netconfcentral logo

ietf-supa-policy

HTML

ietf-supa-policy@2017-06-16



  module ietf-supa-policy {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-supa-policy";

    prefix supa-pdm;

    import ietf-yang-types {
      prefix yang;
    }

    organization "IETF";

    contact
      "Editor: Joel Halpern
             email: jmh@joelhalpern.com;
             Editor: John Strassner
             email: strazpdj@gmail.com;";

    description
      "This module defines a data model for generic high level
         definition of policies to be applied to a network.
         This module is derived from, and aligns with,
         draft-ietf-supa-generic-policy-info-model-03. Details on all
         classes, associations, and attributes can be found there.
         Copyright (c) 2015 IETF Trust and the persons identified
         as the document authors.  All rights reserved.
         Redistribution and use in source and binary forms, with or
         without modification, is permitted pursuant to, and
         subject to the license terms contained in, the Simplified
         BSD License set forth in Section 4.c of the IETF Trust's
         Legal Provisions Relating to IETF Documents
         (http://trustee.ietf.org/license-info).";

    revision "2017-06-16" {
      description
        "20170616:  Implemented changes from supa IM v3. This
                        includes adding new objects (classes and
                        relationships) corresponding to the new
                        formulation of the decorator pattern. Changed
                        enums to identities per IETF98 discussion.
             20170415:  Updated SUPABooleanClause based on
                        implementation experience from SNMP example;
                        reworded definitions of supaPolMetadataID and
                        supaEncodedClauseEncoding attribute.
             20170117:  updated class and attribute names in the YANG
                        to match those in the IM, except where noted.
             20161210:  Incorporated input from IISOMI.
             20161010:  Changed back to transitive identities (to
                        enforce inheritance) after determining that
                        errors were from a confdc bug.
             20161008:  Fixed errors found in latest pyang compiler
                        and from YANG Doctors.
             20161001:  Minor edits in association definitions.
             20160928:  Generated yang tree.
             20160924:  Rewrote association documentation; rebuilt
                        how all classes are named for consistency.
             20160904:  Optimization of module by eliminating leaves
                        that are not needed; rewrote section 4.
             20160824:  Edits to sync data model to info model.
             20160720:  Conversion to WG draft. Fixed pyang 1.1
                        compilation errors. Fixed must clause
                        derefencing used in grouping statements.
                        Reformatted and expanded descriptions.
                        Fixed various typos.
             20160321:  Initial version.";
      reference
        "draft-ietf-supa-policy-data-model-03";

    }


    identity POLICY-CONSTRAINT-LANGUAGE-LIST {
      base 
      description
        "The language used to encode the constraints that are
             relevant to the relationship between the metadata
             and the underlying policy object.";
    }

    identity PCLL-ERROR {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This signifies an error state for a policy constraint
             language assignment.";
    }

    identity PCLL-INIT {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This signifies a generic initialization state, meaning
             that the policy constraint language assignment can now
             be made.";
    }

    identity PCLL-OCL2.4 {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This defines OCL2.4 [2] as the policy constraint language
             list to be used.";
    }

    identity PCLL-OCL2.x {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This defines the use of OCL2.0 - OCL2.3.1 [2] as the
             policy constraint language list to be used.";
    }

    identity PCLL-OCL1.x {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This defines OCL1.x [3] as the policy constraint language
             list to be used.";
    }

    identity PCLL-QVT1.2R {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This defines the use of QVT Relational Language [5] as the
            policy constraint language list to be used.";
    }

    identity PCLL-QVT1.2O {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This defines the use of QVT Operational Language [5] as
            the policy constraint language list to be used.";
    }

    identity PCLL-ALLOY {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This defines the use of Alloy [4] as the policy constraint
             language list to be used. Alloy is a language for
             defining constraints, and uses a SAT solver to
             guarantee correctness.";
    }

    identity PCLL-TEXT {
      base POLICY-CONSTRAINT-LANGUAGE-LIST;
      description
        "This defines the use of plain text as the policy constraint
         language list to be used. This option is NOT recommended,
         since it is informal and hence, not verifiable.";
    }

    identity POLICY-DATA-TYPE-ID-ENCODING-LIST {
      base 
      description
        "The list of possible data types used to represent object
             IDs for all SUPA object instances.";
    }

    identity PDTIEL-ERROR {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This signifies an error state for a policy data type ID
             encoding assignment.";
    }

    identity PDTIEL-INIT {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This signifies a generic initialization state, meaning
             that the policy data type ID encoding assignment can now
             be made.";
    }

    identity PDTIEL-PK {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents the primary key of a table, which
             uniquely identifies each record in that table.
             It MUST NOT be NULL. It MAY consist of a single
             or multiple fields. Note that a YANG data model
             implementation does NOT have to implement this feature.";
    }

    identity PDTIEL-FK {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents the foreign key of a table, which
             uniquely identifies each record in that table.
             It MUST NOT be NULL. It MAY consist of a single
             or multiple fields. Note that a YANG data model
             implementation does NOT have to implement this feature.";
    }

    identity PDTIEL-GUID {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents an object instance that is referenced by
             this GUID.";
    }

    identity PDTIEL-UUID {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents an object instance that is referenced by
             this UUID.";
    }

    identity PDTIEL-URI {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents an object instance that is referenced by
             this URI.";
    }

    identity PDTIEL-FQDN {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents an object instance that is referenced by
             this FQDN.";
    }

    identity PDTIEL-FQPN {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents an object instance that is referenced by
             this FQPN. Note that FQPNs assume that all components can
             access a single logical file repostory.";
    }

    identity PDTIEL-STRING-ID {
      base POLICY-DATA-TYPE-ID-ENCODING-LIST;
      description
        "This represents an object instance that is referenced by
             this string instance id. Here, a string instance id is the
             canonical representation, in ASCII, of an instance ID of
             this object instance.";
    }

    identity POLICY-DATA-TYPE-ENCODING-LIST {
      base 
      description
        "The set of allowable data types used to encode single-
             and multi-valued SUPA Policy attributes.";
    }

    identity PDTEL-ERROR {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This signifies an error state for a policy data type
             encoding assignment.";
    }

    identity PDTEL-INIT {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This signifies a generic initialization state, meaning
             that the policy data type encoding assignment can now
             be made.";
    }

    identity PDTEL-STRING {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a string data type.";
    }

    identity PDTEL-INTEGER {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents an integer data type.";
    }

    identity PDTEL-BOOLEAN {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a Boolean data type.";
    }

    identity PDTEL-FLOAT {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a floating point data type.";
    }

    identity PDTEL-DATETIME {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a data type that can specify
             date and/or time.";
    }

    identity PDTEL-GUID {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a GUID data type.";
    }

    identity PDTEL-UUID {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a UUID data type.";
    }

    identity PDTEL-URI {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a URI data type.";
    }

    identity PDTEL-DN {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a DN data type.";
    }

    identity PDTEL-FQDN {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents an FQDN data type.";
    }

    identity PDTEL-FQPN {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents an FQPN data type. Note that FQPNs assume
            that all components can access a single logical
            file repostory.";
    }

    identity PDTEL-NULL {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents a NULL data type. NULL means that this
             data type MAY not contain an actual value. This data type
             may be used to represent a missing or invalid value.";
    }

    identity PDTEL-STRING-ID {
      base POLICY-DATA-TYPE-ENCODING-LIST;
      description
        "This represents an object instance that is defined by
             this string instance id. Here, a string instance id is the
             canonical representation, in ASCII, of an instance ID of
             this object instance.";
    }

    identity POLICY-DEPLOY-STATUS-LIST {
      base 
      description
        "This represents the current deployment status of this
            object (e.g., either a SUPAPolicyStructure or a
             SUPAPolicyClause object instance).";
    }

    identity PDSL-ERROR {
      base POLICY-DEPLOY-STATUS-LIST;
      description
        "This signifies an error state for assigning the deployment
             status of this object.";
    }

    identity PDSL-INIT {
      base POLICY-DEPLOY-STATUS-LIST;
      description
        "This signifies a generic initialization state, meaning
             that the deploy status assignment of this object can now
             be made.";
    }

    identity PDSL-READY {
      base POLICY-DEPLOY-STATUS-LIST;
      description
        "This defines the deployment status of this object as
             deployed in the system and currently enabled.";
    }

    identity PDSL-TEST {
      base POLICY-DEPLOY-STATUS-LIST;
      description
        "This defines the deployment status of this object as
             deployed in the system but is currently in a test state,
             and SHOULD NOT be used in OAM&P policies.";
    }

    identity PDSL-DISABLED {
      base POLICY-DEPLOY-STATUS-LIST;
      description
        "This defines the deployment status of this object as
             deployed in the system, but has been administratively
             DISABLED. It MUST NOT be used in OAM&P policies.";
    }

    identity PDSL-OK-TO-DEPLOY {
      base POLICY-DEPLOY-STATUS-LIST;
      description
        "This defines the deployment status of this object as
             initialized and ready to be deployed.";
    }

    identity PDSL-NOT-OK {
      base POLICY-DEPLOY-STATUS-LIST;
      description
        "This defines the deployment status of this object as
             NOT ready for deployment into the system.";
    }

    identity SUPA-ROOT-TYPE {
      base 
      description
        "The identity corresponding to a single root for all
             identities in the SUPA Data Model. Note that section
             7.18.2 in [RFC7950] says that identity derivation is
             irreflexive (i.e., an identity cannot be derived
             from itself.";
    }

    identity POLICY-OBJECT-TYPE {
      base SUPA-ROOT-TYPE;
      description
        "The identity corresponding to a SUPAPolicyObject
             object instance.";
    }

    grouping supa-policy-object-type {
      description
        "This represents the SUPAPolicyObject [1] class. It is the
             superclass for all SUPA Policy objects (i.e., all objects
             that are either Policies or components of Policies). Note
             that SUPA Policy Metadata objects are NOT subclassed from
             this class; they are instead subclassed from the
             SUPAPolicyMetadata (i.e., supa-policy-metadata-type)
             object. This class (supa-policy-object-type) is used to
             define common attributes and relationships that all SUPA
             Policy subclasses inherit.

             It MAY be augmented with a set of zero or more
             SUPAPolicyMetadata objects using the SUPAHasPolicyMetadata
             association, which is represented by the
             supa-has-policy-metadata-agg leaf-list.";
      leaf entity-class {
        type identityref {
          base SUPA-ROOT-TYPE;
        }
        default 'POLICY-OBJECT-TYPE';
        description
          "The identifier of the class of this grouping.";
      }

      leaf supa-policy-ID {
        type string;
        mandatory true;
        description
          "The string identifier of this policy object, which
                 functions as the unique object identifier of this
                 object instance. This attribute MUST be unique within
                 the policy system.
                 This attribute is named supaPolObjIDContent in [1],
                 and is used with the supaPolObIDEncoding class
                 attribute to define a namespace. Since the YANG data
                 model does not need this genericity, the
                 supaPolObjIDContent attribute was renamed, and the
                 supaObjectIDEncoding attribute was removed.";
      }

      leaf supa-policy-name {
        type string;
        description
          "A human-readable name for this policy object. Note
                 that this is NOT the object ID.";
      }

      leaf supa-policy-object-description {
        type string;
        description
          "A human-readable description of the characteristics
                 and behavior of this policy object.";
      }

      leaf-list supa-has-policy-metadata-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-METADATA-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolicyMetadata association [1].
                 This association is represented by the grouping
                 supa-has-policy-metadata-detail. This association
                 describes how each SUPAPolicyMetadata instance is
                 related to a given SUPAPolicyObject instance. Since
                 this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-metadata-detail (which
                 includes subclasses of this association class).";
      }
    }  // grouping supa-policy-object-type

    identity POLICY-COMPONENT-TYPE {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a
             SUPAPolicyComponentStructure object instance.";
    }

    grouping supa-policy-component-structure-type {
      description
        "This represents the SUPAPolicyComponent class [1], which
             is the superclass for all objects that represent
             different components of a Policy. Important subclasses
             include the SUPAPolicyClause and the
             SUPAPolicyClauseComponentDecorator. SUPAPolicyClause is
             used to build reusable clauses for SUPAPolicies, and
             SUPAPolicyClauseComponentDecorator is used to dynamically
             add and remove components of a SUPAPolicyClause. This
             enables the model to be changed at runtime without
             requiring recompiling and redeploying.";
      uses supa-policy-object-type {
        refine 
      }
    }  // grouping supa-policy-component-structure-type

    identity POLICY-COMPONENT-CLAUSE-TYPE {
      base POLICY-COMPONENT-TYPE;
      description
        "The identity corresponding to a SUPAPolicyClause
             object instance.";
    }

    grouping supa-policy-clause-type {
      description
        "The parent class for all SUPA Policy Clauses. A
            SUPAPolicyClause is a fundamental building block for
            creating SUPA Policies. A SUPAPolicy is a set of
            statements, and a SUPAPolicyClause can be thought of as all
            or part of a statement. The Decorator pattern [1] is used,
            which enables the contents of a SUPAPolicyClause to be
            adjusted dynamically at runtime without affecting other
            objects of either type. For example, new content can be
            dynamically added or removed by wrapping a SUPAPolicyClause
            with additional object instances. Every SUPAPolicy MUST
            have at least one SUPAPolicyClause.";
      uses supa-policy-component-structure-type {
        refine 
      }

      leaf supa-policy-clause-deploy-status {
        type identityref {
          base POLICY-DEPLOY-STATUS-LIST;
        }
        mandatory true;
        description
          "This defines whether this SUPAPolicy has been
                 deployed and, if so, whether it is enabled and
                 ready to be used or not.";
      }

      leaf-list supa-has-policy-clause-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-CLAUSE-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolicyClause aggregation [1],
                 and is represented by the grouping
                 supa-has-policy-clause-detail. This aggregation
                 describes how each SUPAPolicyClause instance is
                 related to this particular SUPAPolicyStructure
                 instance. For example, this aggregation may restrict
                 which concrete subclasses of the SUPAPolicyStructure
                 class can be associated with which contrete subclasses
                 of the SUPAPolicyClause class. The set of
                 SUPAPolicyClauses, identified by this leaf-list,
                 define the content of this SUPAPolicyStructure.
                 Since this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-clause-detail (which
                 includes subclasses of this association class).";
      }

      leaf-list supa-policy-clause-has-decorator-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAPolicyClauseHasDecorator aggregation
                 [1], and is represented by the grouping
                 supa-policy-clause-has-decorator-detail. This
                 aggregation describes how each SUPAPolicyClause
                 object instance is decorated (i.e., wrapped) by zero
                 or more SUPAPolicyClauseComponentDecorator object
                 instances. For example, this aggregation may restrict
                 which concrete subclasses of the
                 SUPAPolicyClauseComponentDecorator class can wrap
                 this particular contrete subclass of the
                 SUPAPolicyClause class. The set of SUPAPolicyClauses,
                 identified by this leaf-list, define the content of
                 this SUPAPolicyStructure that they are associated
                 with (via the SUPAHasPolicyClause aggregation).

                 Since this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-policy-clause-has-decorator-detail
                 (which includes subclasses of this association
                 class). Note that (concrete) subclasses of this
                 association class may also be used to further refine
                 the semantics of this aggregation.";
      }
    }  // grouping supa-policy-clause-type

    identity POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE {
      base POLICY-COMPONENT-TYPE;
      description
        "The identity corresponding to a
             SUPAPolicyClauseComponentDecorator object instance.";
    }

    grouping supa-policy-clause-component-decorator-type {
      description
        "This object implements the Decorator pattern [1], which
            enables all or part of one or more concrete objects to
            wrap another concrete object. The set of decorated
            objects is then wrapped by a concrete subclass of the
            SUPAPolicyClause object, which enables the
            SUPAPolicyClause object to be changed dynamically at
            runtime without recompilation or redeployment.";
      uses supa-policy-component-structure-type {
        refine 
      }

      leaf-list supa-policy-clause-has-decorator-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
        description
          "This leaf holds instance-identifiers that
                 reference a SUPAPolicyClauseHasDecorator aggregation,
                 [1], and is represented by the grouping
                 supa-policy-clause-has-decorator-detail. This 
                 aggregation describes how each
                 SUPAPolicyClauseComponentDecorator object instance
                 wraps a given SUPAPolicyClause object instance. This
                 enables the behavior of a SUPAPolicyClause object
                 instance to be changed dynamically by attaching and/or
                 removing SUPAPolicyClauseComponentDecorator object
                 instances.
                 Multiple SUPAPolicyClauseComponentDecorator object
                 instances instances may be attached to a
                 SUPAPolicyClause object instance that is referenced in
                 this aggregation by using the Decorator pattern [1].
                 Since this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-policy-clause-has-decorator-detail.
                 Note that (concrete) subclasses of this association
                 class may also be used to further refine the semantics
                 of this aggregation.";
      }

      leaf supa-has-decorated-policy-component-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')";
        description
          "This leaf holds instance-identifiers that
                 reference a SUPAHasDecoratedPolicyComponent
                 aggregation [1], and is represented by the grouping
                 supa-has-decorated-policy-component-detail. This 
                 aggregation describes how each
                 SUPAPolicyClauseComponentDecorator instance is wrapped
                 by a given SUPAPolicyComponentDecorator instance.
                 Multiple SUPAPolicyComponentDecorator instances may be
                 attached to a SUPAPolicyClauseComponentDecorator
                 instance that is referenced in this aggregation by
                 using the Decorator pattern [1]. Since this
                 association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping
                 supa-has-decorated-policy-component-detail.";
      }

      leaf-list supa-pol-clause-constraint {
        type string;
        description
          "This is a set of constraint expressions that are
                applied to this decorator object instance. These
                constraints restrict the semantics of this object
                instance, and hence, restrict how these objects
                interact with the SUPAPolicyClause object instance
                that is aggregating them. For example, this attribute
                could restrict how a concrete subclass, such as
                SUPAPolicyEvent, is used. The constraints are defined
                using an appropriate constraint language that is
                specified in the supa-pol-clause-constraint-encoding
                leaf.";
      }

      leaf supa-pol-clause-constraint-encoding {
        type identityref {
          base POLICY-CONSTRAINT-LANGUAGE-LIST;
        }
        description
          "The language in which the constraints on the
                SUPAPolicyClauseComponentDecorator is expressed.
                Examples include OCL 2.4 [2], Alloy [3], and
                English text.";
      }
    }  // grouping supa-policy-clause-component-decorator-type

    identity POLICY-COMPONENT-DECORATOR-TYPE {
      base POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE;
      description
        "The identity corresponding to a
             SUPAPolicyComponentDecorator object instance.";
    }

    grouping supa-policy-component-decorator-type {
      description
        "This object implements the Decorator pattern [1], which
            enables all or part of one or more concrete objects of
            the SUPAPolicyClauseComponentDecorator class to create a
            set of wrapped objects that are in turn aggregated by a
            SUPAPolicyClause object. This enables the SUPAPolicyClause
            object to be changed dynamically at runtime without
            recompilation or redeployment.";
      uses supa-policy-clause-component-decorator-type {
        refine 
      }

      leaf-list supa-has-decorated-policy-component-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')";
        description
          "This leaf holds instance-identifiers that
                 reference a SUPAHasDecoratedPolicyComponent
                 aggregation [1], and is represented by the grouping
                 supa-has-decorated-policy-component-detail. This 
                 aggregation describes how each
                 SUPAPolicyComponentDecorator instance wraps a given
                 SUPAPolicyClauseComponentDecorator instance.
                 Multiple SUPAPolicyComponentDecorator instances may be
                 attached to a SUPAPolicyClauseComponentDecorator
                 instance that is referenced in this aggregation by
                 using the Decorator pattern [1]. Since this
                 association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping
                 supa-has-decorated-policy-component-detail.";
      }

      leaf-list supa-pol-comp-constraint {
        type string;
        description
          "This is a set of constraint expressions that are
                applied to this decorator object instance. These
                constraints restrict the semantics of this object
                instance, and hence, restrict how these objects
                interact with the SUPAPolicyClauseComponentDecorator
                object instance that they are wrapping. For example,
                this attribute could restrict how a concrete subclass
                of SUPAPolicyComponentDecorator is used. The
                constraints are defined using an appropriate constraint
                language that is specified in the
                supa-pol-comp-constraint-encoding leaf.";
      }

      leaf supa-pol-comp-constraint-encoding {
        type identityref {
          base POLICY-CONSTRAINT-LANGUAGE-LIST;
        }
        description
          "The language in which constraints on the
                SUPAPolicyComponentDecorator is expressed.
                Examples include OCL 2.4 [2], Alloy [3], and
                English text.";
      }
    }  // grouping supa-policy-component-decorator-type

    identity POLICY-ENCODED-CLAUSE-TYPE {
      base POLICY-COMPONENT-CLAUSE-TYPE;
      description
        "The identity corresponding to a SUPAEncodedClause
             object instance.";
    }

    grouping supa-encoded-clause-type {
      description
        "This class refines the behavior of the supa-policy-clause
            by encoding the contents of the clause into the attributes
            of this object. This enables clauses that are not based on
            other SUPA objects to be modeled. For example, a POLICY
            Application could define a CLI or YANG configuration
            snippet and encode that snipped into a SUPAEncodedClause.
            Note that a SUPAEncodedClause simply defines the content
            of the clause. In particular, it does NOT provide a
            response. The policy engine that is parsing and evaluating
            the SUPAPolicy needs to assign a response to any
            SUPAEncodedClause that it encounters.";
      uses supa-policy-clause-type {
        refine 
      }

      leaf supa-encoded-clause-content {
        type string;
        mandatory true;
        description
          "This defines the content of this SUPAEncodedClause.
                Since the target is YANG, the supaEncodedClauseEncoding
                attribute is NOT required, and therefore, not mapped.";
      }

      leaf supa-encoded-clause-language {
        type enumeration {
          enum "error" {
            value 0;
            description
              "This signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAEncodedClause if the
                         value of this attribute is error.";
          }
          enum "init" {
            value 1;
            description
              "This signifies an initialization state.";
          }
          enum "YANG" {
            value 2;
            description
              "This defines the language used in this
                         SUPAEncodedClause as a type of YANG.
                         Additional details may be provided by
                         attaching a SUPAPolicyMetadata object to
                         this SUPAEncodedClause object instance.";
          }
          enum "XML" {
            value 3;
            description
              "This defines the language as a type of XML.
                         Additional details may be provided by
                         attaching a SUPAPolicyMetadata object to
                         this SUPAEncodedClause object instance.";
          }
          enum "TL1" {
            value 4;
            description
              "This defines the language as a type of
                         Transaction Language 1. Additional details may
                         be provided by attaching a SUPAPolicyMetadata
                         object to this SUPAEncodedClause object
                         instance.";
          }
          enum "Text" {
            value 5;
            description
              "This is a textual string that can be used to
                         define a language choice that is not listed
                         by a specific enumerated value. This string
                         MUST be parsed by the policy system to
                         identify the language being used.
                         A SUPAPolicyMetadata object (represented as a
                         supa-policy-metadata-type leaf) can be used to
                         provide further details about the language";
          }
        }
        mandatory true;
        description
          "Indicates the language used for this SUPAEncodedClause
                object instance. Prescriptive and/or descriptive
                information about the usage of this SUPAEncodedClause
                may be provided by one or more SUPAPolicyMetadata
                objects, which are each attached to the object
                instance of this SUPAEncodedClause.";
      }
    }  // grouping supa-encoded-clause-type

    container supa-encoding-clause-container {
      description
        "This is a container to collect all object instances of
             type SUPAEncodedClause.";
      list supa-encoding-clause-list {
        key "supa-policy-ID";
        description
          "A list of all instances of supa-encoding-clause-type.
                 If a module defines subclasses of the encoding clause,
                 those will be stored in a separate container.";
        uses supa-encoded-clause-type;
      }  // list supa-encoding-clause-list
    }  // container supa-encoding-clause-container

    identity POLICY-COMPONENT-TERM-TYPE {
      base POLICY-COMPONENT-DECORATOR-TYPE;
      description
        "The identity corresponding to a SUPAPolicyTerm object
             instance.";
    }

    grouping supa-policy-term-type {
      description
        "This is the superclass of all SUPA policy objects that are
            used to test or set the value of a variable. It does this
            by defining a {variable-operator-value} three-tuple, where
            each element of the three-tuple is defined by a concrete
            subclass of the appropriate type (e.g., SUPAPolicyVariable,
            SUPAPolicyOperator, or SUPAPolicyVariable).";
      uses supa-policy-component-decorator-type {
        refine 
      }

      leaf supa-policy-term-is-negated {
        type boolean;
        description
          "If the value of this attribute is true, then
                this particular term is negated.";
      }
    }  // grouping supa-policy-term-type

    identity POLICY-COMPONENT-VARIABLE-TYPE {
      base POLICY-COMPONENT-TERM-TYPE;
      description
        "The identity corresponding to a SUPAPolicyVariable
             object instance.";
    }

    grouping supa-policy-variable-type {
      description
        "This is one formulation of a SUPA Policy Clause. It uses
            the canonical form of an expression, which is a three-tuple
            in the form {variable, operator, value}. In this approach,
            each of the three terms can either be a subclass of the
            appropriate SUPAPolicyTerm class, or another object that
            plays the role (i.e., a variable) of that term. The
            attribute defined by the supa-policy-variable-name
            specifies the name of an attribute whose content should be
            compared to the value portion of a SUPAPolicyTerm, which is
            typically specified by a SUPAPolicyValue object.";
      uses supa-policy-term-type {
        refine 
      }

      leaf supa-policy-variable-name {
        type string;
        description
          "A human-readable name for this policy variable.";
      }
    }  // grouping supa-policy-variable-type

    container supa-policy-variable-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyVariable.";
      list supa-policy-variable-list {
        key "supa-policy-ID";
        description
          "List of all instances of supa-policy-variable-type.
                 If a module defines subclasses of this class,
                 those will be stored in a separate container.";
        uses supa-policy-variable-type;
      }  // list supa-policy-variable-list
    }  // container supa-policy-variable-container

    identity POLICY-COMPONENT-OPERATOR-TYPE {
      base POLICY-COMPONENT-TERM-TYPE;
      description
        "The identity corresponding to a SUPAPolicyOperator
             object instance.";
    }

    grouping supa-policy-operator-type {
      description
        "This is one formulation of a SUPA Policy Clause. It uses
            the canonical form of an expression, which is a three-tuple
            in the form {variable, operator, value}. In this approach,
            each of the three terms can either be a subclass of the
            appropriate SUPAPolicyTerm class, or another object that
            plays the role (i.e., an operator) of that term.
            The value of the supa-policy-value-op-type attribute
            specifies an operator that SHOULD be used to compare the
            variable and value portions of a SUPAPolicyTerm. This is
            typically specified by a SUPAPolicyOperator object.";
      uses supa-policy-term-type {
        refine 
      }

      leaf supa-policy-value-op-type {
        type enumeration {
          enum "error" {
            value 0;
            description
              "This signifies an error state.";
          }
          enum "init" {
            value 1;
            description
              "This signifies an initialization state.";
          }
          enum "greater than" {
            value 2;
            description
              "A greater-than operator.";
          }
          enum "greater than or equal to" {
            value 3;
            description
              "A greater-than-or-equal-to operator.";
          }
          enum "less than" {
            value 4;
            description
              "A less-than operator.";
          }
          enum "less than or equal to" {
            value 5;
            description
              "A less-than-or-equal-to operator.";
          }
          enum "equal to" {
            value 6;
            description
              "An equal-to operator.";
          }
          enum "not equal to" {
            value 7;
            description
              "A not-equal-to operator.";
          }
          enum "IN" {
            value 8;
            description
              "An operator that determines whether a given
                         value of a variable in a SUPAPolicyTerm
                         matches a value in a SUPAPolicyTerm.";
          }
          enum "NOT IN" {
            value 9;
            description
              "An operator that determines whether a given
                         variable in a SUPAPolicyTerm does not match
                         any of the specified values in a
                         SUPAPolicyTerm.";
          }
          enum "SET" {
            value 10;
            description
              "An operator that makes the value of the
                         result equal to the input value.";
          }
          enum "CLEAR" {
            value 11;
            description
              "An operator that sets the value of the
                         specified object to a value that is 0 for
                         integer datatypes, an empty string for
                         textual datatypes, and FALSE for Boolean
                         datatypes. This value MUST NOT be NULL.";
          }
          enum "BETWEEN" {
            value 12;
            description
              "An operator that determines whether a given
                         value is within a specified range of values.
                         Note that this is an inclusive operator.";
          }
        }
        mandatory true;
        description
          "The type of operator used to compare the variable
                 and value portions of this SUPAPolicyTerm.";
      }
    }  // grouping supa-policy-operator-type

    container supa-policy-operator-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyOperator.";
      list supa-policy-operator-list {
        key "supa-policy-ID";
        description
          "List of all instances of supa-policy-operator-type.
                 If a module defines subclasses of this class,
                 those will be stored in a separate container.";
        uses supa-policy-operator-type;
      }  // list supa-policy-operator-list
    }  // container supa-policy-operator-container

    identity POLICY-COMPONENT-VALUE-TYPE {
      base POLICY-COMPONENT-TERM-TYPE;
      description
        "The identity corresponding to a SUPAPolicyValue
             object instance.";
    }

    grouping supa-policy-value-type {
      description
        "This is one formulation of a SUPA Policy Clause. It uses
            the canonical form of an expression, which is a three-tuple
            in the form {variable, operator, value}. In this approach,
            each of the three terms can either be a subclass of the
            appropriate SUPAPolicyTerm class, or another object that
            plays the role (i.e., a value) of that term. The
            attribute defined by supa-policy-value-content specifies a
            a value (which is typically specified by a subclass of
            SUPAPolicyVariable) that should be compared to a value in
            the variable portion of the SUPAPolicyTerm.";
      uses supa-policy-term-type {
        refine 
      }

      leaf-list supa-policy-value-content {
        type string;
        description
          "The content of the value portion of this SUPA Policy 
                Clause. The data type of the content is specified in
                the supa-policy-value-encoding attribute.";
      }

      leaf supa-policy-value-encoding {
        type identityref {
          base POLICY-DATA-TYPE-ENCODING-LIST;
        }
        description
          "The data type of the supa-policy-value-content
                 attribute.";
      }
    }  // grouping supa-policy-value-type

    container supa-policy-value-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyValue.";
      list supa-policy-value-list {
        key "supa-policy-ID";
        description
          "List of all instances of supa-policy-value-type.
                 If a module defines subclasses of this class,
                 those will be stored in a separate container.";
        uses supa-policy-value-type;
      }  // list supa-policy-value-list
    }  // container supa-policy-value-container

    identity POLICY-GENERIC-DECORATED-TYPE {
      base POLICY-COMPONENT-DECORATOR-TYPE;
      description
        "The identity corresponding to a
             SUPAGenericDecoratedComponent object instance.";
    }

    grouping supa-policy-generic-decorated-type {
      description
        "This class enables a generic object to be defined and
            used as a decorator in a SUPA Policy Clause. This class
            should not be confused with the SUPAEncodedClause class.
            A SUPAGenericDecoratedComponent object represents a single,
            atomic object that defines a portion of the contents of a
            SUPAPolicyClause, whereas a SUPAPolicyEncodedClause
            represents the entire contents of a SUPAPolicyClause.";
      uses supa-policy-component-decorator-type {
        refine 
      }

      leaf-list supa-policy-generic-decorated-content {
        type string;
        description
          "The content of this SUPAGenericDecoratedComponent
                object instance. The data type of this attribute is
                specified in the leaf
                supa-policy-generic-decorated-encoding.";
      }

      leaf supa-policy-generic-decorated-encoding {
        type identityref {
          base POLICY-DATA-TYPE-ENCODING-LIST;
        }
        description
          "The datatype of the
                 supa-policy-generic-decorated-content attribute.";
      }
    }  // grouping supa-policy-generic-decorated-type

    container supa-policy-generic-decorated-container {
      description
        "This is a container to collect all object instances of
             type SUPAGenericDecoratedComponent.";
      list supa-encoding-clause-list {
        key "supa-policy-ID";
        description
          "List of all instances of
                 supa-policy-generic-decorated-type. If a module
                 defines subclasses of this class, those will be
                 stored in a separate container.";
        uses supa-policy-generic-decorated-type;
      }  // list supa-encoding-clause-list
    }  // container supa-policy-generic-decorated-container

    identity POLICY-STRUCTURE-TYPE {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a SUPAPolicyStructure
             object instance.";
    }

    grouping supa-policy-structure-type {
      description
        "A superclass for all objects that represent different types
            of SUPAPolicies. Currently, this is limited to a single
            type, which is the event-condition-action (ECA) Policy
            Rule. A SUPA Policy may be an individual policy, or a set
            of policies. Subclasses MAY support this feature by
            implementing the composite pattern.";
      uses supa-policy-object-type {
        refine 
      }

      leaf supa-policy-admin-status {
        type enumeration {
          enum "error" {
            value 0;
            description
              "This signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicy if the value
                         of this attribute is error.";
          }
          enum "init" {
            value 1;
            description
              "This signifies an initialization state.";
          }
          enum "enabled" {
            value 2;
            description
              "This signifies that this SUPAPolicy has been
                         administratively enabled.";
          }
          enum "disabled" {
            value 3;
            description
              "This signifies that this SUPAPolicy has been
                         administratively disabled.";
          }
          enum "in test" {
            value 4;
            description
              "This signifies that this SUPAPolicy has been
                         administratively placed into test mode, and
                         SHOULD NOT be used as part of an operational
                         policy rule.";
          }
        }
        mandatory true;
        description
          "The current admnistrative status of this SUPAPolicy.";
      }

      leaf supa-policy-continuum-level {
        type uint32;
        description
          "This is the current level of abstraction of this
                 particular SUPAPolicyRule. By convention, the
                 values 0 and 1 should be used for error and
                 initialization states; a value of 2 is the most
                 abstract level, and higher values denote more
                 concrete levels.";
      }

      leaf supa-policy-deploy-status {
        type enumeration {
          enum "error" {
            value 0;
            description
              "This signifies an error state.";
          }
          enum "init" {
            value 1;
            description
              "This signifies an initialization state.";
          }
          enum "deployed and enabled" {
            value 2;
            description
              "This SUPAPolicy has been deployed in the
                         system and is currently enabled.";
          }
          enum "deployed and in test" {
            value 3;
            description
              "This SUPAPolicy has been deployed in the
                         system, but is currently in test and SHOULD
                         NOT be used in OAM&P policies.";
          }
          enum "deployed but not enabled" {
            value 4;
            description
              "This SUPAPolicy has been deployed in the
                         system, but has been administratively
                         disabled.";
          }
          enum "ready to be deployed" {
            value 5;
            description
              "This SUPAPolicy has been properly initialized,
                         and is now ready to be deployed.";
          }
          enum "cannot be deployed" {
            value 6;
            description
              "This SUPAPolicy has been administratively
                         disabled, and SHOULD NOT be used as part of
                         an OAM&P policy.";
          }
        }
        mandatory true;
        description
          "This attribute defines whether this SUPAPolicy has
                 been deployed and, if so, whether it is enabled and
                 ready to be used or not.";
      }

      leaf supa-policy-exec-fail-strategy {
        type enumeration {
          enum "error" {
            value 0;
            description
              "This signifies an error state.";
          }
          enum "init" {
            value 1;
            description
              "This signifies an initialization state.";
          }
          enum "rollback all" {
            value 2;
            description
              "This means that execution of this SUPAPolicy
                         SHOULD be stopped, and rollback of all
                         SUPAPolicyActions (whether they were
                         successfully executed or not) performed by
                         this particular SUPAPolicy is attempted. Also,
                         all SUPAPolicies that otherwise would have
                         been executed as a result of this SUPAPolicy
                         SHOULD NOT be executed.";
          }
          enum "rollback single" {
            value 3;
            description
              "This means that execution of this SUPAPolicy
                         SHOULD be stopped, and rollback is attempted
                         for ONLY the SUPAPolicyAction (belonging to
                         this particular SUPAPolicy) that failed to
                         execute correctly. All remaining actions
                         including SUPAPolicyActions and SUPAPolicies
                         that otherwise would have been executed as a
                         result of this SUPAPolicy, SHOULD NOT
                         be executed.";
          }
          enum "stop execution" {
            value 4;
            description
              "This means that execution of this SUPAPolicy
                         SHOULD be stopped without any other action
                         being performed; this includes corrective
                         actions, such as rollback, as well as any
                         SUPAPolicyActions or SUPAPolicies that
                         otherwise would have been executed.";
          }
          enum "ignore" {
            value 5;
            description
              "This means that any failures produced by this
                         SUPAPolicy SHOULD be ignored, and hence, no
                         corrective actions, such as rollback, will
                         be performed at this time. Hence, any other
                         SUPAPolicyActions or SUPAPolicies SHOULD
                         continue to be executed.";
          }
        }
        mandatory true;
        description
          "This defines what actions, if any, should be taken by
                 this particular SUPA Policy Rule if it fails to
                 execute correctly. Some implementations may not be
                 able to accommodate the rollback failure options;
                 hence, these options may be skipped.";
      }

      leaf-list supa-has-policy-source-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-SOURCE-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference SUPAHasPolicySource associations [1].
                 This association is represented by the grouping 
                 supa-has-policy-source-detail, and describes how
                 this SUPAPolicyStructure instance is related to a
                 set of SUPAPolicySource instances. Each
                 SUPAPolicySource instance defines a set of
                 unambiguous sources of this SUPAPolicy. Since
                 this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-source-detail (which
                 includes subclasses of this association class).";
      }

      leaf-list supa-has-policy-target-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-TARGET-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference SUPAHasPolicyTarget associations [1].
                 This association is represented by the grouping 
                 supa-has-policy-target-detail, and describes how
                 this SUPAPolicyStructure instance is related to a
                 set of SUPAPolicyTarget instances.
                 Each SUPAPolicyTarget instance defines a set of
                 unambiguous managed entities to which this
                 SUPAPolicy will be applied to. Since this association
                 class contains attributes, the instance-identifier
                 MUST point to an instance using the grouping
                 supa-has-policy-target-detail (which includes
                 subclasses of this association class).";
      }

      leaf-list supa-has-policy-clause-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-CLAUSE-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference SUPAHasPolicyClause associations [1]. This
                 association is represented by the grouping
                 supa-has-policy-clause-detail. This association
                 describes how this particular SUPAPolicyStructure
                 instance is related to this set of SUPAPolicyClause

                 instances. Since this association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the supa-has-policy-clause-detail
                 (which includes subclasses of this association
                 class).";
      }

      leaf-list supa-has-policy-exec-fail-action-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolExecFailtActionToTake
                 association [1]. This association is represented by
                 the supa-has-policy-exec-action-detail grouping. This
                 association relates this SUPAPolicyStructure instance
                 (the parent) to one or more SUPAPolicyStructure
                 instances (the children), where each child
                 SUPAPolicyStructure contains one or more
                 SUPAPolicyActions to be executed if the parent
                 SUPAPolicyStructure instance generates an error while
                 it is executing. Since this association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the grouping
                 supa-has-policy-exec-action-detail (which includes
                 subclasses of this association class).";
      }

      leaf-list supa-has-policy-exec-fail-action-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')";
        min-elements 1;
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolExecFailtActionToTake
                 association [1]. This association is represented by
                 the supa-has-policy-exec-action-detail grouping. This
                 association relates this SUPAPolicyStructure instance
                 (the child) to another SUPAPolicyStructure instance
                 (the parent). The child SUPAPolicyStructure contains
                 one or more SUPAPolicyActions to be executed if the
                 parent SUPAPolicyStructure instance generates an error
                 while it is executing; the parent SUPAPolicyStructure
                 contains one or more child SUPAPolicyStructure
                 instances to enable it to choose how to handle each
                 type of failure. Since this association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the grouping
                 supa-has-policy-exec-action-detail (which includes
                 subclasses of this association class).";
      }
    }  // grouping supa-policy-structure-type

    identity POLICY-SOURCE-TYPE {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a SUPAPolicySource
             object instance.";
    }

    grouping supa-policy-source-type {
      description
        "This object defines a set of managed entities that
            authored, or are otherwise responsible for, this
            SUPAPolicy. Note that a SUPAPolicySource does NOT evaluate
            or execute SUPAPolicies. Its primary use is for
            auditability and the implementation of deontic logic (i.e.,
            how concepts such as obligation and permission work) and/or
            alethic logic (i.e., how concepts such as necessity,
            possibility, and contigency work). It is expected that this
            grouping will be extended (i.e., subclassed) when used, so
            that the system an add specific information appropriate to
            sources of policy of that particular system.";
      uses supa-policy-object-type {
        refine 
      }

      leaf-list supa-has-policy-source-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-SOURCE-ASSOC')";
        description
          "This leaf-list holds the instance-identifiers that
                 reference a SUPAHasPolicySource association [1], which
                 is represented by the supa-has-policy-source-detail
                 grouping. This association describes how each
                 SUPAPolicySource instance is related to this
                 particular SUPAPolicyStructure instance.
                 Since this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-source-detail (which
                 includes subclasses of this association class).";
      }
    }  // grouping supa-policy-source-type

    container supa-policy-source-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicySource.";
      list supa-policy-source-list {
        key "supa-policy-ID";
        description
          "A list of all supa-policy-source instances in the
                 system.";
        uses supa-policy-source-type;
      }  // list supa-policy-source-list
    }  // container supa-policy-source-container

    identity POLICY-TARGET-TYPE {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a SUPAPolicyTarget
             object instance.";
    }

    grouping supa-policy-target-type {
      description
        "This object defines a set of managed entities that a
            SUPAPolicy is applied to.  It is expected that this
            grouping will be extended (i.e., subclassed) when used,
            so that the system can add specific information
            appropriate to policy targets of that particular system.";
      uses supa-policy-object-type {
        refine 
      }

      leaf-list supa-has-policy-target-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-TARGET-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolicyTarget association. This is
                 represented by the supa-has-policy-target-detail
                 grouping. This association describes how each
                 SUPAPolicyTarget instance is related to a particular
                 SUPAPolicyStructure instance. For example, this
                 association may restrict which SUPAPolicyTarget
                 instances can be used by which SUPAPolicyStructure
                 instances. The SUPAPolicyTarget defines a
                 set of managed entities that this SUPAPolicyStructure
                 will be applied to. Since this association class
                 contains attributes, the instance-identifier MUST
                 point to an instance using the grouping
                 supa-has-policy-target-detail (which
                 includes subclasses of this association class).";
      }
    }  // grouping supa-policy-target-type

    container supa-policy-target-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyTarget.";
      list supa-policy-target-list {
        key "supa-policy-ID";
        description
          "A list of all supa-policy-target instances in the
                 system.";
        uses supa-policy-target-type;
      }  // list supa-policy-target-list
    }  // container supa-policy-target-container

    identity POLICY-METADATA-TYPE {
      base SUPA-ROOT-TYPE;
      description
        "The identity corresponding to a SUPAPolicyMetadata
             object instance.";
    }

    grouping supa-policy-metadata-type {
      description
        "This is the superclass of all metadata classes. Metadata
            is information that describes and/or prescribes the
            characteristics and behavior of another object that is
            not an inherent, distinguishing characteristics or
            behavior of that object.";
      leaf entity-class {
        type identityref {
          base SUPA-ROOT-TYPE;
        }
        description
          "The identifier of the class of this grouping.";
      }

      leaf supa-policy-metadata-id {
        type string;
        mandatory true;
        description
          "This represents the object identifier of an instance
                 of this class. This attribute is named
                 supaPolMetadataIDContent in [1], and is used with
                 another attribute (supaPolMetadataIDEncoding); since
                 the YANG data model does not need this genericity, the
                 supaPolMetadataIDContent attribute was renamed to
                 supa-policy-metadata-id, and the
                 supaPolMetadataIDEncoding attribute was not mapped.";
      }

      leaf supa-policy-metadata-description {
        type string;
        description
          "This contains a free-form textual description of this
                 metadata object (e.g., what it may be used for).";
      }

      leaf supa-policy-metadata-name {
        type string;
        description
          "This contains a human-readable name for this
                 metadata object.";
      }

      leaf-list supa-has-policy-metadata-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-METADATA-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasPolicyMetadata association [1],
                 which is represented by the grouping
                 supa-has-policy-metadata-detail. Each instance-
                 identifier defines a unique set of information that
                 describe and/or prescribe additional information,
                 provided by this SUPAPolicyMetadata instance, that can
                 be associated with this SUPAPolicyObject instance.
                 Multiple SUPAPolicyMetadata objects may be attached to
                 a concrete subclass of the SUPAPolicyObject class that
                 is referenced in this association by using the
                 Decorator pattern [1]. For example, a
                 SUPAPolicyVersionMetadataDef instance could wrap a
                 SUPAECAPolicyRuleAtomic instance; this would define
                 the version of this particular SUPAECAPolicyRuleAtomic
                 instance. Since this association class contains
                 attributes, the instance-identifier MUST point to an
                 instance using the grouping
                 supa-has-policy-metadata-detail (which includes
                 subclasses of this association class).";
      }

      leaf-list supa-has-policy-metadata-dec-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')";
        min-elements 1;
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasMetadaDecorator association [1].
                 This association is represented by the grouping
                 supa-has-policy-metadata-dec-detail. This association
                 describes how a SUPAPolicyMetadataDecorator instance
                 wraps a given SUPAPolicyMetadata instance using the
                 Decorator pattern [1]. Multiple concrete subclasses
                 of SUPAPolicyMetadataDecorator may be used to wrap
                 the same SUPAPolicyMetadata instance.
                 Since this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-metadata-dec-detail (which
                 includes subclasses of this association class).";
      }
    }  // grouping supa-policy-metadata-type

    identity POLICY-METADATA-CONCRETE-TYPE {
      base POLICY-METADATA-TYPE;
      description
        "The identity corresponding to a SUPAPolicyConcreteMetadata
             object instance.";
    }

    grouping supa-policy-concrete-metadata-type {
      description
        "This is a concrete class that will be wrapped by concrete
            instances of the SUPA Policy Metadata Decorator class. It
            can be viewed as a container for metadata that will be
            attached to a subclass of SUPA Policy Object. It may
            contain all or part of one or more metadata subclasses.";
      uses supa-policy-metadata-type {
        refine 
      }

      leaf supa-policy-metadata-valid-period-end {
        type yang:date-and-time;
        description
          "This defines the ending date and time that this
                 metadata object is valid for.";
      }

      leaf supa-policy-metadata-valid-period-start {
        type yang:date-and-time;
        description
          "This defines the starting date and time that this
                 metadata object is valid for.";
      }
    }  // grouping supa-policy-concrete-metadata-type

    container supa-policy-concrete-metadata-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyConcreteMetadata.";
      list supa-policy-concrete-metadata-list {
        key "supa-policy-metadata-id";
        description
          "A list of all supa-policy-metadata instances in the
                 system.";
        uses supa-policy-concrete-metadata-type;
      }  // list supa-policy-concrete-metadata-list
    }  // container supa-policy-concrete-metadata-container

    identity POLICY-METADATA-DECORATOR-TYPE {
      base POLICY-METADATA-TYPE;
      description
        "The identity corresponding to a
             SUPAPolicyMetadataDecorator object instance.";
    }

    grouping supa-policy-metadata-decorator-type {
      description
        "This object implements the Decorator pattern [1] for all
             SUPA metadata objects. This enables all or part of one or
             more metadata objects to wrap another concrete metadata
             object. The only concrete subclass of SUPAPolicyMetadata
             in this document is SUPAPolicyConcreteMetadata.";
      uses supa-policy-metadata-type {
        refine 
      }

      leaf supa-has-policy-metadata-dec-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAHasMetadaDecorator association [1].
                 This association is represented by the grouping
                 supa-has-policy-metadata-dec-detail. This association
                 describes how a SUPAPolicyMetadataDecorator instance
                 wraps a given SUPAPolicyMetadata instance
                 using the Decorator pattern [1]. Multiple concrete
                 subclasses of SUPAPolicyMetadataDecorator may be used
                 to wrap the same SUPAPolicyMetadata instance. Since
                 this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-has-policy-metadata-dec-detail (which
                 includes subclasses of this association class).";
      }
    }  // grouping supa-policy-metadata-decorator-type

    identity POLICY-METADATA-DECORATOR-ACCESS-TYPE {
      base POLICY-METADATA-DECORATOR-TYPE;
      description
        "The identity corresponding to a
             SUPAPolicyAccessMetadataDef object instance.";
    }

    grouping supa-policy-metadata-decorator-access-type {
      description
        "This is a concrete class that defines metadata for access
             control information that can be added to any
             SUPAPolicyObject object instance.
             This is done using the SUPAHasPolicyMetadata association
             in conjunction with the Decorator pattern [1].";
      uses supa-policy-metadata-decorator-type {
        refine 
      }

      leaf supa-policy-metadata-access-priv-def {
        type enumeration {
          enum "error" {
            value 0;
            description
              "This signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicyAccessMetadataDef
                         if the value of this attribute is error.";
          }
          enum "init" {
            value 1;
            description
              "This signifies an initialization state.";
          }
          enum "read only" {
            value 2;
            description
              "This defines access as read only for ALL
                         SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         As such, an explicit access control model,
                         such as RBAC [7], is NOT present.";
          }
          enum "read write" {
            value 3;
            description
              "This defines access as read and/or write for
                         ALL SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         As such, an explicit access control model,
                         such as RBAC [7], is NOT present.";
          }
          enum "specified by MAC" {
            value 4;
            description
              "This uses an external Mandatory Access Control
                         (MAC) [7] model to define access control for
                         ALL SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         The name and location of this access control
                         model are specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this SUPAPolicyAccessMetadataDef
                         object.";
          }
          enum "specified by DAC" {
            value 5;
            description
              "This uses an external Discretionary Access
                         Control (DAC) [7] model to define access
                         control for ALL SUPAPolicyObject objects that
                         are adorned with this 
                         SUPAPolicyAccessMetadataDef object. The name
                         and location of this access control model are
                         specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this SUPAPolicyAccessMetadataDef
                         object.";
          }
          enum "specified by RBAC" {
            value 6;
            description
              "This uses an external Role-Based Access Control
                         (RBAC) [7] model to define access control for
                         ALL SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         The name and location of this access control
                         model are specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this SUPAPolicyAccessMetadataDef
                         object.";
          }
          enum "specified by ABAC" {
            value 7;
            description
              "This uses an external Attribute-Based Access
                         Control (ABAC) [8] model to define access
                         control for ALL SUPAPolicyObject objects that
                         are adorned with this
                         SUPAPolicyAccessMetadataDef object. The name
                         and location of this access control model are
                         specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this SUPAPolicyAccessMetadataDef
                         object.";
          }
          enum "specified by custom" {
            value 8;
            description
              "This uses an external Custom Access Control
                         model to define access control for ALL
                         SUPAPolicyObject objects that are adorned
                         with this SUPAPolicyAccessMetadataDef object.
                         The name and location of this access control
                         model are specified, respectively, in the
                         supa-policy-metadata-access-priv-model-name
                         and supa-policy-metadata-access-priv-model-ref
                         attributes of this SUPAPolicyAccessMetadataDef
                         object.";
          }
        }
        description
          "This defines the type of access control model that is
                 used by this SUPAPolicyObject object instance.";
      }

      leaf supa-policy-metadata-access-priv-model-name {
        type string;
        description
          "This contains the name of the access control model
                 being used. If the value of the
                 supa-policy-metadata-access-priv-model-ref is
                 error, then this SUPAPolicyAccessMetadataDef object
                 MUST NOT be used. If the value of the
                 supa-policy-metadata-access-priv-model-ref is init,
                 then this SUPAPolicyAccessMetadataDef object has been
                 properly initialized, and is ready to be used. If the
                 value of the supa-policy-metadata-access-priv-model-ref
                 is read only or read write, then the value of this
                 attribute is not applicable (because a type of model
                 is NOT being defined; instead, the access control for
                 all SUPAPolicyObjects is being defined).
                 Otherwise, the text in this class attribute SHOULD be
                 interpreted according to the value of the
                 supa-policy-metadata-access-priv-model-ref class
                 attribute.";
      }

      leaf supa-policy-metadata-access-priv-model-ref {
        type enumeration {
          enum "error" {
            value 0;
            description
              "This signifies an error state. OAM&P Policies
                         SHOULD NOT use this SUPAPolicyAccessMetadataDef
                         object if the value of this attribute is
                         error.";
          }
          enum "init" {
            value 1;
            description
              "This signifies an initialization state.";
          }
          enum "URI" {
            value 2;
            description
              "The access control model is referenced by
                         this URI.";
          }
          enum "GUID" {
            value 3;
            description
              "The access control model is referenced by
                         this GUID.";
          }
          enum "UUID" {
            value 4;
            description
              "The access control model is referenced by
                         this UUID.";
          }
          enum "FQDN" {
            value 5;
            description
              "The access control model is referenced by
                         this FQDN.";
          }
          enum "FQPN" {
            value 6;
            description
              "The access control model is referenced by
                         this FQPN.";
          }
          enum "string_instance_id" {
            value 7;
            description
              "A string that is the canonical representation,
                         in ASCII, of an instance ID of this object.";
          }
        }
        description
          "This defines the data type of the
                 supa-policy-metadata-access-priv-model-name
                 attribute.";
      }
    }  // grouping supa-policy-metadata-decorator-access-type

    container supa-policy-metadata-decorator-access-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyAccessMetadataDef.";
      list supa-policy-metadata-decorator-access-list {
        key "supa-policy-metadata-id";
        description
          "A list of all supa-policy-metadata-decorator-access
                instances in the system.  Instances of subclasses
                will be in a separate list.";
        uses supa-policy-metadata-decorator-type;
      }  // list supa-policy-metadata-decorator-access-list
    }  // container supa-policy-metadata-decorator-access-container

    identity POLICY-METADATA-DECORATOR-VERSION-TYPE {
      base POLICY-METADATA-DECORATOR-TYPE;
      description
        "The identity corresponding to a
             SUPAPolicyVersionMetadataDef object instance.";
    }

    grouping supa-policy-metadata-decorator-version-type {
      description
        "This is a concrete class that defines metadata for version
             control information that can be added to any
             SUPAPolicyObject. This is done using the
             SUPAHasPolicyMetadata association. This class uses the
             Semantic Versioning Specification [6] as follows:
               <major>.<minor>.<patch>[<pre-release>][<build-metadata>]
             where the first three components (major, minor, and patch)
             MUST be present, and the latter two components (pre-release
             and build-metadata) MAY be present. A version number MUST
             take the form <major>.<minor>.<patch>, where <major>,
             <minor>, and <patch> are each non-negative integers that
             MUST NOT contain leading zeros. In addition, the value of
             each of these three elements MUST increase numerically.
             In this approach, supaVersionMajor denotes a new release;
             supaVersionMinor denotes a minor release; supaVersionPatch
             denotes a version that consists ONLY of bug fixes. Version
             precedence MUST be calculated by separating the version
             into major, minor, patch, and pre-release identifiers, in
             that order. See [1] for more information.";
      uses supa-policy-metadata-decorator-type {
        refine 
      }

      leaf supa-policy-metadata-version-major {
        type string;
        description
          "This contains a string representation of an integer
                 that is greater than or equal to zero. It indicates
                 that a significant increase in functionality is present
                 in this version. It MAY also indicate that this version
                 has changes that are NOT backwards-compatible (the
                 supa-policy-metadata-version-build class attribute is
                 used to denote such changes). The string 0.1.0
                 defines an initial version that MUST NOT be considered
                 stable. Improvements to this initial version are
                 denoted by incrementing the minor and patch class
                 attributes (supa-policy-metadata-version-major and
                 supa-policy-metadata-version-patch, respectively). The
                 major version X (i.e., X.y.z, where X > 0) MUST be
                 incremented if any backwards-incompatible changes are
                 introduced. It MAY include minor and patch level
                 changes. The minor and patch version numbers MUST be
                 reset to 0 when the major version number is
                 incremented.";
      }

      leaf supa-policy-metadata-version-minor {
        type string;
        description
          "This contains a string representation of an integer
                 that is greater than or equal to zero. It indicates
                 that this release contains a set of features and/or
                 bug fixes that MUST be backwards-compatible. The
                 minor version Y (i.e., x.Y.z, where x > 0) MUST be
                 incremented if new, backwards-compatible changes are
                 introduced. It MUST be incremented if any features are
                 marked as deprecated. It MAY be incremented if new
                 functionality or improvements are introduced, and MAY
                 include patch level changes. The patch version number
                 MUST be reset to 0 when the minor version number is
                 incremented.";
      }

      leaf supa-policy-metadata-version-patch {
        type string;
        description
          "This contains a string representation of an integer
                 that is greater than or equal to zero. It indicates
                 that this version contains ONLY bug fixes. The patch
                 version Z (i.e., x.y.Z, where x > 0) MUST be
                 incremented if new, backwards-compatible changes are
                 introduced. A bug fix is defined as an internal change
                 that fixes incorrect behavior.";
      }

      leaf supa-policy-metadata-version-prerelease {
        type string;
        description
          "This contains a string that defines the pre-release
                 version. A pre-release version MAY be denoted by
                 appending a hyphen and a series of dot-separated
                 identifiers immediately following the patch version.
                 Identifiers MUST comprise only ASCII alphanumerics and
                 a hyphen. Identifiers MUST NOT be empty. Numeric
                 identifiers MUST NOT include leading zeroes.
                 Pre-release versions have a lower precedence than the
                 associated normal version. A pre-release version
                 indicates that the version is unstable and might not
                 satisfy the intended compatibility requirements as
                 denoted by its associated normal version. Examples
                 include: 1.0.0-alpha and 1.0.0-0.3.7.";
      }

      leaf supa-policy-metadata-version-build {
        type string;
        description
          "This contains a string that defines the metadata of
                 this build. Build metadata is optional. If present,
                 build metadata MAY be denoted by appending a plus
                 (+) sign to the version, followed by a series of
                 dot-separated identifiers. This may follow either
                 the patch or pre-release portions of the version.
                 If build metadata is present, then any identifiers
                 that it uses MUST be made up of only ASCII
                 alphanumerics and a hyphen. The identifier portion of
                 the build metadata MUST NOT be empty. Build metadata
                 SHOULD be ignored when determining version precedence.
                 Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1,
                 1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85.";
      }
    }  // grouping supa-policy-metadata-decorator-version-type

    container supa-policy-metadata-decorator-version-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyVersionMetadataDef.";
      list supa-policy-metadata-decorator-version-list {
        key "supa-policy-metadata-id";
        description
          "A list of all supa-policy-metadata-decorator-version
                instances in the system. Instances of subclasses
                will be in a separate list.";
        uses supa-policy-metadata-decorator-type;
      }  // list supa-policy-metadata-decorator-version-list
    }  // container supa-policy-metadata-decorator-version-container

    identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a
             SUPAHasPolicyMetadataDetail association class
             object instance.";
    }

    grouping supa-has-policy-metadata-detail {
      description
        "This is a concrete association class that defines the
             semantics of the SUPAHasPolicyMetadata association. This
             enables the attributes and relationships of the
             SUPAHasPolicyMetadataDetail class to be used to constrain
             which SUPAPolicyMetadata objects can be associated by
             this particular SUPAPolicyObject instance.";
      uses supa-policy-object-type {
        refine 
      }

      leaf supa-has-policy-metadata-detail-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-OBJECT-TYPE')";
        description
          "This leaf is an instance-identifier that references a
                 concrete subclass of the SUPAPolicyObject instance end
                 point of the aggregation represented by this instance
                 of the SUPAHasPolicyMetadata aggregation [1]. The
                 groupings supa-policy-object-type and
                 supa-policy-metadata-type represent the
                 SUPAPolicyObject and SUPAPolicyMetadata classes,
                 respectively. Thus, the instance identified by this
                 leaf is the SUPAPolicyObject instance that is
                 associated by this aggregation to the set of
                 SUPAPolicyMetadata instances referenced by the
                 supa-has-policy-metadata-detail-part-ptr leaf of
                 this grouping.";
      }

      leaf supa-has-policy-metadata-detail-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-METADATA-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 the SUPAPolicyMetadata instance end point of the
                 aggregation represented by this instance of the
                 SUPAHasPolicyMetadata aggregation [1]. The groupings
                 supa-policy-object-type and supa-policy-metadata-type
                 represent the SUPAPolicyObject and SUPAPolicyMetadata
                 classes, respectively. Thus, the instance
                 identified by this leaf is the SUPAPolicyMetadata
                 instance that is associated by this aggregation to
                 the set of SUPAPolicyObject instances referenced by
                 the supa-has-policy-metadata-detail-agg-ptr leaf of
                 this grouping.";
      }

      leaf supa-policy-metadata-detail-is-applicable {
        type boolean;
        description
          "This attribute controls whether the associated
                 metadata is currently considered applicable to this
                 SUPAPolicyObject; this enables metadata to be turned
                 on and off when needed without disturbing the
                 structure of the object that the metadata applies to,
                 or affecting other objects in the system.";
      }

      leaf-list supa-policy-metadata-detail-constraint {
        type string;
        description
          "A list of constraints, expressed as strings, in
                 the language defined by the
                 supa-policy-metadata-detail-encoding attribute.

                 If there are no constraints on using this
                 SUPAPolicyMetadata object with this particular
                 SUPAPolicyObject object, then this leaf-list will
                 consist of a list of a single null string.";
      }

      leaf supa-policy-metadata-detail-constraint-encoding {
        type identityref {
          base POLICY-CONSTRAINT-LANGUAGE-LIST;
        }
        description
          "The language in which the constraints on the
                SUPAHasPolicyMetadata aggregation is expressed.
                Examples include OCL 2.4 [2], Alloy [3], and
                English text.";
      }
    }  // grouping supa-has-policy-metadata-detail

    container supa-policy-metadata-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyMetadataDetail.";
      list supa-policy-metadata-detail-list {
        key "supa-policy-ID";
        description
          "This is a list of all supa-policy-metadata-detail
                instances in the system.  Instances of subclasses
                will be in a separate list. Note that this association
                class is made concrete for exemplary purposes.  To be
                useful, it almost certainly needs refinement.";
        uses supa-has-policy-metadata-detail;
      }  // list supa-policy-metadata-detail-list
    }  // container supa-policy-metadata-detail-container

    identity SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a
             SUPAPolicyClauseHasDecorator association class
             object instance.";
    }

    grouping supa-policy-clause-has-decorator-detail {
      description
        "This is a concrete association class that defines the
             semantics of the SUPAPolicyClauseHasDecorator
             aggregation.";
      leaf supa-policy-clause-has-decorator-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
        description
          "This leaf-list holds instance-identifiers that
                 reference a SUPAPolicyClauseHasDecorator aggregation
                 [1], and is represented by the grouping
                 supa-policy-clause-has-decorator-detail. This
                 aggregation describes how each SUPAPolicyClause
                 object instance is decorated (i.e., wrapped) by zero
                 or more SUPAPolicyClauseComponentDecorator object
                 instances. For example, this aggregation may restrict
                 which concrete subclasses of the
                 SUPAPolicyClauseComponentDecorator class can wrap
                 this particular contrete subclass of the
                 SUPAPolicyClause class. The set of SUPAPolicyClauses,
                 identified by this leaf-list, define the content of
                 this SUPAPolicyStructure that they are associated
                 with (via the SUPAHasPolicyClause aggregation).
                 Since this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-policy-clause-has-decorator-detail
                 (which includes subclasses of this association
                 class). Note that (concrete) subclasses of this
                 association class may also be used to further refine
                 the semantics of this aggregation.";
      }

      leaf supa-policy-clause-has-decorator-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')";
        description
          "This leaf holds instance-identifiers that
                 reference a SUPAPolicyClauseHasDecorator aggregation,
                 [1], and is represented by the grouping
                 supa-policy-clause-has-decorator-detail. This 
                 aggregation describes how each
                 SUPAPolicyClauseComponentDecorator object instance
                 wraps a given SUPAPolicyClause object instance. This
                 enables the behavior of a SUPAPolicyClause object
                 instance to be changed dynamically by attaching and/or
                 removing SUPAPolicyClauseComponentDecorator object
                 instances. Multiple SUPAPolicyClauseComponentDecorator
                 object instances instances may be attached to a
                 SUPAPolicyClause object instance that is referenced in
                 this aggregation by using the Decorator pattern [1].
                 Since this association class contains attributes, the
                 instance-identifier MUST point to an instance using
                 the grouping supa-policy-clause-has-decorator-detail.";
      }

      leaf-list supa-pol-clause-dec-constraint {
        type string;
        description
          "A constraint expression applying to this association
                 between a concrete subclase of SUPAPolicyClause and a
                 concrete subclass of
                 SUPAPolicyClauseComponentDecorator. This restricts
                 which types of SUPAPolicyClauseComponentDecorator
                 object instances can be aggregated by which types of
                 SUPAPolicyClause object instances. Constraints are
                 written in a constraint language specified by the
                 supa-pol-clause-dec-constraint-encoding attribute.";
      }

      leaf supa-pol-clause-dec-constraint-encoding {
        type identityref {
          base POLICY-CONSTRAINT-LANGUAGE-LIST;
        }
        description
          "The language in which the constraints on the
                SUPAPolicyClauseHasDecorator aggregation is expressed.
                Examples include OCL 2.4 [2], Alloy [3], and
                English text.";
      }
    }  // grouping supa-policy-clause-has-decorator-detail

    container supa-policy-clause-has-decorator-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyClauseHasDecoratorDetail.";
      list supa-policy-component-decorator-detail-list {
        key "supa-policy-ID";
        description
          "This is a list of all
                 supa-policy-component-decorator-details.";
        uses supa-has-decorator-policy-component-detail;
      }  // list supa-policy-component-decorator-detail-list
    }  // container supa-policy-clause-has-decorator-detail-container

    grouping supa-has-decorator-policy-component-detail {
      description
        "This is a concrete association class that defines the
             semantics of the SUPAHasDecoratedPolicyComponent
             association. The purpose of this class is to use the
             Decorator pattern [1] to detemine which
             SUPAPolicyComponentDecorator object instances, if any,
             are required to augment the functionality of a concrete
             subclass of SUPAPolicyClause that is being used.";
      uses supa-policy-object-type {
        refine 
      }

      leaf supa-has-policy-component-decorator-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-COMPONENT-DECORATOR-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 the SUPAPolicyComponentDecorator instance end point of
                 the association represented by this instance of the
                 SUPAHasDecoratedPolicyComponent association [1]. The
                 groupings supa-policy-component-decorator-type and
                 supa-policy-component-structure-type represent the
                 SUPAPolicyComponentDecorator and
                 SUPAPolicyComponentStructure classes, respectively.
                 Thus, the instance identified by this leaf is the
                 SUPAPolicyComponentDecorator instance that is
                 associated by this association to the set of
                 SUPAPolicyComponentStructure instances referenced by
                 the supa-has-policy-component-decorator-part-ptr leaf
                 of this grouping.";
      }

      leaf supa-has-policy-component-decorator-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-COMPONENT-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 the SUPAPolicyComponentStructure instance end point of
                 the association represented by this instance of the
                 SUPAHasDecoratedPolicyComponent association [1].
                 The groupings supa-policy-component-decorator-type and
                 supa-policy-component-structure-type represent the
                 SUPAPolicyComponentDecorator and
                 SUPAPolicyComponentStructure classes, respectively.
                 Thus, the instance identified by this leaf is the
                 SUPAPolicyComponentStructure instance that is
                 associated by this association to the set of
                 SUPAPolicyComponentStructure instances referenced by
                 the supa-has-policy-component-decorator-agg-ptr leaf
                 of this grouping.";
      }

      leaf-list supa-has-decorator-constraint {
        type string;
        description
          "A constraint expression applying to this association
                 between a SUPAPolicyClauseComponentDecorator and any
                 components that decorate it. The
                 supa-has-decorator-constraint-encoding attribute
                 specifies the language used to write the set of
                 constraint expressions.";
      }

      leaf supa-has-decorator-constraint-encoding {
        type identityref {
          base POLICY-CONSTRAINT-LANGUAGE-LIST;
        }
        description
          "The language in which the constraints on the
                SUPAHasDecoratedPolicyComponent aggregation is
                expressed. Examples include OCL 2.4 [2], Alloy [3],
                and English text.";
      }
    }  // grouping supa-has-decorator-policy-component-detail

    container supa-policy-component-decorator-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyComponentDecoratorDetail.";
      list supa-policy-component-decorator-detail-list {
        key "supa-policy-ID";
        description
          "This is a list of all
                 supa-policy-component-decorator-details.";
        uses supa-has-decorator-policy-component-detail;
      }  // list supa-policy-component-decorator-detail-list
    }  // container supa-policy-component-decorator-detail-container

    identity SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a
             SUPAHasDecoratedPolicyComponent association
             object instance.";
    }

    identity SUPA-HAS-POLICY-SOURCE-ASSOC {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a SUPAHasPolicySource
             association class object instance.";
    }

    grouping supa-has-policy-source-detail {
      description
        "This is an association class, and defines the semantics of
             the SUPAHasPolicySource association. The attributes and
             relationships of this class can be used to define which
             SUPAPolicySource objects can be attached to which
             particular set of SUPAPolicyStructure objects. Note that a
             SUPAPolicySource object is NOT responsible for evaluating
             or executing SUPAPolicies; rather, it identifies the set
             of entities that are responsible for managing this
             SUPAPolicySource object. Its primary uses are for
             auditability, as well as processing deontic logic. This
             object represents the semantics of associating a
             SUPAPolicySource to a SUPAPolicyTarget.";
      uses supa-policy-object-type {
        refine 
      }

      leaf supa-has-policy-source-detail-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-STRUCTURE-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicyStructure instance end point of the
                 association represented by this instance of the
                 SUPAHasPolicySource association [1]. The grouping
                 supa-has-policy-source-detail represents the
                 SUPAHasPolicySourceDetail class. Thus, the instance
                 identified by this leaf is the SUPAPolicyStructure
                 instance that is associated by this association to the
                 SUPAPolicySource instance referenced by the
                 supa-has-policy-source-detail-part-ptr leaf of
                 this grouping.";
      }

      leaf supa-has-policy-source-detail-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                   'POLICY-SOURCE-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicySource instance end point of the
                 association represented by this instance of the
                 SUPAHasPolicySource association [1]. The grouping
                 supa-has-policy-source-detail represents the
                 SUPAHasPolicySourceDetail class. Thus, the instance
                 identified by this leaf is the SUPAPolicySource
                 instance that is associated by this association to the
                 SUPAPolicyStructure instance referenced by the
                 supa-has-policy-source-detail-agg-ptr leaf of
                 this grouping.";
      }

      leaf supa-policy-source-is-authenticated {
        type boolean;
        description
          "If the value of this attribute is true, then this
                 SUPAPolicySource object has been authenticated by
                 a policy engine or application that is executing this
                 particular SUPAPolicyStructure object.";
      }

      leaf supa-policy-source-is-trusted {
        type boolean;
        description
          "If the value of this attribute is true, then this
                 SUPAPolicySource object has been verified to be
                 trusted by a policy engine or application that is
                 executing this particular SUPAPolicyStructure object.";
      }
    }  // grouping supa-has-policy-source-detail

    container supa-policy-source-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicySourceDetail.";
      list supa-policy-source-detail-list {
        key "supa-policy-ID";
        description
          "This is a list of all supa-policy-source-detail
                 objects.";
        uses supa-has-policy-source-detail;
      }  // list supa-policy-source-detail-list
    }  // container supa-policy-source-detail-container

    identity SUPA-HAS-POLICY-TARGET-ASSOC {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a SUPAHasPolicyTarget
             association class object instance.";
    }

    grouping supa-has-policy-target-detail {
      description
        "This is an association class, and defines the semantics of
             the SUPAHasPolicyTarget association. The attributes and
             relationships of this class can be used to define which
             SUPAPolicyTarget objects can be attached to which
             particular set of SUPAPolicyStructure objects. Note that a
             SUPAPolicyTarget is used to identify a set of managed
             entities to which a SUPAPolicy should be applied; this
             object represents the semantics of applying a SUPAPolicy
             to a SUPAPolicyTarget.";
      uses supa-policy-object-type {
        refine 
      }

      leaf supa-has-policy-target-detail-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                   'POLICY-STRUCTURE-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicyStructure instance end point of the
                 association represented by this instance of the
                 SUPAHasPolicyTarget association [1]. The grouping
                 supa-has-policy-target-detail represents the
                 SUPAHasPolicyTargetDetail class. Thus, the instance
                 identified by this leaf is the SUPAPolicyStructure
                 instance that is associated by this association to the
                 SUPAPolicyTarget instance referenced by the
                 supa-has-policy-target-detail-part-ptr leaf of
                 this grouping.";
      }

      leaf supa-has-policy-target-detail-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                   'POLICY-TARGET-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicyTarget instance end point of the
                 association represented by this instance of the
                 SUPAHasPolicyTarget association [1]. The grouping
                 supa-has-policy-target-detail represents the
                 SUPAHasPolicyTargetDetail class. Thus, the instance
                 identified by this leaf is the SUPAPolicyTarget
                 instance that is associated by this association to the
                 SUPAPolicyStructure instance referenced by the
                 supa-has-policy-target-detail-agg-ptr leaf of
                 this grouping.";
      }

      leaf supa-policy-target-is-authenticated {
        type boolean;
        description
          "If the value of this attribute is true, then this
                 SUPAPolicyTarget object has been authenticated by
                 a policy engine or application that is executing this
                 particular SUPAPolicyStructure object.";
      }

      leaf supa-policy-target-is-enabled {
        type boolean;
        description
          "If the value of this attribute is true, then each
                 SUPAPolicyTarget object that is referenced by this
                 SUPAHasPolicyTarget aggregation is able to be used as
                 a SUPAPolicyTarget by the SUPAPolicyStructure object
                 that is referenced by this SUPAHasPolicyTarget
                 aggregation. This means that this SUPAPolicyTarget has
                 agreed to: 1) have SUPAPolicies applied to it, and 2)
                 process (directly or with the aid of a proxy) one or
                 more SUPAPolicies, or receive the results of a
                 processed SUPAPolicy and apply those results to
                 itself.";
      }
    }  // grouping supa-has-policy-target-detail

    container supa-policy-target-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyTargetDetail.";
      list supa-policy-target-detail-list {
        key "supa-policy-ID";
        description
          "This is a list of all supa-policy-target-detail
                 objects.";
        uses supa-has-policy-target-detail;
      }  // list supa-policy-target-detail-list
    }  // container supa-policy-target-detail-container

    identity SUPA-HAS-POLICY-METADATA-ASSOC {
      base POLICY-METADATA-TYPE;
      description
        "The identity corresponding to a SUPAHasPolicyMetadata
             association class object instance.";
    }

    identity SUPA-HAS-POLICY-CLAUSE-ASSOC {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a SUPAHasPolicyClause
             association class object instance.";
    }

    grouping supa-has-policy-clause-detail {
      description
        "This is an association class, and defines the semantics of
             the SUPAHasPolicyClause association. The attributes and
             relationships of this class can be used to define which
             SUPAPolicyTarget objects can be used by which particular
             set of SUPAPolicyStructure objects. Every
             SUPAPolicyStructure instance MUST aggregate at
             least one SUPAPolicyClause instance. However, the
             converse is NOT true. For example, a SUPAPolicyStructure
             instance MUST aggregate at least one SUPAPolicyClause
             instance. However, a SUPAPolicyClause object could be
             instantiated and then stored for later use in a policy
             repository.";
      uses supa-policy-object-type {
        refine 
      }

      leaf-list supa-has-policy-clause-detail-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                   'POLICY-STRUCTURE-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a concrete subclass of the SUPAPolicyStructure class
                 end point of the association represented by this
                 instance of the SUPAHasPolicyClause association [1].
                 The grouping supa-has-policy-clause-detail represents
                 the SUPAHasPolicyClauseDetail association class. Thus,
                 the instance identified by this leaf is the
                 SUPAPolicyStructure instance that is associated by
                 this association to the set of SUPAPolicyClause
                 instances referenced by the
                 supa-has-policy-clause-detail-part-ptr leaf of this
                 grouping.";
      }

      leaf supa-has-policy-clause-detail-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-CLAUSE-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a concrete subclass of the SUPAPolicyClause class
                 end point of the association represented by this
                 instance of the SUPAHasPolicyClause association [1].
                 The grouping supa-has-policy-clause-detail represents
                 the SUPAHasPolicyClauseDetail association class. Thus,
                 the instance identified by this leaf is the
                 SUPAPolicyClause instance that is associated by this
                 association to the set of SUPAPolicyStructure
                 instances referenced by the
                 supa-has-policy-clause-detail-agg-ptr leaf of this
                 grouping.";
      }
    }  // grouping supa-has-policy-clause-detail

    container supa-policy-clause-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolicyClauseDetail.";
      list supa-policy-clause-detail-list {
        key "supa-policy-ID";
        description
          "This is a list of all supa-policy-clause-detail
                 objects.";
        uses supa-has-policy-clause-detail;
      }  // list supa-policy-clause-detail-list
    }  // container supa-policy-clause-detail-container

    identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC {
      base POLICY-OBJECT-TYPE;
      description
        "The identity corresponding to a
             SUPAHasPolExecFailActionToTake association class
             object instance.";
    }

    grouping supa-has-policy-exec-action-detail {
      description
        "This is an association class, and defines the semantics of
             the SUPAHasPolExecFailTakeAction association. The
             attributes and relationships of this class can be used to
             determine which SUPAPolicyAction objects are executed in
             response to a failure of the SUPAPolicyStructure object
             instance that owns this association.";
      uses supa-policy-object-type {
        refine 
      }

      leaf supa-has-exec-fail-action-detail-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-STRUCTURE-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicyStructure instance end point of the
                 association represented by this instance of the
                 SUPAHasPolExecFailActionToTake association [1] that
                 was executing a SUPAPolicy. This SUPAPolicyStructure
                 is referred to as the 'parent' SUPAPolicyStructure
                 instance, while the other instance end point of this
                 association is called the 'child' SUPAPolicyStructure.
                 The grouping supa-policy-structure-type represents the
                 SUPAPolicyStructure class. Thus, the instance
                 identified by this leaf is the parent
                 SUPAPolicyStructure instance that is associated by this
                 association to the child SUPAPolicyStructure instance
                 referenced by the
                 supa-has-exec-fail-action-detail-part-ptr leaf of this
                 grouping.";
      }

      leaf supa-has-exec-fail-action-detail-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-STRUCTURE-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicyStructure instance end point of the
                 association represented by this instance of the
                 SUPAHasPolExecFailActionToTake association [1] that
                 was NOT currently executing a SUPAPolicy. This
                 SUPAPolicyStructure is referred to as the 'child'
                 SUPAPolicyStructure instance, while the other instance
                 end point of this association is called the 'parent'
                 SUPAPolicyStructure. The grouping
                 supa-policy-structure-type represents the
                 SUPAPolicyStructure class. Thus, the instance
                 identified by this leaf is the child
                 SUPAPolicyStructure instance that is associated by
                 this association to the child SUPAPolicyStructure
                 instance referenced by the
                 supa-has-exec-fail-action-detail-part-ptr leaf of
                 this grouping.";
      }

      leaf-list supa-policy-exec-fail-take-action-name {
        type string;
        description
          "This is a list that contains the set of names for
                 SUPAPolicyActions to use if the SUPAPolicyStructure
                 object that owns this association failed to execute
                 properly. This association defines a set of child
                 SUPAPolicyStructure objects to use if this (the parent)
                 SUPAPolicyStructure object fails to execute correctly.

                 Each child SUPAPolicyStructure object has one or more
                 SUPAPolicyActions; this attribute defines the name(s)
                 of each SUPAPolicyAction in each child
                 SUPAPolicyStructure that should be used to try and
                 remediate the failure.";
      }
    }  // grouping supa-has-policy-exec-action-detail

    container supa-policy-exec-fail-take-action-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAPolExecFailActionToTakeDetail.";
      list supa-policy-exec-fail-take-action-detail-list {
        key "supa-policy-ID";
        description
          "This is a list of all
                 supa-has-policy-exec-action-detail objects.";
        uses supa-has-policy-exec-action-detail;
      }  // list supa-policy-exec-fail-take-action-detail-list
    }  // container supa-policy-exec-fail-take-action-detail-container

    identity SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC {
      base POLICY-METADATA-TYPE;
      description
        "The identity corresponding to a
             SUPAHasMetadataDecoratorDetail association class
             object instance.";
    }

    grouping supa-has-policy-metadata-dec-detail {
      description
        "This is an association class, and defines the semantics of
             the SUPAHasMetadataDecorator association. The attributes
             and relationships of this class can be used to define which
             concrete subclasses of the SUPAPolicyMetadataDecorator
             class can be used to wrap which concrete subclasses of the
             SUPAPolicyMetadata class.";
      uses supa-policy-metadata-type {
        refine 
      }

      leaf supa-has-policy-metadata-detail-dec-agg-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                   'POLICY-METADATA-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicyMetadataDecorator instance end point of
                 the association represented by this instance of the
                 SUPAHasMetadataDecorator association [1]. The
                 grouping supa-has-policy-metadata-detail represents
                 the SUPAHasMetadataDecoratorDetail association class.
                 Thus, the instance identified by this leaf is the
                 SUPAPolicyMetadataDecorator instance that is
                 associated by this association to the set of
                 SUPAPolicyMetadata instances referenced by the
                 supa-has-policy-metadata-detail-dec-part-ptr leaf of
                 this grouping.";
      }

      leaf supa-has-policy-metadata-detail-dec-part-ptr {
        type instance-identifier;
        must
          "derived-from-or-self (deref(.)/entity-class,
                  'POLICY-METADATA-TYPE')";
        description
          "This leaf is an instance-identifier that references
                 a SUPAPolicyMetadata instance end point of the
                 association represented by this instance of the
                 SUPAHasMetadataDecorator association [1]. The
                 grouping supa-has-policy-metadata-detail represents
                 the SUPAHasMetadataDecoratorDetail association class.
                 Thus, the instance identified by this leaf is the
                 SUPAPolicyMetadata instance that is associated by
                 this association to the set of
                 SUPAPolicyMetadataDecorator instances referenced by
                 the supa-has-policy-metadata-detail-dec-agg-ptr leaf
                 of this grouping.";
      }
    }  // grouping supa-has-policy-metadata-dec-detail

    container supa-policy-metadata-decorator-detail-container {
      description
        "This is a container to collect all object instances of
             type SUPAHasMetadaDecoratorDetail.";
      list supa-policy-metadata-decorator-detail-list {
        key "supa-policy-metadata-id";
        description
          "This is a list of all supa-policy-metadata-detail
                 objects.";
        uses supa-has-policy-metadata-dec-detail;
      }  // list supa-policy-metadata-decorator-detail-list
    }  // container supa-policy-metadata-decorator-detail-container
  }  // module ietf-supa-policy

Summary

  
  
Organization IETF
  
Module ietf-supa-policy
Version 2017-06-16
File ietf-supa-policy@2017-06-16.yang
  
Prefix supa-pdm
Namespace urn:ietf:params:xml:ns:yang:ietf-supa-policy
  
Cooked /cookedmodules/ietf-supa-policy/2017-06-16
YANG /src/ietf-supa-policy@2017-06-16.yang
XSD /xsd/ietf-supa-policy@2017-06-16.xsd
  
Abstract This module defines a data model for generic high level definition of policies to be applied to a network. This module is deri...
  
Contact
Editor: Joel Halpern
email: jmh@joelhalpern.com;
Editor: John Strassner
email: strazpdj@gmail.com;

Description

 
This module defines a data model for generic high level
definition of policies to be applied to a network.
This module is derived from, and aligns with,
draft-ietf-supa-generic-policy-info-model-03. Details on all
classes, associations, and attributes can be found there.
Copyright (c) 2015 IETF Trust and the persons identified
as the document authors.  All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).

Groupings

Grouping Objects Abstract
supa-encoded-clause-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-deploy-status supa-has-policy-clause-part-ptr supa-policy-clause-has-decorator-agg-ptrsupa-encoded-clause-content supa-encoded-clause-language This class refines the behavior of the supa-policy-clause by encoding the contents of the clause into the attributes of this object. This enables clauses that are not based on other SUPA objects to be modeled. For example, a POLICY Application could defin...
supa-has-decorator-policy-component-detail entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-component-decorator-agg-ptr supa-has-policy-component-decorator-part-ptr supa-has-decorator-constraint supa-has-decorator-constraint-encoding This is a concrete association class that defines the semantics of the SUPAHasDecoratedPolicyComponent association. The purpose of this class is to use the Decorator pattern [1] to detemine which SUPAPolicyComponentDecorator object instances, if any, are ...
supa-has-policy-clause-detail entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-clause-detail-agg-ptr supa-has-policy-clause-detail-part-ptr This is an association class, and defines the semantics of the SUPAHasPolicyClause association. The attributes and relationships of this class can be used to define which SUPAPolicyTarget objects can be used by which particular set of SUPAPolicyStructure ...
supa-has-policy-exec-action-detail entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-exec-fail-action-detail-agg-ptr supa-has-exec-fail-action-detail-part-ptr supa-policy-exec-fail-take-action-name This is an association class, and defines the semantics of the SUPAHasPolExecFailTakeAction association. The attributes and relationships of this class can be used to determine which SUPAPolicyAction objects are executed in response to a failure of the SU...
supa-has-policy-metadata-dec-detail entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptrsupa-has-policy-metadata-detail-dec-agg-ptr supa-has-policy-metadata-detail-dec-part-ptr This is an association class, and defines the semantics of the SUPAHasMetadataDecorator association. The attributes and relationships of this class can be used to define which concrete subclasses of the SUPAPolicyMetadataDecorator class can be used to wra...
supa-has-policy-metadata-detail entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-metadata-detail-agg-ptr supa-has-policy-metadata-detail-part-ptr supa-policy-metadata-detail-is-applicable supa-policy-metadata-detail-constraint supa-policy-metadata-detail-constraint-encoding This is a concrete association class that defines the semantics of the SUPAHasPolicyMetadata association. This enables the attributes and relationships of the SUPAHasPolicyMetadataDetail class to be used to constrain which SUPAPolicyMetadata objects can b...
supa-has-policy-source-detail entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-source-detail-agg-ptr supa-has-policy-source-detail-part-ptr supa-policy-source-is-authenticated supa-policy-source-is-trusted This is an association class, and defines the semantics of the SUPAHasPolicySource association. The attributes and relationships of this class can be used to define which SUPAPolicySource objects can be attached to which particular set of SUPAPolicyStruct...
supa-has-policy-target-detail entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-target-detail-agg-ptr supa-has-policy-target-detail-part-ptr supa-policy-target-is-authenticated supa-policy-target-is-enabled This is an association class, and defines the semantics of the SUPAHasPolicyTarget association. The attributes and relationships of this class can be used to define which SUPAPolicyTarget objects can be attached to which particular set of SUPAPolicyStruct...
supa-policy-clause-component-decorator-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding This object implements the Decorator pattern [1], which enables all or part of one or more concrete objects to wrap another concrete object. The set of decorated objects is then wrapped by a concrete subclass of the SUPAPolicyClause object, which enables ...
supa-policy-clause-has-decorator-detail supa-policy-clause-has-decorator-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-pol-clause-dec-constraint supa-pol-clause-dec-constraint-encoding This is a concrete association class that defines the semantics of the SUPAPolicyClauseHasDecorator aggregation.
supa-policy-clause-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-policy-clause-deploy-status supa-has-policy-clause-part-ptr supa-policy-clause-has-decorator-agg-ptr The parent class for all SUPA Policy Clauses. A SUPAPolicyClause is a fundamental building block for creating SUPA Policies. A SUPAPolicy is a set of statements, and a SUPAPolicyClause can be thought of as all or part of a statement. The Decorator pattern...
supa-policy-component-decorator-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encodingsupa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding This object implements the Decorator pattern [1], which enables all or part of one or more concrete objects of the SUPAPolicyClauseComponentDecorator class to create a set of wrapped objects that are in turn aggregated by a SUPAPolicyClause object. This e...
supa-policy-component-structure-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr This represents the SUPAPolicyComponent class [1], which is the superclass for all objects that represent different components of a Policy. Important subclasses include the SUPAPolicyClause and the SUPAPolicyClauseComponentDecorator. SUPAPolicyClause is u...
supa-policy-concrete-metadata-type entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptrsupa-policy-metadata-valid-period-end supa-policy-metadata-valid-period-start This is a concrete class that will be wrapped by concrete instances of the SUPA Policy Metadata Decorator class. It can be viewed as a container for metadata that will be attached to a subclass of SUPA Policy Object. It may contain all or part of one or m...
supa-policy-generic-decorated-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encodingsupa-policy-generic-decorated-content supa-policy-generic-decorated-encoding This class enables a generic object to be defined and used as a decorator in a SUPA Policy Clause. This class should not be confused with the SUPAEncodedClause class. A SUPAGenericDecoratedComponent object represents a single, atomic object that defines a...
supa-policy-metadata-decorator-access-type entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptr supa-has-policy-metadata-dec-agg-ptrsupa-policy-metadata-access-priv-def supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-ref This is a concrete class that defines metadata for access control information that can be added to any SUPAPolicyObject object instance. This is done using the SUPAHasPolicyMetadata association in conjunction with the Decorator pattern [1].
supa-policy-metadata-decorator-type entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptrsupa-has-policy-metadata-dec-agg-ptr This object implements the Decorator pattern [1] for all SUPA metadata objects. This enables all or part of one or more metadata objects to wrap another concrete metadata object. The only concrete subclass of SUPAPolicyMetadata in this document is SUPAPol...
supa-policy-metadata-decorator-version-type entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptr supa-has-policy-metadata-dec-agg-ptrsupa-policy-metadata-version-major supa-policy-metadata-version-minor supa-policy-metadata-version-patch supa-policy-metadata-version-prerelease supa-policy-metadata-version-build This is a concrete class that defines metadata for version control information that can be added to any SUPAPolicyObject. This is done using the SUPAHasPolicyMetadata association. This class uses the Semantic Versioning Specification [6] as follows: <ma...
supa-policy-metadata-type entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptr This is the superclass of all metadata classes. Metadata is information that describes and/or prescribes the characteristics and behavior of another object that is not an inherent, distinguishing characteristics or behavior of that object.
supa-policy-object-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr This represents the SUPAPolicyObject [1] class. It is the superclass for all SUPA Policy objects (i.e., all objects that are either Policies or components of Policies). Note that SUPA Policy Metadata objects are NOT subclassed from this class; they are in...
supa-policy-operator-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding supa-policy-term-is-negatedsupa-policy-value-op-type This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyT...
supa-policy-source-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-source-part-ptr This object defines a set of managed entities that authored, or are otherwise responsible for, this SUPAPolicy. Note that a SUPAPolicySource does NOT evaluate or execute SUPAPolicies. Its primary use is for auditability and the implementation of deontic l...
supa-policy-structure-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-policy-admin-status supa-policy-continuum-level supa-policy-deploy-status supa-policy-exec-fail-strategy supa-has-policy-source-agg-ptr supa-has-policy-target-agg-ptr supa-has-policy-clause-agg-ptr supa-has-policy-exec-fail-action-agg-ptr supa-has-policy-exec-fail-action-part-ptr A superclass for all objects that represent different types of SUPAPolicies. Currently, this is limited to a single type, which is the event-condition-action (ECA) Policy Rule. A SUPA Policy may be an individual policy, or a set of policies. Subclasses MA...
supa-policy-target-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-target-part-ptr This object defines a set of managed entities that a SUPAPolicy is applied to. It is expected that this grouping will be extended (i.e., subclassed) when used, so that the system can add specific information appropriate to policy targets of that particul...
supa-policy-term-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encodingsupa-policy-term-is-negated This is the superclass of all SUPA policy objects that are used to test or set the value of a variable. It does this by defining a {variable-operator-value} three-tuple, where each element of the three-tuple is defined by a concrete subclass of the approp...
supa-policy-value-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding supa-policy-term-is-negatedsupa-policy-value-content supa-policy-value-encoding This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyT...
supa-policy-variable-type entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding supa-policy-term-is-negatedsupa-policy-variable-name This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyT...

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
supa-encoding-clause-container container This is a container to collect all object instances of type SUPAEncodedClause.
   supa-encoding-clause-list list A list of all instances of supa-encoding-clause-type. If a module defines subclasses of the encoding clause, those will be stored in a separate container.
      entity-class leaf The identifier of the class of this grouping.
      supa-encoded-clause-content leaf This defines the content of this SUPAEncodedClause. Since the target is YANG, the supaEncodedClauseEncoding attribute is NOT required, and therefore, not mapped.
      supa-encoded-clause-language leaf Indicates the language used for this SUPAEncodedClause object instance. Prescriptive and/or descriptive information about the usage of this SUPAEncodedClause may be provided by one or more SUPAPolicyMetadata objects, which are each attached to the object ...
      supa-has-policy-clause-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyClause aggregation [1], and is represented by the grouping supa-has-policy-clause-detail. This aggregation describes how each SUPAPolicyClause instance is related to this particular S...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-policy-clause-deploy-status leaf This defines whether this SUPAPolicy has been deployed and, if so, whether it is enabled and ready to be used or not.
      supa-policy-clause-has-decorator-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClause object instance is de...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-clause-detail-container container This is a container to collect all object instances of type SUPAPolicyClauseDetail.
   supa-policy-clause-detail-list list This is a list of all supa-policy-clause-detail objects.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-clause-detail-agg-ptr leaf-list This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyStructure class end point of the association represented by this instance of the SUPAHasPolicyClause association [1]. The grouping supa-has-policy-clause-detail repre...
      supa-has-policy-clause-detail-part-ptr leaf This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyClause class end point of the association represented by this instance of the SUPAHasPolicyClause association [1]. The grouping supa-has-policy-clause-detail represen...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-clause-has-decorator-detail-container container This is a container to collect all object instances of type SUPAPolicyClauseHasDecoratorDetail.
   supa-policy-component-decorator-detail-list list This is a list of all supa-policy-component-decorator-details.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-decorator-constraint leaf-list A constraint expression applying to this association between a SUPAPolicyClauseComponentDecorator and any components that decorate it. The supa-has-decorator-constraint-encoding attribute specifies the language used to write the set of constraint expressi...
      supa-has-decorator-constraint-encoding leaf The language in which the constraints on the SUPAHasDecoratedPolicyComponent aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-has-policy-component-decorator-agg-ptr leaf This leaf is an instance-identifier that references the SUPAPolicyComponentDecorator instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t...
      supa-has-policy-component-decorator-part-ptr leaf This leaf is an instance-identifier that references the SUPAPolicyComponentStructure instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-component-decorator-detail-container container This is a container to collect all object instances of type SUPAPolicyComponentDecoratorDetail.
   supa-policy-component-decorator-detail-list list This is a list of all supa-policy-component-decorator-details.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-decorator-constraint leaf-list A constraint expression applying to this association between a SUPAPolicyClauseComponentDecorator and any components that decorate it. The supa-has-decorator-constraint-encoding attribute specifies the language used to write the set of constraint expressi...
      supa-has-decorator-constraint-encoding leaf The language in which the constraints on the SUPAHasDecoratedPolicyComponent aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-has-policy-component-decorator-agg-ptr leaf This leaf is an instance-identifier that references the SUPAPolicyComponentDecorator instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t...
      supa-has-policy-component-decorator-part-ptr leaf This leaf is an instance-identifier that references the SUPAPolicyComponentStructure instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-concrete-metadata-container container This is a container to collect all object instances of type SUPAPolicyConcreteMetadata.
   supa-policy-concrete-metadata-list list A list of all supa-policy-metadata instances in the system.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-dec-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w...
      supa-has-policy-metadata-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres...
      supa-policy-metadata-description leaf This contains a free-form textual description of this metadata object (e.g., what it may be used for).
      supa-policy-metadata-id leaf This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP...
      supa-policy-metadata-name leaf This contains a human-readable name for this metadata object.
      supa-policy-metadata-valid-period-end leaf This defines the ending date and time that this metadata object is valid for.
      supa-policy-metadata-valid-period-start leaf This defines the starting date and time that this metadata object is valid for.
supa-policy-exec-fail-take-action-detail-container container This is a container to collect all object instances of type SUPAPolExecFailActionToTakeDetail.
   supa-policy-exec-fail-take-action-detail-list list This is a list of all supa-has-policy-exec-action-detail objects.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-exec-fail-action-detail-agg-ptr leaf This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolExecFailActionToTake association [1] that was executing a SUPAPolicy. This SUPAPolicyStructure is...
      supa-has-exec-fail-action-detail-part-ptr leaf This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolExecFailActionToTake association [1] that was NOT currently executing a SUPAPolicy. This SUPAPoli...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-policy-exec-fail-take-action-name leaf-list This is a list that contains the set of names for SUPAPolicyActions to use if the SUPAPolicyStructure object that owns this association failed to execute properly. This association defines a set of child SUPAPolicyStructure objects to use if this (the par...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-generic-decorated-container container This is a container to collect all object instances of type SUPAGenericDecoratedComponent.
   supa-encoding-clause-list list List of all instances of supa-policy-generic-decorated-type. If a module defines subclasses of this class, those will be stored in a separate container.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-decorated-policy-component-agg-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc...
      supa-has-decorated-policy-component-part-ptr leaf This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-pol-clause-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ...
      supa-pol-clause-constraint-encoding leaf The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-pol-comp-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object...
      supa-pol-comp-constraint-encoding leaf The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-policy-clause-has-decorator-part-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object...
      supa-policy-generic-decorated-content leaf-list The content of this SUPAGenericDecoratedComponent object instance. The data type of this attribute is specified in the leaf supa-policy-generic-decorated-encoding.
      supa-policy-generic-decorated-encoding leaf The datatype of the supa-policy-generic-decorated-content attribute.
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-metadata-decorator-access-container container This is a container to collect all object instances of type SUPAPolicyAccessMetadataDef.
   supa-policy-metadata-decorator-access-list list A list of all supa-policy-metadata-decorator-access instances in the system. Instances of subclasses will be in a separate list.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-dec-agg-ptr leaf This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w...
      supa-has-policy-metadata-dec-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w...
      supa-has-policy-metadata-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres...
      supa-policy-metadata-description leaf This contains a free-form textual description of this metadata object (e.g., what it may be used for).
      supa-policy-metadata-id leaf This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP...
      supa-policy-metadata-name leaf This contains a human-readable name for this metadata object.
supa-policy-metadata-decorator-detail-container container This is a container to collect all object instances of type SUPAHasMetadaDecoratorDetail.
   supa-policy-metadata-decorator-detail-list list This is a list of all supa-policy-metadata-detail objects.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-dec-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w...
      supa-has-policy-metadata-detail-dec-agg-ptr leaf This leaf is an instance-identifier that references a SUPAPolicyMetadataDecorator instance end point of the association represented by this instance of the SUPAHasMetadataDecorator association [1]. The grouping supa-has-policy-metadata-detail represents t...
      supa-has-policy-metadata-detail-dec-part-ptr leaf This leaf is an instance-identifier that references a SUPAPolicyMetadata instance end point of the association represented by this instance of the SUPAHasMetadataDecorator association [1]. The grouping supa-has-policy-metadata-detail represents the SUPAHa...
      supa-has-policy-metadata-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres...
      supa-policy-metadata-description leaf This contains a free-form textual description of this metadata object (e.g., what it may be used for).
      supa-policy-metadata-id leaf This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP...
      supa-policy-metadata-name leaf This contains a human-readable name for this metadata object.
supa-policy-metadata-decorator-version-container container This is a container to collect all object instances of type SUPAPolicyVersionMetadataDef.
   supa-policy-metadata-decorator-version-list list A list of all supa-policy-metadata-decorator-version instances in the system. Instances of subclasses will be in a separate list.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-dec-agg-ptr leaf This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w...
      supa-has-policy-metadata-dec-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w...
      supa-has-policy-metadata-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres...
      supa-policy-metadata-description leaf This contains a free-form textual description of this metadata object (e.g., what it may be used for).
      supa-policy-metadata-id leaf This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP...
      supa-policy-metadata-name leaf This contains a human-readable name for this metadata object.
supa-policy-metadata-detail-container container This is a container to collect all object instances of type SUPAPolicyMetadataDetail.
   supa-policy-metadata-detail-list list This is a list of all supa-policy-metadata-detail instances in the system. Instances of subclasses will be in a separate list. Note that this association class is made concrete for exemplary purposes. To be useful, it almost certainly needs refinement.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-has-policy-metadata-detail-agg-ptr leaf This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyObject instance end point of the aggregation represented by this instance of the SUPAHasPolicyMetadata aggregation [1]. The groupings supa-policy-object-type and supa...
      supa-has-policy-metadata-detail-part-ptr leaf This leaf is an instance-identifier that references the SUPAPolicyMetadata instance end point of the aggregation represented by this instance of the SUPAHasPolicyMetadata aggregation [1]. The groupings supa-policy-object-type and supa-policy-metadata-type...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-metadata-detail-constraint leaf-list A list of constraints, expressed as strings, in the language defined by the supa-policy-metadata-detail-encoding attribute. If there are no constraints on using this SUPAPolicyMetadata object with this particular SUPAPolicyObject object, then this leaf-l...
      supa-policy-metadata-detail-constraint-encoding leaf The language in which the constraints on the SUPAHasPolicyMetadata aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-policy-metadata-detail-is-applicable leaf This attribute controls whether the associated metadata is currently considered applicable to this SUPAPolicyObject; this enables metadata to be turned on and off when needed without disturbing the structure of the object that the metadata applies to, or ...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-operator-container container This is a container to collect all object instances of type SUPAPolicyOperator.
   supa-policy-operator-list list List of all instances of supa-policy-operator-type. If a module defines subclasses of this class, those will be stored in a separate container.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-decorated-policy-component-agg-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc...
      supa-has-decorated-policy-component-part-ptr leaf This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-pol-clause-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ...
      supa-pol-clause-constraint-encoding leaf The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-pol-comp-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object...
      supa-pol-comp-constraint-encoding leaf The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-policy-clause-has-decorator-part-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
      supa-policy-term-is-negated leaf If the value of this attribute is true, then this particular term is negated.
      supa-policy-value-op-type leaf The type of operator used to compare the variable and value portions of this SUPAPolicyTerm.
supa-policy-source-container container This is a container to collect all object instances of type SUPAPolicySource.
   supa-policy-source-list list A list of all supa-policy-source instances in the system.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-has-policy-source-part-ptr leaf-list This leaf-list holds the instance-identifiers that reference a SUPAHasPolicySource association [1], which is represented by the supa-has-policy-source-detail grouping. This association describes how each SUPAPolicySource instance is related to this partic...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-source-detail-container container This is a container to collect all object instances of type SUPAPolicySourceDetail.
   supa-policy-source-detail-list list This is a list of all supa-policy-source-detail objects.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-has-policy-source-detail-agg-ptr leaf This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolicySource association [1]. The grouping supa-has-policy-source-detail represents the SUPAHasPolic...
      supa-has-policy-source-detail-part-ptr leaf This leaf is an instance-identifier that references a SUPAPolicySource instance end point of the association represented by this instance of the SUPAHasPolicySource association [1]. The grouping supa-has-policy-source-detail represents the SUPAHasPolicySo...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
      supa-policy-source-is-authenticated leaf If the value of this attribute is true, then this SUPAPolicySource object has been authenticated by a policy engine or application that is executing this particular SUPAPolicyStructure object.
      supa-policy-source-is-trusted leaf If the value of this attribute is true, then this SUPAPolicySource object has been verified to be trusted by a policy engine or application that is executing this particular SUPAPolicyStructure object.
supa-policy-target-container container This is a container to collect all object instances of type SUPAPolicyTarget.
   supa-policy-target-list list A list of all supa-policy-target instances in the system.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-has-policy-target-part-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyTarget association. This is represented by the supa-has-policy-target-detail grouping. This association describes how each SUPAPolicyTarget instance is related to a particular SUPAPol...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
supa-policy-target-detail-container container This is a container to collect all object instances of type SUPAPolicyTargetDetail.
   supa-policy-target-detail-list list This is a list of all supa-policy-target-detail objects.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-has-policy-target-detail-agg-ptr leaf This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolicyTarget association [1]. The grouping supa-has-policy-target-detail represents the SUPAHasPolic...
      supa-has-policy-target-detail-part-ptr leaf This leaf is an instance-identifier that references a SUPAPolicyTarget instance end point of the association represented by this instance of the SUPAHasPolicyTarget association [1]. The grouping supa-has-policy-target-detail represents the SUPAHasPolicyTa...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
      supa-policy-target-is-authenticated leaf If the value of this attribute is true, then this SUPAPolicyTarget object has been authenticated by a policy engine or application that is executing this particular SUPAPolicyStructure object.
      supa-policy-target-is-enabled leaf If the value of this attribute is true, then each SUPAPolicyTarget object that is referenced by this SUPAHasPolicyTarget aggregation is able to be used as a SUPAPolicyTarget by the SUPAPolicyStructure object that is referenced by this SUPAHasPolicyTarget ...
supa-policy-value-container container This is a container to collect all object instances of type SUPAPolicyValue.
   supa-policy-value-list list List of all instances of supa-policy-value-type. If a module defines subclasses of this class, those will be stored in a separate container.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-decorated-policy-component-agg-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc...
      supa-has-decorated-policy-component-part-ptr leaf This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-pol-clause-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ...
      supa-pol-clause-constraint-encoding leaf The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-pol-comp-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object...
      supa-pol-comp-constraint-encoding leaf The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-policy-clause-has-decorator-part-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
      supa-policy-term-is-negated leaf If the value of this attribute is true, then this particular term is negated.
      supa-policy-value-content leaf-list The content of the value portion of this SUPA Policy Clause. The data type of the content is specified in the supa-policy-value-encoding attribute.
      supa-policy-value-encoding leaf The data type of the supa-policy-value-content attribute.
supa-policy-variable-container container This is a container to collect all object instances of type SUPAPolicyVariable.
   supa-policy-variable-list list List of all instances of supa-policy-variable-type. If a module defines subclasses of this class, those will be stored in a separate container.
      entity-class leaf The identifier of the class of this grouping.
      supa-has-decorated-policy-component-agg-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc...
      supa-has-decorated-policy-component-part-ptr leaf This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i...
      supa-has-policy-metadata-agg-ptr leaf-list This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t...
      supa-pol-clause-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ...
      supa-pol-clause-constraint-encoding leaf The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-pol-comp-constraint leaf-list This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object...
      supa-pol-comp-constraint-encoding leaf The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text.
      supa-policy-clause-has-decorator-part-ptr leaf-list This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object...
      supa-policy-ID leaf The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO...
      supa-policy-name leaf A human-readable name for this policy object. Note that this is NOT the object ID.
      supa-policy-object-description leaf A human-readable description of the characteristics and behavior of this policy object.
      supa-policy-term-is-negated leaf If the value of this attribute is true, then this particular term is negated.
      supa-policy-variable-name leaf A human-readable name for this policy variable.