure
a
device,
and
it
will
send
like
the
email
and
measurement
list
to
the
verifier.
C
But
I
think
that
that
is
not
convenient
to
the
nsf,
because
that,
in
a
scenario,
we
may
think
that
there
are
three
assets
like
there
are
three
accepted
in
a
platform
and
the
first
two
attractor
and
the
third
is
not
correct.
So
we
want
to
to
challenge
the
third
one
and
when
we
use
the
character,
it's
not
convenient,
because
child
will
send
you
all
the
message
of
the
device.
It's
not
focused
on
the
sf.
That's
what
I
think.
B
Maybe
we
I'll
have
to
look
into
the
details.
My
understanding
at
least
kind
of
with
on
the
chair
is
yeah
and
I'm
making
a
modeling
observation
rather
than
an
observation
on
exactly
how
rats
is
using
the
word.
I
thought
the
way
that
the
ima
was
shimmed
into
kind
of
char.
They
were
actually
really
flexible
on
all
the
different
properties,
and
so
all
of
ime
was
in
scope,
which
gave
you
properties
beyond
the
initial
boot
level.
B
C
J
Hello,
thank
you
now.
If
you
comment
originally
set
up
a
step
up
because
of
the
comment
on
on
nfv,
but
there
are
a
few
others
well
regarding
nav
the
what
is
proposed
here
is
not
incompatible
at
all
with
what
that
is
doing
right
or
what
we
said
she
did
some
time
ago,
among
other
things,
because
what
the
t
did
was
precisely
to
identify
a
set
of
of
level
of
assurance
for
the
procedures
for
attesting
infrastructure
or
functions.
So
probably
we
could.
J
I
believe
that
precisely
is
the
only
other
way
around
whatever
we
start
here
would
be
useful
for
for
lc
to
refuel
the
their
work
in
the
future,
but
here
I
think
that
the
atf,
for
this
in
particular,
is
better
suited,
because
the
i2nsf
architecture
has
this
this
architecture,
with
the
with
the
controller
with
the
mechanisms
for
for
verifying
etc.
That
goes
beyond
what
that
c
is
concentrated,
that
is
about
the
life
cycle
of
the
virtualized
environment.
J
So
I
I
think
that
this
there
is,
I
mean
for
sure
there
will
be,
can
be,
or
can
be,
some
of
small
overlaps
that
isn't
something
that
would
be
easy
to
solve
and
for
sure
there
is
not.
I
don't
foresee
any
any
clear
clash
in
the
future.
This
is
one
thing.
The
second
thing
is
regarding
this
discussion
on
chara
and
the
and
the
applicability.
I
think
that
chara
as
a
mechanism
for
for
request
and
response
would
be
totally
applicable
in
this
case.
J
We
will
need
this.
We
need
that
this
claim
was
sufficient.
This
claim
is
not
going
to
be
sufficient.
This
kind
of
analysis
is
something
that
we
I
mean.
I
believe
we
have
to
do
here
in
the
context
of
what
we
are,
that
what
we
have
in
place
with
the
security
controller,
the
different
capabilities
etc.
That's,
and
I
think
that
in
that
sense,
what
berlin
says
is
proposing
is
precisely
goes
in
that
in
that
direction
and
well
that,
and
the
proposal
is
chapter
in
that
is
another
source.
A
D
D
You,
okay
great,
so
let
me
okay
explain
quickly.
We
have
a
limited
time,
so
I
focus
on
the
analysis
between
consumer
page
interface
and
nsp
face
interface.
So
this
is
our
framework
okay.
So
this
is
a
consumer
phasing
interface
and
this
is
an
nsf
face.
Interface.
D
Okay,
so,
as
you
know,
the
control
phase
interface
is
full
okay
front
end.
The
web
application
is
used,
usually
deliver
high
level
security
policy.
Okay
and
then
typically
highly
policy
can
be
translated
into
rollable
security
policy
by
security
controller,
especially
a
security
policy
translator
and
nsf
facing
interface.
Nfpi
is
focused
on
providing
security
on
detailed
configuration
as
a
low
level
policy.
D
Okay,
so,
as
you
can
see
top
level
young
tree
comparison,
the
most
of
the
element
in
young
module,
similar
okay,
except
some
description
right.
So
description
on
case
has
omitted,
but
also
the
both
cfi
and
fi.
They
provide
the
language
tag
and
the
resolution
are
strategic.
Okay,
however,
you
can
see
the
difference.
Is
some
default
action
play
out
of
key
usage?
D
Okay,
so
before
the
action
and
priority
usage
omitted
the
from
tfi,
because
our
philosophy
of
gfi
to
make
cfr
as
simple
as
possible
to
let
a
security
operator
specify
high
level
policy.
Okay,
so
those
deposit
action
and
the
priority
usage
can
be
set
by
security
of
policy,
translator,
okay
and
also
shared
by
end
point
group
and
the
threat
prevention
are
used
to
register
information
for
a
translation
purpose.
Okay,
next,
the
low-level
young
tree
are
carried
okay,
so
lure
our
i2
case
event,
condition
action,
model
or
eca
right.
D
So
you
can
see
even
the
condition.
Action.
Okay,
so
here
also
event
condition
action,
okay,
so,
but
the
long
connection
case
here,
this
one
is
typically
used
to
allow
connection
is
maintained
after
the
connection,
even
though
there
is
no
traffic
activity,
okay,
so
this
kind
of
time
for
duration
allow
the
connection
is
alive,
even
though
there
is
no
actual
traffic,
so
our
phosphate
of
the
gfi
also
applies
to
make
as
simple
as
possible
for
gfi.
D
Okay.
Next
so
and
then
event
the
case,
you
can
see
the
sim
chip
the
same.
This
is
saved
by
this
nfl
right.
So
description
is
for
the
operator
some
human
letter
of
sentences.
Okay,
so,
except
that
the
same,
and
then
this
is
condition
so
event
condition
action
right
so
condition
case.
Also,
you
can
see.
D
Usually
we
specify
user
group
over
divisible
can
be
translated
into
error.
Three
ip
addresses
okay
used
by
the
user
or
device
icaderes
okay,
so
those
endpoint
groups
are
used
to
register
user
group
device
group
ip
address,
okay
button,
4
or
version
6.
D
Eventually,
this
information
stored
in
security
controller
and
translated
by
spirit
controller
and
then
okay,
cfy,
the
msf,
easy
security
policy
configuration
okay,
so
I
saw
right
the
ip
address
user
device
group
ip
addresses
are
stored
into
the
database
in
security
control,
okay
and
then
some
elements
in
nfi
can
be
handled
by
security
of
policy
translator,
okay,
so
so
I
can
skip
it
and
then
condition.
Okay,
so
condition
case.
You
can
see
cfi
condition
and
the
nfi
condition
is.
D
You
can
see
the
similar
with
each
other.
Okay,
even
though
some
name
is
a
little
different,
but
most
of
the
structure
is
the
same.
Okay.
So,
but
here
note
the
restoration
of
a
variable
name
here,
name
and
actual
value
for
condition.
Here,
if
I
needed
to
read
a
okay
done,
three
controller
for
an
actual
translation
later,
okay,
so
police
translator
can
handle
all
those
things
and
then
so
you
can
see
cfr
nfl
young
data
model
similar
for
some
security
attacks.
Okay,
ddos,
etc.
Okay,
the
difference
is
cfi.
D
Some
information
name
and
value
confirmation
save
the
database
for
easy
configuration,
translation
of
purpose,
okay
and
also
the
name
and
the
value
compilation
can
be
stored
so
using
this
kind
of
xml
expat.
Okay,
using
this,
so
we
have
this
example
for
a
resolution
of
name
value
for
translation
properties.
Okay,
such
as
the
employee
case,
they
are
using
ip
addresses,
linkedin
device
group
web
server
case.
They
are
using
this
kind
of
the
ip
addresses.
D
Also
the
sls
website
is
this:
this
one
is
for
the
database
in
the
security
and
controller
for
transformation
purpose:
okay
and
the
next
one
is
the
condition.
So
you
can
see
condition
is
almost
the
same.
You
can
see.
The
name
is
the
same
description
I
mentioned
the.
There
is
no
description
elements
in
the
cfi.
D
Okay
context
contains
extra
information,
especially
the
filtering
of
purposes.
Okay
and
then
other
cases
do
the
same,
and
then
you
can
see
we
have
other
information,
geographic
location,
so
geographical
location,
name
and
actual
the
corresponding
ips
or,
if
you
address
it,
either
ipv4
or
ipv6.
Okay,
this
also
literation
is
a
proponent
okay.
D
Okay,
great,
so
you
can
see
so
the
young
data
model
in
cfi,
eventually,
the
context
condition
can
be
a
one-to-one
mapped
to
context
condition
in
nfi,
which
means
that
we
can
translate.
Okay,
except
some
certain
high-level
value,
user
group
or
device
group
or
geographic.
Some
information
can
be
translated.
The
specific
ip
addresses,
okay
that
can
be
handled
by
a
controller
site.
Okay,
so
time
condition,
geographic
location
can
be
handled
okay,
so
in
the
action
case,
okay,
let's
move
on
so
we
I
explained
the
event
condition
right
now:
action
so
action
case.
D
We
have
a
two
action
in
cfi
primary
action
and
secondary
action.
Okay,
usually
primary
accident
is
you
can
see
those
things?
Okay,
ingress,
eagle
action,
pass,
drop
eject,
something
like
that
and
then
secondary
action
case.
Usually
typical
example
is
some
logging
okay,
so
we
can
using
those
kinds
of
packet
level
action
and
the
pro
level
action
over
advanced
action
for
dpi
or
some
ddos
attack
mitigation
case.
We
can
divide
it
into
more
detail
in
nephi.
D
So
remember
also
some
cases.
However.
Cfi
policy
tried
to,
for
example,
employee,
cannot
access
some
assessor
website
during
work
time.
So,
in
that
case
we
need
two
security
services.
One
is
a
fiver
based
on
ip
addresses.
The
other
is
web
filtering,
so
those
kind
of
services
can
be
combined
using
service
function,
training
in
nfi
interface,
okay.
D
So
conclusion,
there
is
no
translation
of
problem
from
cfi
policy
to
nfi
fallacy,
so
which
means
the
security
controller
can
handle
those
missing
elements
such
as
a
deport.
Some
action
or
priority
can
be
handled
by
security
control
law
and
also
shfi.
Young
data
models
provide
high
level
policy
for
easy
configuration,
so
some
detailed
information
register
relation
over
federal
name
and
value
can
be
done
in
advance
into
database
in
security
control
law
and
nfl.
Young
data
model
focus
on
providing
security
policy
configuration
for
nfis
as
a
low
level
policy.
D
Okay,
so
that's
all
so
my
message
is
so
cfi
and
nfi
young
lady
motor
are
synchronized
also
can
be
easily
translated.
We
are
demonstrated
using
the
hackathon
project,
so
I
believe
now
our
cfi
has
a
okay,
the
pre
material
stage,
so
we
can
finish
our
working
group,
let's
call,
and
then
we
can
sum
it
to
ies.
That
is
my
opinion.
Thank
you.
D
So,
okay,
let's
move
on
legislation
linda,
okay,
let's
move
on.
D
Okay,
let's
move
on
maturation
quickly.
I
can
just
I
finish.
Okay,
this
one
is
very
short:
okay,
restoration
interface
is
based
on
a
capability
young
data
model
because
most
of
element
young
imported
from
capability.
So
the
resolution
you
can
see:
developer
management
system
registers
the
capability
of
nsf,
okay
into
a
security
controller;
okay,
so
also
so
certain
cases.
I
don't
have
to
use
your
to
deliver,
however,
young
skills
policy
right
xml
and
then
there
is
no
such
kind
of
capability
nsf,
and
then
it
can
query.
D
Okay,
so
and
then
a
developer
management
system
are
so
searching
that
kind
of
public
and
the
leicester
again.
Okay,
so
we're
providing
two
things:
one
is
a
quality.
The
other
one
is
the
register:
okay
of
security,
okay,
security,
nsf
capabilities,
okay,
so
objective
over.
Like
simulation
interface,
okay,
I
mentioned
right
two,
the
futures,
okay,
so
let
me
move
on
so
we
have
a
two
things.
I
mentioned
the
nsf
capability
resolution
and
the
nsf
capability.
D
So
this
is
two
features:
okay
and
then
we
have
this
information
of
the
model.
Okay,
so
the
regulations
have
this
hierarchy.
Okay,
so
so
nsf
capabilities
is
imported
by
our
capability
data
models.
Okay,
so
other
cases
we
also
providing
access
information
such
as
ip
address
and
the
portal
number
for
nsf,
okay
to
provide
the
specific
security
of
services.
Okay
and
then-
and
this
is
the
young
tree,
so
we
import
the
security
capability.
D
We
import;
okay,
our
itunes
capability
data
model,
okay,
other
performance
capability
cases
to
explain
that
okay
capability
in
terms
of
some
processing
or
vendor
resistance
and
inbound
or
bond
okay
and
also
access
implement.
I
mentioned
the
ip
address
and
photo
number
for
nsf,
okay,
so
other
cases,
okay,
quality
case-
also
input.
So,
given
some
certain
quality,
such
as
some,
for
example,
web
filtering,
the
kind
of
query
is
the
input
and
then
researching
on
this.
D
Okay,
using
this
capability
data
model
based
and
then
we
make
some
external
and
then
we
send
to
vms
okay
and
the
dms
return
corresponding
capability
to
a
security
controller,
and
the
secure
controller
can
translate
appropriate
to
another
facing
interface
xml
okay.
So
this
is
a
corey
okay.
So
this
is
xml
example.
So
so
we
updated
the
restoration
interface
xml
example
based
on
the
latest
capability,
our
track.
Okay,
so
conclusion,
leisure
interface
has
a
short
young
data
model
based
on
capability
young
data
model.
D
Okay,
so
this
one
is
almost
okay
done,
except
okay,
one
discuss,
I
believe
that
also
lifted
up
soon:
okay
and
then
most
of
the
changes,
maturation
interface,
just
the
xml
syntax,
based
on
capability
young
data
model
and
then
additional
information
capability,
performance
information
access
information
can
be
provided
by
the
expansion
interface.
Okay,
that's
all
so.
My
conclusion
is
also
literature,
interface,
also
ready
to
submit
to
ict.
Okay.
Thank
you.
A
Thank
you
very
much,
so
the
registration
you're
going
to
import
some
of
the
capability
data
model
right
you're,
going
to
raise.
D
A
I
guess
thomas
now
here
he
was
the
one
complaining
about
inconsistency,
so
we
can
have
to
follow
up
with
him
on
the
mailing
list
right
next.
We
only
have
10
minutes
left
right
so
for
the
chartered
china
discussion,
can
you
you.
D
Have
slides
right?
Okay,
I
have
a
slide,
so
maybe
I
share
the
the
okay.
So
maybe
we
okay
to
me,
let
me
give
a
couple
minutes
so
address
what
extension
is
needed
and
then
so
we
can
discuss
okay.
E
D
D
This
is
a
new
component,
okay
in
our
itunes
framework,
using
machine
learning,
and
then
they
detect
some
security
attack
over
some
hardware
or
software
problem
from
nsf,
and
then
it
gives
some
feedback
information.
So
we
need
the
application
interface.
Okay.
That
is
a
one
one
thing
also.
B
B
D
Thank
you,
so,
okay,
so
this
is
the
chartering,
the
main
okay,
the
you
all
okay
item
is
to
provide
some
security
or
manage
automation
such
as
monitoring
data,
okay
from
monitoring
interface
to
alternative
analyzer,
so
analyzer.
This
is
a
data
collector
also
performing
machine
learning
to
detect
some
security
attack
from
nsf
or
some
hardware,
security
or
software
problem,
and
then
it
gives
feedback
information
to
security
controller.
They
can
augment
current
security
policy
or
they
make
new
security
policy.
So
in
order
to
that,
we
need
new
okay
interface
or
new
element.
D
That
is
one
item.
Okay,
so
eventually
we
need
one
interface,
okay,
so
I
explained
okay,
so
the
goal
is
that
we,
okay
providing
security
management
automation
case
how
to
extend
our
framework.
That
is
the
question.
Okay,
and
I
explained
that
okay
and
also
remember
the
roman,
explain
the
right.
There
is
some
insider
and
spry
chain
of
tag
in
our
applicability
document
right.
So
in
order
to
prevent
this
kind
of
thing,
we
need
to
somehow
remote
a
destination
or
we
need
some
auditing.
So
maybe
we
can
using
dlt
technology.
D
Okay,
okay,
so
today
apparently
explained
well
remote
attachment,
okay,
so
other
latest
system
technologies,
2kd
and
the
pqc
dlt.
So
we
can
consider
this
one,
so
we
can
make
one
applicability
and
use
cases
for
those.
You
know
current
demands,
okay,
and
then
we
also
consider.
D
A
I
have
a
question
on
this
one
so
for
the
container
based
architecture,
are
you
talking
about
interface
with
kubernetes,
because
container
is
normally
managed
controlled
by
kubernetes
right.
D
Exactly
yeah
so
container
cases,
yes,
okay,
okay,
go
on
so
okay,
so
container
case.
It
is
different
from
vm
virtual
machine
approach,
so
our
case
young
data
model.
This
is
for
the
virtual
maze
machine
based
model,
so
we
needed
to
augment
somehow.
D
Okay,
that
is
a
one
input
from
okay,
some
my
collaborator
and
the
next
one
is
a
sport,
listen
to
the
developed
protocol,
such
as
quick
and
http
3,
so
during
last
capability
data
model
and
the
another
phasing
case.
So
in
order
to
support
this
one,
we
need
some
extra
work,
so
that
is
our
another
yeah
score.
D
So
in
order
to
okay
certify
those
demands-
and
we
can
extend
our
framework
okay
for
spirit
to
manage
automation,
so
we
can
make
application
interface
and
also
translation
is
actually
important.
You
can
see
we
can
provide
some
some
architecture
also,
some
procedure
also
mapping
structure
between
high
library,
young
data
model
and
low
level
young
model,
so
loma
mentioned
that
the
algorithm
itself
not
standard
right,
but
we
can
provide
some
framework
for
our
speed
transformation
case
I
believe,
is
useful,
so
we
can
decide
the
policy
the
rfs
or
not.
D
We
can
decide
later
on
and
the
remote
or
destination
we
can
work
on,
and
also
sport
dlt,
based
on
distributed
system
auditing
to
prevent
the
supply
chain
and
the
inside
attack,
and
then
I
transfer
for
container
deployment.
We
can
also
we
can
work
on
it,
also
applicability
and
use
cases
for
security,
managed
automation,
including
the
latest,
the
quantum
computing,
something
like
that
also
some
actually
okay
network,
the
inside
computing
technology.
We
can
consider
and
then
our
next
three
case
we
can
extend
our
current
nsf
phasing
capability
consumer
pacing
to
accommodate
the
new
protocols.
H
D
Maybe
revise
later
on,
so
there
is
a
milestone.
Okay,
so
I
just
make
some
estimation
here:
okay,
that's
all.
A
Thank
you,
so
there's
a
lot
of
lots
of
things
to
do
any
comments
from
the
questions
from
the
group.
A
B
No,
I
mean
diego
I'm
going
to
drop
out
of
diego.
Has
things
to
say
I
want
to
hear
from
the
community.
So
let
me
drop
out
and
have
the
community
talk
here.
J
Okay,
sorry,
sorry
for
the
for
the
delay,
but
I
had
to
unblock
the
the
phone
etc
to
raise
my
hand,
and
things
are
complicated
in
these
days.
J
Basically,
it
was
I
wanted
just
to
to
to
make
a
remark
on
what
linda
was
saying
about
the
containers
and
all
the
like,
especially
that
in
general,
when
you
start
to
start
talking
about
containers.
Basically
what
you
is.
I
have
here
several
times:
oh
well,
but
this
kubernetes
take
care
of
these
and
that
precisely
we
are
assuming
here
and
we
are
implying
in
the
in
all
the
process,
a
particular
trust
model
in
which
you
have
the
controller.
You
have
the
capabilities,
you
have
how
you
expose
the
capabilities
you
make
decision
on
that.
J
I
am
under
the
belief
that
the
the
use
of,
of
course,
of
containers
and
the
the
fact
that
you
can
even
decompose
functionalities
in
in
in
smaller
pieces,
both
imply
or
would
require
some
changes
and
some
of
the
assumptions
that
we
have.
J
I
mean
it's
not
that
have
the
the
solution
or
it's
clear
to
me
in
which
aspects,
but
I
think
that
we
have
to
rethink
some
of
the
of
the
aspects
in
the
architecture
to
really
match
what
is
what
implies
the
kubernetes
services
lambdas
and
all
the
like,
and
and
think
about
how
we
can
reason
about
security
functions
and
under
deployment.
So
I
believe
that
this
is.
J
That
makes
the
whole
thing
more
challenging
and
let
me
insist
when
it
comes
to
at
the
station,
et
cetera,
we're
talking
precisely
about
adapting
the
the
architecture
that
rats
is
proposing
to
this
particular
case
and
to
something
that
is
equally
important.
That
is
precisely
the
automation
part,
the
the
box.
I
go
right
now:
the
analyzer,
how
the
analyzer
perform
the
analysis
and
how
you
can
trust
as
well,
the
analyzer
and
what
the
analyzer
decides.
A
B
Hi
so
very
interested
to
hear
kind
of
what
the
community
thinks
about
that
of
this
list
of
work.
My
initial
so
first
also
thank
you
paul,
like
you
doing,
the
voiceover
with
the
slides
was
actually
very
helpful
in
learning
what
you
put
in
the
text.
So
that's
actually,
I
think,
that's
very
helpful
to
kind
of
facilitate
the
conversation.
My
initial
reaction
to
this
is
there
are
definitely
hard
problems
here
being
enumerated.
B
B
You
know
we
talked
most
about
one
exact
one
specific
one
about
orchestration
of
containers
that
that
particular
thing
seems
there's
a
lot
of
details
of
that
there's
a
lot
of
choices
that
brings
together
a
lot
of
things
to
the
itf
doing
a
distributed
ledger
I
mean
we
have
a
whole
other
working
group
where
we're
talking
about
doing
that
for
supply
chain
risk
management
as
well.
B
So
these
seem
like
very
big
topics
and
to
tie
this
into
what
I
said
before:
we're
six
and
a
half
years
into
trying
to
deliver
our
first
tranche
of
things.
I
know
we're
getting
close,
but
we're
still
six
and
a
half
years.
We
didn't
do
it.
So
I
would
urge
the
working
group
to
continue
talking
about
these
and
try
to
really
think
through
what
scope
will
want
to
tackle
first
and
what?
What
bandwidth
is
there
to
tackle
out
of
those
dopes.
J
Very,
very,
very
fast,
it's
I
I
I
I
agree
with
roman
that
from
time
to
time
I
mean
the
temptation
of
this
famous
term,
avoiding
the
ocean
and
whatever
that
we,
whatever
the
endeavor,
that
we
start
is
there.
J
The
point
is
that
you,
you
say
with
roman:
it's
a
is
the
fact
that
the
idea
is
not
to
invent
a
new
way
of
using
dlts.
So
it
is
not
a
new
way
of
inventing
how
to
use
at
the
station,
et
cetera,
especially
leverage
of
what
many
other
groups
are
doing
and
trying
to
profile
it.
For
the
case
I
mean
we
are
going
to.
J
I
mean,
if
you
ask
me
for
sure
I
will
try
to
climb
on
the
on
the
shoulder
of
giants
as
as
sir
isaac
did
some
time
I
ago,
precisely
with
the
idea
of
free,
reusing,
all
the
work
that
is
there
and
using
it
for.
H
A
Okay,
very
good.
Thank
you.
Thank
you.
So
much
thank
you.
So
I
think
we
have
reached
our
limit
for
this
meeting.
Well.
Thank
you.
Everybody!
It's
very
interesting,
informative
session,
and
we
will
continue
on
the
mailing
list,
especially
on
the
priority
of
the
next
seven
works,
to
be
done
by
the
working
group.
As
roman
said,
we
shouldn't
make
it
too
big
and
make
it
manageable.
Thank
you.