ietf-supa-policy
HTML
ietf-supa-policy@2017-06-16
module ietf-supa-policy { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-supa-policy"; prefix supa-pdm; import ietf-yang-types { prefix yang; } organization "IETF"; contact "Editor: Joel Halpern email: jmh@joelhalpern.com; Editor: John Strassner email: strazpdj@gmail.com;"; description "This module defines a data model for generic high level definition of policies to be applied to a network. This module is derived from, and aligns with, draft-ietf-supa-generic-policy-info-model-03. Details on all classes, associations, and attributes can be found there. Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info)."; revision "2017-06-16" { description "20170616: Implemented changes from supa IM v3. This includes adding new objects (classes and relationships) corresponding to the new formulation of the decorator pattern. Changed enums to identities per IETF98 discussion. 20170415: Updated SUPABooleanClause based on implementation experience from SNMP example; reworded definitions of supaPolMetadataID and supaEncodedClauseEncoding attribute. 20170117: updated class and attribute names in the YANG to match those in the IM, except where noted. 20161210: Incorporated input from IISOMI. 20161010: Changed back to transitive identities (to enforce inheritance) after determining that errors were from a confdc bug. 20161008: Fixed errors found in latest pyang compiler and from YANG Doctors. 20161001: Minor edits in association definitions. 20160928: Generated yang tree. 20160924: Rewrote association documentation; rebuilt how all classes are named for consistency. 20160904: Optimization of module by eliminating leaves that are not needed; rewrote section 4. 20160824: Edits to sync data model to info model. 20160720: Conversion to WG draft. Fixed pyang 1.1 compilation errors. Fixed must clause derefencing used in grouping statements. Reformatted and expanded descriptions. Fixed various typos. 20160321: Initial version."; reference "draft-ietf-supa-policy-data-model-03"; } identity POLICY-CONSTRAINT-LANGUAGE-LIST { base description "The language used to encode the constraints that are relevant to the relationship between the metadata and the underlying policy object."; } identity PCLL-ERROR { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This signifies an error state for a policy constraint language assignment."; } identity PCLL-INIT { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This signifies a generic initialization state, meaning that the policy constraint language assignment can now be made."; } identity PCLL-OCL2.4 { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This defines OCL2.4 [2] as the policy constraint language list to be used."; } identity PCLL-OCL2.x { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This defines the use of OCL2.0 - OCL2.3.1 [2] as the policy constraint language list to be used."; } identity PCLL-OCL1.x { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This defines OCL1.x [3] as the policy constraint language list to be used."; } identity PCLL-QVT1.2R { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This defines the use of QVT Relational Language [5] as the policy constraint language list to be used."; } identity PCLL-QVT1.2O { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This defines the use of QVT Operational Language [5] as the policy constraint language list to be used."; } identity PCLL-ALLOY { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This defines the use of Alloy [4] as the policy constraint language list to be used. Alloy is a language for defining constraints, and uses a SAT solver to guarantee correctness."; } identity PCLL-TEXT { base POLICY-CONSTRAINT-LANGUAGE-LIST; description "This defines the use of plain text as the policy constraint language list to be used. This option is NOT recommended, since it is informal and hence, not verifiable."; } identity POLICY-DATA-TYPE-ID-ENCODING-LIST { base description "The list of possible data types used to represent object IDs for all SUPA object instances."; } identity PDTIEL-ERROR { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This signifies an error state for a policy data type ID encoding assignment."; } identity PDTIEL-INIT { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This signifies a generic initialization state, meaning that the policy data type ID encoding assignment can now be made."; } identity PDTIEL-PK { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents the primary key of a table, which uniquely identifies each record in that table. It MUST NOT be NULL. It MAY consist of a single or multiple fields. Note that a YANG data model implementation does NOT have to implement this feature."; } identity PDTIEL-FK { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents the foreign key of a table, which uniquely identifies each record in that table. It MUST NOT be NULL. It MAY consist of a single or multiple fields. Note that a YANG data model implementation does NOT have to implement this feature."; } identity PDTIEL-GUID { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents an object instance that is referenced by this GUID."; } identity PDTIEL-UUID { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents an object instance that is referenced by this UUID."; } identity PDTIEL-URI { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents an object instance that is referenced by this URI."; } identity PDTIEL-FQDN { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents an object instance that is referenced by this FQDN."; } identity PDTIEL-FQPN { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents an object instance that is referenced by this FQPN. Note that FQPNs assume that all components can access a single logical file repostory."; } identity PDTIEL-STRING-ID { base POLICY-DATA-TYPE-ID-ENCODING-LIST; description "This represents an object instance that is referenced by this string instance id. Here, a string instance id is the canonical representation, in ASCII, of an instance ID of this object instance."; } identity POLICY-DATA-TYPE-ENCODING-LIST { base description "The set of allowable data types used to encode single- and multi-valued SUPA Policy attributes."; } identity PDTEL-ERROR { base POLICY-DATA-TYPE-ENCODING-LIST; description "This signifies an error state for a policy data type encoding assignment."; } identity PDTEL-INIT { base POLICY-DATA-TYPE-ENCODING-LIST; description "This signifies a generic initialization state, meaning that the policy data type encoding assignment can now be made."; } identity PDTEL-STRING { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a string data type."; } identity PDTEL-INTEGER { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents an integer data type."; } identity PDTEL-BOOLEAN { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a Boolean data type."; } identity PDTEL-FLOAT { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a floating point data type."; } identity PDTEL-DATETIME { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a data type that can specify date and/or time."; } identity PDTEL-GUID { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a GUID data type."; } identity PDTEL-UUID { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a UUID data type."; } identity PDTEL-URI { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a URI data type."; } identity PDTEL-DN { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a DN data type."; } identity PDTEL-FQDN { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents an FQDN data type."; } identity PDTEL-FQPN { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents an FQPN data type. Note that FQPNs assume that all components can access a single logical file repostory."; } identity PDTEL-NULL { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents a NULL data type. NULL means that this data type MAY not contain an actual value. This data type may be used to represent a missing or invalid value."; } identity PDTEL-STRING-ID { base POLICY-DATA-TYPE-ENCODING-LIST; description "This represents an object instance that is defined by this string instance id. Here, a string instance id is the canonical representation, in ASCII, of an instance ID of this object instance."; } identity POLICY-DEPLOY-STATUS-LIST { base description "This represents the current deployment status of this object (e.g., either a SUPAPolicyStructure or a SUPAPolicyClause object instance)."; } identity PDSL-ERROR { base POLICY-DEPLOY-STATUS-LIST; description "This signifies an error state for assigning the deployment status of this object."; } identity PDSL-INIT { base POLICY-DEPLOY-STATUS-LIST; description "This signifies a generic initialization state, meaning that the deploy status assignment of this object can now be made."; } identity PDSL-READY { base POLICY-DEPLOY-STATUS-LIST; description "This defines the deployment status of this object as deployed in the system and currently enabled."; } identity PDSL-TEST { base POLICY-DEPLOY-STATUS-LIST; description "This defines the deployment status of this object as deployed in the system but is currently in a test state, and SHOULD NOT be used in OAM&P policies."; } identity PDSL-DISABLED { base POLICY-DEPLOY-STATUS-LIST; description "This defines the deployment status of this object as deployed in the system, but has been administratively DISABLED. It MUST NOT be used in OAM&P policies."; } identity PDSL-OK-TO-DEPLOY { base POLICY-DEPLOY-STATUS-LIST; description "This defines the deployment status of this object as initialized and ready to be deployed."; } identity PDSL-NOT-OK { base POLICY-DEPLOY-STATUS-LIST; description "This defines the deployment status of this object as NOT ready for deployment into the system."; } identity SUPA-ROOT-TYPE { base description "The identity corresponding to a single root for all identities in the SUPA Data Model. Note that section 7.18.2 in [RFC7950] says that identity derivation is irreflexive (i.e., an identity cannot be derived from itself."; } identity POLICY-OBJECT-TYPE { base SUPA-ROOT-TYPE; description "The identity corresponding to a SUPAPolicyObject object instance."; } grouping supa-policy-object-type { description "This represents the SUPAPolicyObject [1] class. It is the superclass for all SUPA Policy objects (i.e., all objects that are either Policies or components of Policies). Note that SUPA Policy Metadata objects are NOT subclassed from this class; they are instead subclassed from the SUPAPolicyMetadata (i.e., supa-policy-metadata-type) object. This class (supa-policy-object-type) is used to define common attributes and relationships that all SUPA Policy subclasses inherit. It MAY be augmented with a set of zero or more SUPAPolicyMetadata objects using the SUPAHasPolicyMetadata association, which is represented by the supa-has-policy-metadata-agg leaf-list."; leaf entity-class { type identityref { base SUPA-ROOT-TYPE; } default 'POLICY-OBJECT-TYPE'; description "The identifier of the class of this grouping."; } leaf supa-policy-ID { type string; mandatory true; description "The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolObIDEncoding class attribute to define a namespace. Since the YANG data model does not need this genericity, the supaPolObjIDContent attribute was renamed, and the supaObjectIDEncoding attribute was removed."; } leaf supa-policy-name { type string; description "A human-readable name for this policy object. Note that this is NOT the object ID."; } leaf supa-policy-object-description { type string; description "A human-readable description of the characteristics and behavior of this policy object."; } leaf-list supa-has-policy-metadata-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-METADATA-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related to a given SUPAPolicyObject instance. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-metadata-detail (which includes subclasses of this association class)."; } } // grouping supa-policy-object-type identity POLICY-COMPONENT-TYPE { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAPolicyComponentStructure object instance."; } grouping supa-policy-component-structure-type { description "This represents the SUPAPolicyComponent class [1], which is the superclass for all objects that represent different components of a Policy. Important subclasses include the SUPAPolicyClause and the SUPAPolicyClauseComponentDecorator. SUPAPolicyClause is used to build reusable clauses for SUPAPolicies, and SUPAPolicyClauseComponentDecorator is used to dynamically add and remove components of a SUPAPolicyClause. This enables the model to be changed at runtime without requiring recompiling and redeploying."; uses supa-policy-object-type { refine } } // grouping supa-policy-component-structure-type identity POLICY-COMPONENT-CLAUSE-TYPE { base POLICY-COMPONENT-TYPE; description "The identity corresponding to a SUPAPolicyClause object instance."; } grouping supa-policy-clause-type { description "The parent class for all SUPA Policy Clauses. A SUPAPolicyClause is a fundamental building block for creating SUPA Policies. A SUPAPolicy is a set of statements, and a SUPAPolicyClause can be thought of as all or part of a statement. The Decorator pattern [1] is used, which enables the contents of a SUPAPolicyClause to be adjusted dynamically at runtime without affecting other objects of either type. For example, new content can be dynamically added or removed by wrapping a SUPAPolicyClause with additional object instances. Every SUPAPolicy MUST have at least one SUPAPolicyClause."; uses supa-policy-component-structure-type { refine } leaf supa-policy-clause-deploy-status { type identityref { base POLICY-DEPLOY-STATUS-LIST; } mandatory true; description "This defines whether this SUPAPolicy has been deployed and, if so, whether it is enabled and ready to be used or not."; } leaf-list supa-has-policy-clause-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-CLAUSE-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAHasPolicyClause aggregation [1], and is represented by the grouping supa-has-policy-clause-detail. This aggregation describes how each SUPAPolicyClause instance is related to this particular SUPAPolicyStructure instance. For example, this aggregation may restrict which concrete subclasses of the SUPAPolicyStructure class can be associated with which contrete subclasses of the SUPAPolicyClause class. The set of SUPAPolicyClauses, identified by this leaf-list, define the content of this SUPAPolicyStructure. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-clause-detail (which includes subclasses of this association class)."; } leaf-list supa-policy-clause-has-decorator-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClause object instance is decorated (i.e., wrapped) by zero or more SUPAPolicyClauseComponentDecorator object instances. For example, this aggregation may restrict which concrete subclasses of the SUPAPolicyClauseComponentDecorator class can wrap this particular contrete subclass of the SUPAPolicyClause class. The set of SUPAPolicyClauses, identified by this leaf-list, define the content of this SUPAPolicyStructure that they are associated with (via the SUPAHasPolicyClause aggregation). Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-policy-clause-has-decorator-detail (which includes subclasses of this association class). Note that (concrete) subclasses of this association class may also be used to further refine the semantics of this aggregation."; } } // grouping supa-policy-clause-type identity POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE { base POLICY-COMPONENT-TYPE; description "The identity corresponding to a SUPAPolicyClauseComponentDecorator object instance."; } grouping supa-policy-clause-component-decorator-type { description "This object implements the Decorator pattern [1], which enables all or part of one or more concrete objects to wrap another concrete object. The set of decorated objects is then wrapped by a concrete subclass of the SUPAPolicyClause object, which enables the SUPAPolicyClause object to be changed dynamically at runtime without recompilation or redeployment."; uses supa-policy-component-structure-type { refine } leaf-list supa-policy-clause-has-decorator-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; description "This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object instance wraps a given SUPAPolicyClause object instance. This enables the behavior of a SUPAPolicyClause object instance to be changed dynamically by attaching and/or removing SUPAPolicyClauseComponentDecorator object instances. Multiple SUPAPolicyClauseComponentDecorator object instances instances may be attached to a SUPAPolicyClause object instance that is referenced in this aggregation by using the Decorator pattern [1]. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-policy-clause-has-decorator-detail. Note that (concrete) subclasses of this association class may also be used to further refine the semantics of this aggregation."; } leaf supa-has-decorated-policy-component-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')"; description "This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator instance is wrapped by a given SUPAPolicyComponentDecorator instance. Multiple SUPAPolicyComponentDecorator instances may be attached to a SUPAPolicyClauseComponentDecorator instance that is referenced in this aggregation by using the Decorator pattern [1]. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-decorated-policy-component-detail."; } leaf-list supa-pol-clause-constraint { type string; description "This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is aggregating them. For example, this attribute could restrict how a concrete subclass, such as SUPAPolicyEvent, is used. The constraints are defined using an appropriate constraint language that is specified in the supa-pol-clause-constraint-encoding leaf."; } leaf supa-pol-clause-constraint-encoding { type identityref { base POLICY-CONSTRAINT-LANGUAGE-LIST; } description "The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text."; } } // grouping supa-policy-clause-component-decorator-type identity POLICY-COMPONENT-DECORATOR-TYPE { base POLICY-CLAUSE-COMPONENT-DECORATOR-TYPE; description "The identity corresponding to a SUPAPolicyComponentDecorator object instance."; } grouping supa-policy-component-decorator-type { description "This object implements the Decorator pattern [1], which enables all or part of one or more concrete objects of the SUPAPolicyClauseComponentDecorator class to create a set of wrapped objects that are in turn aggregated by a SUPAPolicyClause object. This enables the SUPAPolicyClause object to be changed dynamically at runtime without recompilation or redeployment."; uses supa-policy-clause-component-decorator-type { refine } leaf-list supa-has-decorated-policy-component-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC')"; description "This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instance wraps a given SUPAPolicyClauseComponentDecorator instance. Multiple SUPAPolicyComponentDecorator instances may be attached to a SUPAPolicyClauseComponentDecorator instance that is referenced in this aggregation by using the Decorator pattern [1]. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-decorated-policy-component-detail."; } leaf-list supa-pol-comp-constraint { type string; description "This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object instance that they are wrapping. For example, this attribute could restrict how a concrete subclass of SUPAPolicyComponentDecorator is used. The constraints are defined using an appropriate constraint language that is specified in the supa-pol-comp-constraint-encoding leaf."; } leaf supa-pol-comp-constraint-encoding { type identityref { base POLICY-CONSTRAINT-LANGUAGE-LIST; } description "The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text."; } } // grouping supa-policy-component-decorator-type identity POLICY-ENCODED-CLAUSE-TYPE { base POLICY-COMPONENT-CLAUSE-TYPE; description "The identity corresponding to a SUPAEncodedClause object instance."; } grouping supa-encoded-clause-type { description "This class refines the behavior of the supa-policy-clause by encoding the contents of the clause into the attributes of this object. This enables clauses that are not based on other SUPA objects to be modeled. For example, a POLICY Application could define a CLI or YANG configuration snippet and encode that snipped into a SUPAEncodedClause. Note that a SUPAEncodedClause simply defines the content of the clause. In particular, it does NOT provide a response. The policy engine that is parsing and evaluating the SUPAPolicy needs to assign a response to any SUPAEncodedClause that it encounters."; uses supa-policy-clause-type { refine } leaf supa-encoded-clause-content { type string; mandatory true; description "This defines the content of this SUPAEncodedClause. Since the target is YANG, the supaEncodedClauseEncoding attribute is NOT required, and therefore, not mapped."; } leaf supa-encoded-clause-language { type enumeration { enum "error" { value 0; description "This signifies an error state. OAM&P Policies SHOULD NOT use this SUPAEncodedClause if the value of this attribute is error."; } enum "init" { value 1; description "This signifies an initialization state."; } enum "YANG" { value 2; description "This defines the language used in this SUPAEncodedClause as a type of YANG. Additional details may be provided by attaching a SUPAPolicyMetadata object to this SUPAEncodedClause object instance."; } enum "XML" { value 3; description "This defines the language as a type of XML. Additional details may be provided by attaching a SUPAPolicyMetadata object to this SUPAEncodedClause object instance."; } enum "TL1" { value 4; description "This defines the language as a type of Transaction Language 1. Additional details may be provided by attaching a SUPAPolicyMetadata object to this SUPAEncodedClause object instance."; } enum "Text" { value 5; description "This is a textual string that can be used to define a language choice that is not listed by a specific enumerated value. This string MUST be parsed by the policy system to identify the language being used. A SUPAPolicyMetadata object (represented as a supa-policy-metadata-type leaf) can be used to provide further details about the language"; } } mandatory true; description "Indicates the language used for this SUPAEncodedClause object instance. Prescriptive and/or descriptive information about the usage of this SUPAEncodedClause may be provided by one or more SUPAPolicyMetadata objects, which are each attached to the object instance of this SUPAEncodedClause."; } } // grouping supa-encoded-clause-type container supa-encoding-clause-container { description "This is a container to collect all object instances of type SUPAEncodedClause."; list supa-encoding-clause-list { key "supa-policy-ID"; description "A list of all instances of supa-encoding-clause-type. If a module defines subclasses of the encoding clause, those will be stored in a separate container."; uses supa-encoded-clause-type; } // list supa-encoding-clause-list } // container supa-encoding-clause-container identity POLICY-COMPONENT-TERM-TYPE { base POLICY-COMPONENT-DECORATOR-TYPE; description "The identity corresponding to a SUPAPolicyTerm object instance."; } grouping supa-policy-term-type { description "This is the superclass of all SUPA policy objects that are used to test or set the value of a variable. It does this by defining a {variable-operator-value} three-tuple, where each element of the three-tuple is defined by a concrete subclass of the appropriate type (e.g., SUPAPolicyVariable, SUPAPolicyOperator, or SUPAPolicyVariable)."; uses supa-policy-component-decorator-type { refine } leaf supa-policy-term-is-negated { type boolean; description "If the value of this attribute is true, then this particular term is negated."; } } // grouping supa-policy-term-type identity POLICY-COMPONENT-VARIABLE-TYPE { base POLICY-COMPONENT-TERM-TYPE; description "The identity corresponding to a SUPAPolicyVariable object instance."; } grouping supa-policy-variable-type { description "This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyTerm class, or another object that plays the role (i.e., a variable) of that term. The attribute defined by the supa-policy-variable-name specifies the name of an attribute whose content should be compared to the value portion of a SUPAPolicyTerm, which is typically specified by a SUPAPolicyValue object."; uses supa-policy-term-type { refine } leaf supa-policy-variable-name { type string; description "A human-readable name for this policy variable."; } } // grouping supa-policy-variable-type container supa-policy-variable-container { description "This is a container to collect all object instances of type SUPAPolicyVariable."; list supa-policy-variable-list { key "supa-policy-ID"; description "List of all instances of supa-policy-variable-type. If a module defines subclasses of this class, those will be stored in a separate container."; uses supa-policy-variable-type; } // list supa-policy-variable-list } // container supa-policy-variable-container identity POLICY-COMPONENT-OPERATOR-TYPE { base POLICY-COMPONENT-TERM-TYPE; description "The identity corresponding to a SUPAPolicyOperator object instance."; } grouping supa-policy-operator-type { description "This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyTerm class, or another object that plays the role (i.e., an operator) of that term. The value of the supa-policy-value-op-type attribute specifies an operator that SHOULD be used to compare the variable and value portions of a SUPAPolicyTerm. This is typically specified by a SUPAPolicyOperator object."; uses supa-policy-term-type { refine } leaf supa-policy-value-op-type { type enumeration { enum "error" { value 0; description "This signifies an error state."; } enum "init" { value 1; description "This signifies an initialization state."; } enum "greater than" { value 2; description "A greater-than operator."; } enum "greater than or equal to" { value 3; description "A greater-than-or-equal-to operator."; } enum "less than" { value 4; description "A less-than operator."; } enum "less than or equal to" { value 5; description "A less-than-or-equal-to operator."; } enum "equal to" { value 6; description "An equal-to operator."; } enum "not equal to" { value 7; description "A not-equal-to operator."; } enum "IN" { value 8; description "An operator that determines whether a given value of a variable in a SUPAPolicyTerm matches a value in a SUPAPolicyTerm."; } enum "NOT IN" { value 9; description "An operator that determines whether a given variable in a SUPAPolicyTerm does not match any of the specified values in a SUPAPolicyTerm."; } enum "SET" { value 10; description "An operator that makes the value of the result equal to the input value."; } enum "CLEAR" { value 11; description "An operator that sets the value of the specified object to a value that is 0 for integer datatypes, an empty string for textual datatypes, and FALSE for Boolean datatypes. This value MUST NOT be NULL."; } enum "BETWEEN" { value 12; description "An operator that determines whether a given value is within a specified range of values. Note that this is an inclusive operator."; } } mandatory true; description "The type of operator used to compare the variable and value portions of this SUPAPolicyTerm."; } } // grouping supa-policy-operator-type container supa-policy-operator-container { description "This is a container to collect all object instances of type SUPAPolicyOperator."; list supa-policy-operator-list { key "supa-policy-ID"; description "List of all instances of supa-policy-operator-type. If a module defines subclasses of this class, those will be stored in a separate container."; uses supa-policy-operator-type; } // list supa-policy-operator-list } // container supa-policy-operator-container identity POLICY-COMPONENT-VALUE-TYPE { base POLICY-COMPONENT-TERM-TYPE; description "The identity corresponding to a SUPAPolicyValue object instance."; } grouping supa-policy-value-type { description "This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyTerm class, or another object that plays the role (i.e., a value) of that term. The attribute defined by supa-policy-value-content specifies a a value (which is typically specified by a subclass of SUPAPolicyVariable) that should be compared to a value in the variable portion of the SUPAPolicyTerm."; uses supa-policy-term-type { refine } leaf-list supa-policy-value-content { type string; description "The content of the value portion of this SUPA Policy Clause. The data type of the content is specified in the supa-policy-value-encoding attribute."; } leaf supa-policy-value-encoding { type identityref { base POLICY-DATA-TYPE-ENCODING-LIST; } description "The data type of the supa-policy-value-content attribute."; } } // grouping supa-policy-value-type container supa-policy-value-container { description "This is a container to collect all object instances of type SUPAPolicyValue."; list supa-policy-value-list { key "supa-policy-ID"; description "List of all instances of supa-policy-value-type. If a module defines subclasses of this class, those will be stored in a separate container."; uses supa-policy-value-type; } // list supa-policy-value-list } // container supa-policy-value-container identity POLICY-GENERIC-DECORATED-TYPE { base POLICY-COMPONENT-DECORATOR-TYPE; description "The identity corresponding to a SUPAGenericDecoratedComponent object instance."; } grouping supa-policy-generic-decorated-type { description "This class enables a generic object to be defined and used as a decorator in a SUPA Policy Clause. This class should not be confused with the SUPAEncodedClause class. A SUPAGenericDecoratedComponent object represents a single, atomic object that defines a portion of the contents of a SUPAPolicyClause, whereas a SUPAPolicyEncodedClause represents the entire contents of a SUPAPolicyClause."; uses supa-policy-component-decorator-type { refine } leaf-list supa-policy-generic-decorated-content { type string; description "The content of this SUPAGenericDecoratedComponent object instance. The data type of this attribute is specified in the leaf supa-policy-generic-decorated-encoding."; } leaf supa-policy-generic-decorated-encoding { type identityref { base POLICY-DATA-TYPE-ENCODING-LIST; } description "The datatype of the supa-policy-generic-decorated-content attribute."; } } // grouping supa-policy-generic-decorated-type container supa-policy-generic-decorated-container { description "This is a container to collect all object instances of type SUPAGenericDecoratedComponent."; list supa-encoding-clause-list { key "supa-policy-ID"; description "List of all instances of supa-policy-generic-decorated-type. If a module defines subclasses of this class, those will be stored in a separate container."; uses supa-policy-generic-decorated-type; } // list supa-encoding-clause-list } // container supa-policy-generic-decorated-container identity POLICY-STRUCTURE-TYPE { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAPolicyStructure object instance."; } grouping supa-policy-structure-type { description "A superclass for all objects that represent different types of SUPAPolicies. Currently, this is limited to a single type, which is the event-condition-action (ECA) Policy Rule. A SUPA Policy may be an individual policy, or a set of policies. Subclasses MAY support this feature by implementing the composite pattern."; uses supa-policy-object-type { refine } leaf supa-policy-admin-status { type enumeration { enum "error" { value 0; description "This signifies an error state. OAM&P Policies SHOULD NOT use this SUPAPolicy if the value of this attribute is error."; } enum "init" { value 1; description "This signifies an initialization state."; } enum "enabled" { value 2; description "This signifies that this SUPAPolicy has been administratively enabled."; } enum "disabled" { value 3; description "This signifies that this SUPAPolicy has been administratively disabled."; } enum "in test" { value 4; description "This signifies that this SUPAPolicy has been administratively placed into test mode, and SHOULD NOT be used as part of an operational policy rule."; } } mandatory true; description "The current admnistrative status of this SUPAPolicy."; } leaf supa-policy-continuum-level { type uint32; description "This is the current level of abstraction of this particular SUPAPolicyRule. By convention, the values 0 and 1 should be used for error and initialization states; a value of 2 is the most abstract level, and higher values denote more concrete levels."; } leaf supa-policy-deploy-status { type enumeration { enum "error" { value 0; description "This signifies an error state."; } enum "init" { value 1; description "This signifies an initialization state."; } enum "deployed and enabled" { value 2; description "This SUPAPolicy has been deployed in the system and is currently enabled."; } enum "deployed and in test" { value 3; description "This SUPAPolicy has been deployed in the system, but is currently in test and SHOULD NOT be used in OAM&P policies."; } enum "deployed but not enabled" { value 4; description "This SUPAPolicy has been deployed in the system, but has been administratively disabled."; } enum "ready to be deployed" { value 5; description "This SUPAPolicy has been properly initialized, and is now ready to be deployed."; } enum "cannot be deployed" { value 6; description "This SUPAPolicy has been administratively disabled, and SHOULD NOT be used as part of an OAM&P policy."; } } mandatory true; description "This attribute defines whether this SUPAPolicy has been deployed and, if so, whether it is enabled and ready to be used or not."; } leaf supa-policy-exec-fail-strategy { type enumeration { enum "error" { value 0; description "This signifies an error state."; } enum "init" { value 1; description "This signifies an initialization state."; } enum "rollback all" { value 2; description "This means that execution of this SUPAPolicy SHOULD be stopped, and rollback of all SUPAPolicyActions (whether they were successfully executed or not) performed by this particular SUPAPolicy is attempted. Also, all SUPAPolicies that otherwise would have been executed as a result of this SUPAPolicy SHOULD NOT be executed."; } enum "rollback single" { value 3; description "This means that execution of this SUPAPolicy SHOULD be stopped, and rollback is attempted for ONLY the SUPAPolicyAction (belonging to this particular SUPAPolicy) that failed to execute correctly. All remaining actions including SUPAPolicyActions and SUPAPolicies that otherwise would have been executed as a result of this SUPAPolicy, SHOULD NOT be executed."; } enum "stop execution" { value 4; description "This means that execution of this SUPAPolicy SHOULD be stopped without any other action being performed; this includes corrective actions, such as rollback, as well as any SUPAPolicyActions or SUPAPolicies that otherwise would have been executed."; } enum "ignore" { value 5; description "This means that any failures produced by this SUPAPolicy SHOULD be ignored, and hence, no corrective actions, such as rollback, will be performed at this time. Hence, any other SUPAPolicyActions or SUPAPolicies SHOULD continue to be executed."; } } mandatory true; description "This defines what actions, if any, should be taken by this particular SUPA Policy Rule if it fails to execute correctly. Some implementations may not be able to accommodate the rollback failure options; hence, these options may be skipped."; } leaf-list supa-has-policy-source-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-SOURCE-ASSOC')"; description "This leaf-list holds instance-identifiers that reference SUPAHasPolicySource associations [1]. This association is represented by the grouping supa-has-policy-source-detail, and describes how this SUPAPolicyStructure instance is related to a set of SUPAPolicySource instances. Each SUPAPolicySource instance defines a set of unambiguous sources of this SUPAPolicy. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-source-detail (which includes subclasses of this association class)."; } leaf-list supa-has-policy-target-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-TARGET-ASSOC')"; description "This leaf-list holds instance-identifiers that reference SUPAHasPolicyTarget associations [1]. This association is represented by the grouping supa-has-policy-target-detail, and describes how this SUPAPolicyStructure instance is related to a set of SUPAPolicyTarget instances. Each SUPAPolicyTarget instance defines a set of unambiguous managed entities to which this SUPAPolicy will be applied to. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-target-detail (which includes subclasses of this association class)."; } leaf-list supa-has-policy-clause-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-CLAUSE-ASSOC')"; description "This leaf-list holds instance-identifiers that reference SUPAHasPolicyClause associations [1]. This association is represented by the grouping supa-has-policy-clause-detail. This association describes how this particular SUPAPolicyStructure instance is related to this set of SUPAPolicyClause instances. Since this association class contains attributes, the instance-identifier MUST point to an instance using the supa-has-policy-clause-detail (which includes subclasses of this association class)."; } leaf-list supa-has-policy-exec-fail-action-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAHasPolExecFailtActionToTake association [1]. This association is represented by the supa-has-policy-exec-action-detail grouping. This association relates this SUPAPolicyStructure instance (the parent) to one or more SUPAPolicyStructure instances (the children), where each child SUPAPolicyStructure contains one or more SUPAPolicyActions to be executed if the parent SUPAPolicyStructure instance generates an error while it is executing. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-exec-action-detail (which includes subclasses of this association class)."; } leaf-list supa-has-policy-exec-fail-action-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-EXEC-ACTION-ASSOC')"; min-elements 1; description "This leaf-list holds instance-identifiers that reference a SUPAHasPolExecFailtActionToTake association [1]. This association is represented by the supa-has-policy-exec-action-detail grouping. This association relates this SUPAPolicyStructure instance (the child) to another SUPAPolicyStructure instance (the parent). The child SUPAPolicyStructure contains one or more SUPAPolicyActions to be executed if the parent SUPAPolicyStructure instance generates an error while it is executing; the parent SUPAPolicyStructure contains one or more child SUPAPolicyStructure instances to enable it to choose how to handle each type of failure. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-exec-action-detail (which includes subclasses of this association class)."; } } // grouping supa-policy-structure-type identity POLICY-SOURCE-TYPE { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAPolicySource object instance."; } grouping supa-policy-source-type { description "This object defines a set of managed entities that authored, or are otherwise responsible for, this SUPAPolicy. Note that a SUPAPolicySource does NOT evaluate or execute SUPAPolicies. Its primary use is for auditability and the implementation of deontic logic (i.e., how concepts such as obligation and permission work) and/or alethic logic (i.e., how concepts such as necessity, possibility, and contigency work). It is expected that this grouping will be extended (i.e., subclassed) when used, so that the system an add specific information appropriate to sources of policy of that particular system."; uses supa-policy-object-type { refine } leaf-list supa-has-policy-source-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-SOURCE-ASSOC')"; description "This leaf-list holds the instance-identifiers that reference a SUPAHasPolicySource association [1], which is represented by the supa-has-policy-source-detail grouping. This association describes how each SUPAPolicySource instance is related to this particular SUPAPolicyStructure instance. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-source-detail (which includes subclasses of this association class)."; } } // grouping supa-policy-source-type container supa-policy-source-container { description "This is a container to collect all object instances of type SUPAPolicySource."; list supa-policy-source-list { key "supa-policy-ID"; description "A list of all supa-policy-source instances in the system."; uses supa-policy-source-type; } // list supa-policy-source-list } // container supa-policy-source-container identity POLICY-TARGET-TYPE { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAPolicyTarget object instance."; } grouping supa-policy-target-type { description "This object defines a set of managed entities that a SUPAPolicy is applied to. It is expected that this grouping will be extended (i.e., subclassed) when used, so that the system can add specific information appropriate to policy targets of that particular system."; uses supa-policy-object-type { refine } leaf-list supa-has-policy-target-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-TARGET-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAHasPolicyTarget association. This is represented by the supa-has-policy-target-detail grouping. This association describes how each SUPAPolicyTarget instance is related to a particular SUPAPolicyStructure instance. For example, this association may restrict which SUPAPolicyTarget instances can be used by which SUPAPolicyStructure instances. The SUPAPolicyTarget defines a set of managed entities that this SUPAPolicyStructure will be applied to. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-target-detail (which includes subclasses of this association class)."; } } // grouping supa-policy-target-type container supa-policy-target-container { description "This is a container to collect all object instances of type SUPAPolicyTarget."; list supa-policy-target-list { key "supa-policy-ID"; description "A list of all supa-policy-target instances in the system."; uses supa-policy-target-type; } // list supa-policy-target-list } // container supa-policy-target-container identity POLICY-METADATA-TYPE { base SUPA-ROOT-TYPE; description "The identity corresponding to a SUPAPolicyMetadata object instance."; } grouping supa-policy-metadata-type { description "This is the superclass of all metadata classes. Metadata is information that describes and/or prescribes the characteristics and behavior of another object that is not an inherent, distinguishing characteristics or behavior of that object."; leaf entity-class { type identityref { base SUPA-ROOT-TYPE; } description "The identifier of the class of this grouping."; } leaf supa-policy-metadata-id { type string; mandatory true; description "This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaPolMetadataIDContent attribute was renamed to supa-policy-metadata-id, and the supaPolMetadataIDEncoding attribute was not mapped."; } leaf supa-policy-metadata-description { type string; description "This contains a free-form textual description of this metadata object (e.g., what it may be used for)."; } leaf supa-policy-metadata-name { type string; description "This contains a human-readable name for this metadata object."; } leaf-list supa-has-policy-metadata-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-METADATA-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or prescribe additional information, provided by this SUPAPolicyMetadata instance, that can be associated with this SUPAPolicyObject instance. Multiple SUPAPolicyMetadata objects may be attached to a concrete subclass of the SUPAPolicyObject class that is referenced in this association by using the Decorator pattern [1]. For example, a SUPAPolicyVersionMetadataDef instance could wrap a SUPAECAPolicyRuleAtomic instance; this would define the version of this particular SUPAECAPolicyRuleAtomic instance. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-metadata-detail (which includes subclasses of this association class)."; } leaf-list supa-has-policy-metadata-dec-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')"; min-elements 1; description "This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance wraps a given SUPAPolicyMetadata instance using the Decorator pattern [1]. Multiple concrete subclasses of SUPAPolicyMetadataDecorator may be used to wrap the same SUPAPolicyMetadata instance. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-metadata-dec-detail (which includes subclasses of this association class)."; } } // grouping supa-policy-metadata-type identity POLICY-METADATA-CONCRETE-TYPE { base POLICY-METADATA-TYPE; description "The identity corresponding to a SUPAPolicyConcreteMetadata object instance."; } grouping supa-policy-concrete-metadata-type { description "This is a concrete class that will be wrapped by concrete instances of the SUPA Policy Metadata Decorator class. It can be viewed as a container for metadata that will be attached to a subclass of SUPA Policy Object. It may contain all or part of one or more metadata subclasses."; uses supa-policy-metadata-type { refine } leaf supa-policy-metadata-valid-period-end { type yang:date-and-time; description "This defines the ending date and time that this metadata object is valid for."; } leaf supa-policy-metadata-valid-period-start { type yang:date-and-time; description "This defines the starting date and time that this metadata object is valid for."; } } // grouping supa-policy-concrete-metadata-type container supa-policy-concrete-metadata-container { description "This is a container to collect all object instances of type SUPAPolicyConcreteMetadata."; list supa-policy-concrete-metadata-list { key "supa-policy-metadata-id"; description "A list of all supa-policy-metadata instances in the system."; uses supa-policy-concrete-metadata-type; } // list supa-policy-concrete-metadata-list } // container supa-policy-concrete-metadata-container identity POLICY-METADATA-DECORATOR-TYPE { base POLICY-METADATA-TYPE; description "The identity corresponding to a SUPAPolicyMetadataDecorator object instance."; } grouping supa-policy-metadata-decorator-type { description "This object implements the Decorator pattern [1] for all SUPA metadata objects. This enables all or part of one or more metadata objects to wrap another concrete metadata object. The only concrete subclass of SUPAPolicyMetadata in this document is SUPAPolicyConcreteMetadata."; uses supa-policy-metadata-type { refine } leaf supa-has-policy-metadata-dec-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance wraps a given SUPAPolicyMetadata instance using the Decorator pattern [1]. Multiple concrete subclasses of SUPAPolicyMetadataDecorator may be used to wrap the same SUPAPolicyMetadata instance. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-has-policy-metadata-dec-detail (which includes subclasses of this association class)."; } } // grouping supa-policy-metadata-decorator-type identity POLICY-METADATA-DECORATOR-ACCESS-TYPE { base POLICY-METADATA-DECORATOR-TYPE; description "The identity corresponding to a SUPAPolicyAccessMetadataDef object instance."; } grouping supa-policy-metadata-decorator-access-type { description "This is a concrete class that defines metadata for access control information that can be added to any SUPAPolicyObject object instance. This is done using the SUPAHasPolicyMetadata association in conjunction with the Decorator pattern [1]."; uses supa-policy-metadata-decorator-type { refine } leaf supa-policy-metadata-access-priv-def { type enumeration { enum "error" { value 0; description "This signifies an error state. OAM&P Policies SHOULD NOT use this SUPAPolicyAccessMetadataDef if the value of this attribute is error."; } enum "init" { value 1; description "This signifies an initialization state."; } enum "read only" { value 2; description "This defines access as read only for ALL SUPAPolicyObject objects that are adorned with this SUPAPolicyAccessMetadataDef object. As such, an explicit access control model, such as RBAC [7], is NOT present."; } enum "read write" { value 3; description "This defines access as read and/or write for ALL SUPAPolicyObject objects that are adorned with this SUPAPolicyAccessMetadataDef object. As such, an explicit access control model, such as RBAC [7], is NOT present."; } enum "specified by MAC" { value 4; description "This uses an external Mandatory Access Control (MAC) [7] model to define access control for ALL SUPAPolicyObject objects that are adorned with this SUPAPolicyAccessMetadataDef object. The name and location of this access control model are specified, respectively, in the supa-policy-metadata-access-priv-model-name and supa-policy-metadata-access-priv-model-ref attributes of this SUPAPolicyAccessMetadataDef object."; } enum "specified by DAC" { value 5; description "This uses an external Discretionary Access Control (DAC) [7] model to define access control for ALL SUPAPolicyObject objects that are adorned with this SUPAPolicyAccessMetadataDef object. The name and location of this access control model are specified, respectively, in the supa-policy-metadata-access-priv-model-name and supa-policy-metadata-access-priv-model-ref attributes of this SUPAPolicyAccessMetadataDef object."; } enum "specified by RBAC" { value 6; description "This uses an external Role-Based Access Control (RBAC) [7] model to define access control for ALL SUPAPolicyObject objects that are adorned with this SUPAPolicyAccessMetadataDef object. The name and location of this access control model are specified, respectively, in the supa-policy-metadata-access-priv-model-name and supa-policy-metadata-access-priv-model-ref attributes of this SUPAPolicyAccessMetadataDef object."; } enum "specified by ABAC" { value 7; description "This uses an external Attribute-Based Access Control (ABAC) [8] model to define access control for ALL SUPAPolicyObject objects that are adorned with this SUPAPolicyAccessMetadataDef object. The name and location of this access control model are specified, respectively, in the supa-policy-metadata-access-priv-model-name and supa-policy-metadata-access-priv-model-ref attributes of this SUPAPolicyAccessMetadataDef object."; } enum "specified by custom" { value 8; description "This uses an external Custom Access Control model to define access control for ALL SUPAPolicyObject objects that are adorned with this SUPAPolicyAccessMetadataDef object. The name and location of this access control model are specified, respectively, in the supa-policy-metadata-access-priv-model-name and supa-policy-metadata-access-priv-model-ref attributes of this SUPAPolicyAccessMetadataDef object."; } } description "This defines the type of access control model that is used by this SUPAPolicyObject object instance."; } leaf supa-policy-metadata-access-priv-model-name { type string; description "This contains the name of the access control model being used. If the value of the supa-policy-metadata-access-priv-model-ref is error, then this SUPAPolicyAccessMetadataDef object MUST NOT be used. If the value of the supa-policy-metadata-access-priv-model-ref is init, then this SUPAPolicyAccessMetadataDef object has been properly initialized, and is ready to be used. If the value of the supa-policy-metadata-access-priv-model-ref is read only or read write, then the value of this attribute is not applicable (because a type of model is NOT being defined; instead, the access control for all SUPAPolicyObjects is being defined). Otherwise, the text in this class attribute SHOULD be interpreted according to the value of the supa-policy-metadata-access-priv-model-ref class attribute."; } leaf supa-policy-metadata-access-priv-model-ref { type enumeration { enum "error" { value 0; description "This signifies an error state. OAM&P Policies SHOULD NOT use this SUPAPolicyAccessMetadataDef object if the value of this attribute is error."; } enum "init" { value 1; description "This signifies an initialization state."; } enum "URI" { value 2; description "The access control model is referenced by this URI."; } enum "GUID" { value 3; description "The access control model is referenced by this GUID."; } enum "UUID" { value 4; description "The access control model is referenced by this UUID."; } enum "FQDN" { value 5; description "The access control model is referenced by this FQDN."; } enum "FQPN" { value 6; description "The access control model is referenced by this FQPN."; } enum "string_instance_id" { value 7; description "A string that is the canonical representation, in ASCII, of an instance ID of this object."; } } description "This defines the data type of the supa-policy-metadata-access-priv-model-name attribute."; } } // grouping supa-policy-metadata-decorator-access-type container supa-policy-metadata-decorator-access-container { description "This is a container to collect all object instances of type SUPAPolicyAccessMetadataDef."; list supa-policy-metadata-decorator-access-list { key "supa-policy-metadata-id"; description "A list of all supa-policy-metadata-decorator-access instances in the system. Instances of subclasses will be in a separate list."; uses supa-policy-metadata-decorator-type; } // list supa-policy-metadata-decorator-access-list } // container supa-policy-metadata-decorator-access-container identity POLICY-METADATA-DECORATOR-VERSION-TYPE { base POLICY-METADATA-DECORATOR-TYPE; description "The identity corresponding to a SUPAPolicyVersionMetadataDef object instance."; } grouping supa-policy-metadata-decorator-version-type { description "This is a concrete class that defines metadata for version control information that can be added to any SUPAPolicyObject. This is done using the SUPAHasPolicyMetadata association. This class uses the Semantic Versioning Specification [6] as follows: <major>.<minor>.<patch>[<pre-release>][<build-metadata>] where the first three components (major, minor, and patch) MUST be present, and the latter two components (pre-release and build-metadata) MAY be present. A version number MUST take the form <major>.<minor>.<patch>, where <major>, <minor>, and <patch> are each non-negative integers that MUST NOT contain leading zeros. In addition, the value of each of these three elements MUST increase numerically. In this approach, supaVersionMajor denotes a new release; supaVersionMinor denotes a minor release; supaVersionPatch denotes a version that consists ONLY of bug fixes. Version precedence MUST be calculated by separating the version into major, minor, patch, and pre-release identifiers, in that order. See [1] for more information."; uses supa-policy-metadata-decorator-type { refine } leaf supa-policy-metadata-version-major { type string; description "This contains a string representation of an integer that is greater than or equal to zero. It indicates that a significant increase in functionality is present in this version. It MAY also indicate that this version has changes that are NOT backwards-compatible (the supa-policy-metadata-version-build class attribute is used to denote such changes). The string 0.1.0 defines an initial version that MUST NOT be considered stable. Improvements to this initial version are denoted by incrementing the minor and patch class attributes (supa-policy-metadata-version-major and supa-policy-metadata-version-patch, respectively). The major version X (i.e., X.y.z, where X > 0) MUST be incremented if any backwards-incompatible changes are introduced. It MAY include minor and patch level changes. The minor and patch version numbers MUST be reset to 0 when the major version number is incremented."; } leaf supa-policy-metadata-version-minor { type string; description "This contains a string representation of an integer that is greater than or equal to zero. It indicates that this release contains a set of features and/or bug fixes that MUST be backwards-compatible. The minor version Y (i.e., x.Y.z, where x > 0) MUST be incremented if new, backwards-compatible changes are introduced. It MUST be incremented if any features are marked as deprecated. It MAY be incremented if new functionality or improvements are introduced, and MAY include patch level changes. The patch version number MUST be reset to 0 when the minor version number is incremented."; } leaf supa-policy-metadata-version-patch { type string; description "This contains a string representation of an integer that is greater than or equal to zero. It indicates that this version contains ONLY bug fixes. The patch version Z (i.e., x.y.Z, where x > 0) MUST be incremented if new, backwards-compatible changes are introduced. A bug fix is defined as an internal change that fixes incorrect behavior."; } leaf supa-policy-metadata-version-prerelease { type string; description "This contains a string that defines the pre-release version. A pre-release version MAY be denoted by appending a hyphen and a series of dot-separated identifiers immediately following the patch version. Identifiers MUST comprise only ASCII alphanumerics and a hyphen. Identifiers MUST NOT be empty. Numeric identifiers MUST NOT include leading zeroes. Pre-release versions have a lower precedence than the associated normal version. A pre-release version indicates that the version is unstable and might not satisfy the intended compatibility requirements as denoted by its associated normal version. Examples include: 1.0.0-alpha and 1.0.0-0.3.7."; } leaf supa-policy-metadata-version-build { type string; description "This contains a string that defines the metadata of this build. Build metadata is optional. If present, build metadata MAY be denoted by appending a plus (+) sign to the version, followed by a series of dot-separated identifiers. This may follow either the patch or pre-release portions of the version. If build metadata is present, then any identifiers that it uses MUST be made up of only ASCII alphanumerics and a hyphen. The identifier portion of the build metadata MUST NOT be empty. Build metadata SHOULD be ignored when determining version precedence. Examples include: 1.0.0.-alpha+1, 1.0.0.-alpha+1.1, 1.0.0+20130313144700, and 1.0.0-beta+exp.sha.5114f85."; } } // grouping supa-policy-metadata-decorator-version-type container supa-policy-metadata-decorator-version-container { description "This is a container to collect all object instances of type SUPAPolicyVersionMetadataDef."; list supa-policy-metadata-decorator-version-list { key "supa-policy-metadata-id"; description "A list of all supa-policy-metadata-decorator-version instances in the system. Instances of subclasses will be in a separate list."; uses supa-policy-metadata-decorator-type; } // list supa-policy-metadata-decorator-version-list } // container supa-policy-metadata-decorator-version-container identity SUPA-HAS-POLICY-METADATA-DECORATOR-TYPE { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAHasPolicyMetadataDetail association class object instance."; } grouping supa-has-policy-metadata-detail { description "This is a concrete association class that defines the semantics of the SUPAHasPolicyMetadata association. This enables the attributes and relationships of the SUPAHasPolicyMetadataDetail class to be used to constrain which SUPAPolicyMetadata objects can be associated by this particular SUPAPolicyObject instance."; uses supa-policy-object-type { refine } leaf supa-has-policy-metadata-detail-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-OBJECT-TYPE')"; description "This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyObject instance end point of the aggregation represented by this instance of the SUPAHasPolicyMetadata aggregation [1]. The groupings supa-policy-object-type and supa-policy-metadata-type represent the SUPAPolicyObject and SUPAPolicyMetadata classes, respectively. Thus, the instance identified by this leaf is the SUPAPolicyObject instance that is associated by this aggregation to the set of SUPAPolicyMetadata instances referenced by the supa-has-policy-metadata-detail-part-ptr leaf of this grouping."; } leaf supa-has-policy-metadata-detail-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-METADATA-TYPE')"; description "This leaf is an instance-identifier that references the SUPAPolicyMetadata instance end point of the aggregation represented by this instance of the SUPAHasPolicyMetadata aggregation [1]. The groupings supa-policy-object-type and supa-policy-metadata-type represent the SUPAPolicyObject and SUPAPolicyMetadata classes, respectively. Thus, the instance identified by this leaf is the SUPAPolicyMetadata instance that is associated by this aggregation to the set of SUPAPolicyObject instances referenced by the supa-has-policy-metadata-detail-agg-ptr leaf of this grouping."; } leaf supa-policy-metadata-detail-is-applicable { type boolean; description "This attribute controls whether the associated metadata is currently considered applicable to this SUPAPolicyObject; this enables metadata to be turned on and off when needed without disturbing the structure of the object that the metadata applies to, or affecting other objects in the system."; } leaf-list supa-policy-metadata-detail-constraint { type string; description "A list of constraints, expressed as strings, in the language defined by the supa-policy-metadata-detail-encoding attribute. If there are no constraints on using this SUPAPolicyMetadata object with this particular SUPAPolicyObject object, then this leaf-list will consist of a list of a single null string."; } leaf supa-policy-metadata-detail-constraint-encoding { type identityref { base POLICY-CONSTRAINT-LANGUAGE-LIST; } description "The language in which the constraints on the SUPAHasPolicyMetadata aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text."; } } // grouping supa-has-policy-metadata-detail container supa-policy-metadata-detail-container { description "This is a container to collect all object instances of type SUPAPolicyMetadataDetail."; list supa-policy-metadata-detail-list { key "supa-policy-ID"; description "This is a list of all supa-policy-metadata-detail instances in the system. Instances of subclasses will be in a separate list. Note that this association class is made concrete for exemplary purposes. To be useful, it almost certainly needs refinement."; uses supa-has-policy-metadata-detail; } // list supa-policy-metadata-detail-list } // container supa-policy-metadata-detail-container identity SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAPolicyClauseHasDecorator association class object instance."; } grouping supa-policy-clause-has-decorator-detail { description "This is a concrete association class that defines the semantics of the SUPAPolicyClauseHasDecorator aggregation."; leaf supa-policy-clause-has-decorator-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; description "This leaf-list holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClause object instance is decorated (i.e., wrapped) by zero or more SUPAPolicyClauseComponentDecorator object instances. For example, this aggregation may restrict which concrete subclasses of the SUPAPolicyClauseComponentDecorator class can wrap this particular contrete subclass of the SUPAPolicyClause class. The set of SUPAPolicyClauses, identified by this leaf-list, define the content of this SUPAPolicyStructure that they are associated with (via the SUPAHasPolicyClause aggregation). Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-policy-clause-has-decorator-detail (which includes subclasses of this association class). Note that (concrete) subclasses of this association class may also be used to further refine the semantics of this aggregation."; } leaf supa-policy-clause-has-decorator-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'SUPA-POLICY-CLAUSE-HAS-DECORATOR-ASSOC')"; description "This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object instance wraps a given SUPAPolicyClause object instance. This enables the behavior of a SUPAPolicyClause object instance to be changed dynamically by attaching and/or removing SUPAPolicyClauseComponentDecorator object instances. Multiple SUPAPolicyClauseComponentDecorator object instances instances may be attached to a SUPAPolicyClause object instance that is referenced in this aggregation by using the Decorator pattern [1]. Since this association class contains attributes, the instance-identifier MUST point to an instance using the grouping supa-policy-clause-has-decorator-detail."; } leaf-list supa-pol-clause-dec-constraint { type string; description "A constraint expression applying to this association between a concrete subclase of SUPAPolicyClause and a concrete subclass of SUPAPolicyClauseComponentDecorator. This restricts which types of SUPAPolicyClauseComponentDecorator object instances can be aggregated by which types of SUPAPolicyClause object instances. Constraints are written in a constraint language specified by the supa-pol-clause-dec-constraint-encoding attribute."; } leaf supa-pol-clause-dec-constraint-encoding { type identityref { base POLICY-CONSTRAINT-LANGUAGE-LIST; } description "The language in which the constraints on the SUPAPolicyClauseHasDecorator aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text."; } } // grouping supa-policy-clause-has-decorator-detail container supa-policy-clause-has-decorator-detail-container { description "This is a container to collect all object instances of type SUPAPolicyClauseHasDecoratorDetail."; list supa-policy-component-decorator-detail-list { key "supa-policy-ID"; description "This is a list of all supa-policy-component-decorator-details."; uses supa-has-decorator-policy-component-detail; } // list supa-policy-component-decorator-detail-list } // container supa-policy-clause-has-decorator-detail-container grouping supa-has-decorator-policy-component-detail { description "This is a concrete association class that defines the semantics of the SUPAHasDecoratedPolicyComponent association. The purpose of this class is to use the Decorator pattern [1] to detemine which SUPAPolicyComponentDecorator object instances, if any, are required to augment the functionality of a concrete subclass of SUPAPolicyClause that is being used."; uses supa-policy-object-type { refine } leaf supa-has-policy-component-decorator-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-COMPONENT-DECORATOR-TYPE')"; description "This leaf is an instance-identifier that references the SUPAPolicyComponentDecorator instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-type and supa-policy-component-structure-type represent the SUPAPolicyComponentDecorator and SUPAPolicyComponentStructure classes, respectively. Thus, the instance identified by this leaf is the SUPAPolicyComponentDecorator instance that is associated by this association to the set of SUPAPolicyComponentStructure instances referenced by the supa-has-policy-component-decorator-part-ptr leaf of this grouping."; } leaf supa-has-policy-component-decorator-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-COMPONENT-TYPE')"; description "This leaf is an instance-identifier that references the SUPAPolicyComponentStructure instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-type and supa-policy-component-structure-type represent the SUPAPolicyComponentDecorator and SUPAPolicyComponentStructure classes, respectively. Thus, the instance identified by this leaf is the SUPAPolicyComponentStructure instance that is associated by this association to the set of SUPAPolicyComponentStructure instances referenced by the supa-has-policy-component-decorator-agg-ptr leaf of this grouping."; } leaf-list supa-has-decorator-constraint { type string; description "A constraint expression applying to this association between a SUPAPolicyClauseComponentDecorator and any components that decorate it. The supa-has-decorator-constraint-encoding attribute specifies the language used to write the set of constraint expressions."; } leaf supa-has-decorator-constraint-encoding { type identityref { base POLICY-CONSTRAINT-LANGUAGE-LIST; } description "The language in which the constraints on the SUPAHasDecoratedPolicyComponent aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text."; } } // grouping supa-has-decorator-policy-component-detail container supa-policy-component-decorator-detail-container { description "This is a container to collect all object instances of type SUPAPolicyComponentDecoratorDetail."; list supa-policy-component-decorator-detail-list { key "supa-policy-ID"; description "This is a list of all supa-policy-component-decorator-details."; uses supa-has-decorator-policy-component-detail; } // list supa-policy-component-decorator-detail-list } // container supa-policy-component-decorator-detail-container identity SUPA-HAS-DECORATED-POLICY-COMPONENT-ASSOC { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAHasDecoratedPolicyComponent association object instance."; } identity SUPA-HAS-POLICY-SOURCE-ASSOC { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAHasPolicySource association class object instance."; } grouping supa-has-policy-source-detail { description "This is an association class, and defines the semantics of the SUPAHasPolicySource association. The attributes and relationships of this class can be used to define which SUPAPolicySource objects can be attached to which particular set of SUPAPolicyStructure objects. Note that a SUPAPolicySource object is NOT responsible for evaluating or executing SUPAPolicies; rather, it identifies the set of entities that are responsible for managing this SUPAPolicySource object. Its primary uses are for auditability, as well as processing deontic logic. This object represents the semantics of associating a SUPAPolicySource to a SUPAPolicyTarget."; uses supa-policy-object-type { refine } leaf supa-has-policy-source-detail-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-STRUCTURE-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolicySource association [1]. The grouping supa-has-policy-source-detail represents the SUPAHasPolicySourceDetail class. Thus, the instance identified by this leaf is the SUPAPolicyStructure instance that is associated by this association to the SUPAPolicySource instance referenced by the supa-has-policy-source-detail-part-ptr leaf of this grouping."; } leaf supa-has-policy-source-detail-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-SOURCE-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicySource instance end point of the association represented by this instance of the SUPAHasPolicySource association [1]. The grouping supa-has-policy-source-detail represents the SUPAHasPolicySourceDetail class. Thus, the instance identified by this leaf is the SUPAPolicySource instance that is associated by this association to the SUPAPolicyStructure instance referenced by the supa-has-policy-source-detail-agg-ptr leaf of this grouping."; } leaf supa-policy-source-is-authenticated { type boolean; description "If the value of this attribute is true, then this SUPAPolicySource object has been authenticated by a policy engine or application that is executing this particular SUPAPolicyStructure object."; } leaf supa-policy-source-is-trusted { type boolean; description "If the value of this attribute is true, then this SUPAPolicySource object has been verified to be trusted by a policy engine or application that is executing this particular SUPAPolicyStructure object."; } } // grouping supa-has-policy-source-detail container supa-policy-source-detail-container { description "This is a container to collect all object instances of type SUPAPolicySourceDetail."; list supa-policy-source-detail-list { key "supa-policy-ID"; description "This is a list of all supa-policy-source-detail objects."; uses supa-has-policy-source-detail; } // list supa-policy-source-detail-list } // container supa-policy-source-detail-container identity SUPA-HAS-POLICY-TARGET-ASSOC { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAHasPolicyTarget association class object instance."; } grouping supa-has-policy-target-detail { description "This is an association class, and defines the semantics of the SUPAHasPolicyTarget association. The attributes and relationships of this class can be used to define which SUPAPolicyTarget objects can be attached to which particular set of SUPAPolicyStructure objects. Note that a SUPAPolicyTarget is used to identify a set of managed entities to which a SUPAPolicy should be applied; this object represents the semantics of applying a SUPAPolicy to a SUPAPolicyTarget."; uses supa-policy-object-type { refine } leaf supa-has-policy-target-detail-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-STRUCTURE-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolicyTarget association [1]. The grouping supa-has-policy-target-detail represents the SUPAHasPolicyTargetDetail class. Thus, the instance identified by this leaf is the SUPAPolicyStructure instance that is associated by this association to the SUPAPolicyTarget instance referenced by the supa-has-policy-target-detail-part-ptr leaf of this grouping."; } leaf supa-has-policy-target-detail-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-TARGET-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicyTarget instance end point of the association represented by this instance of the SUPAHasPolicyTarget association [1]. The grouping supa-has-policy-target-detail represents the SUPAHasPolicyTargetDetail class. Thus, the instance identified by this leaf is the SUPAPolicyTarget instance that is associated by this association to the SUPAPolicyStructure instance referenced by the supa-has-policy-target-detail-agg-ptr leaf of this grouping."; } leaf supa-policy-target-is-authenticated { type boolean; description "If the value of this attribute is true, then this SUPAPolicyTarget object has been authenticated by a policy engine or application that is executing this particular SUPAPolicyStructure object."; } leaf supa-policy-target-is-enabled { type boolean; description "If the value of this attribute is true, then each SUPAPolicyTarget object that is referenced by this SUPAHasPolicyTarget aggregation is able to be used as a SUPAPolicyTarget by the SUPAPolicyStructure object that is referenced by this SUPAHasPolicyTarget aggregation. This means that this SUPAPolicyTarget has agreed to: 1) have SUPAPolicies applied to it, and 2) process (directly or with the aid of a proxy) one or more SUPAPolicies, or receive the results of a processed SUPAPolicy and apply those results to itself."; } } // grouping supa-has-policy-target-detail container supa-policy-target-detail-container { description "This is a container to collect all object instances of type SUPAPolicyTargetDetail."; list supa-policy-target-detail-list { key "supa-policy-ID"; description "This is a list of all supa-policy-target-detail objects."; uses supa-has-policy-target-detail; } // list supa-policy-target-detail-list } // container supa-policy-target-detail-container identity SUPA-HAS-POLICY-METADATA-ASSOC { base POLICY-METADATA-TYPE; description "The identity corresponding to a SUPAHasPolicyMetadata association class object instance."; } identity SUPA-HAS-POLICY-CLAUSE-ASSOC { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAHasPolicyClause association class object instance."; } grouping supa-has-policy-clause-detail { description "This is an association class, and defines the semantics of the SUPAHasPolicyClause association. The attributes and relationships of this class can be used to define which SUPAPolicyTarget objects can be used by which particular set of SUPAPolicyStructure objects. Every SUPAPolicyStructure instance MUST aggregate at least one SUPAPolicyClause instance. However, the converse is NOT true. For example, a SUPAPolicyStructure instance MUST aggregate at least one SUPAPolicyClause instance. However, a SUPAPolicyClause object could be instantiated and then stored for later use in a policy repository."; uses supa-policy-object-type { refine } leaf-list supa-has-policy-clause-detail-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-STRUCTURE-TYPE')"; description "This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyStructure class end point of the association represented by this instance of the SUPAHasPolicyClause association [1]. The grouping supa-has-policy-clause-detail represents the SUPAHasPolicyClauseDetail association class. Thus, the instance identified by this leaf is the SUPAPolicyStructure instance that is associated by this association to the set of SUPAPolicyClause instances referenced by the supa-has-policy-clause-detail-part-ptr leaf of this grouping."; } leaf supa-has-policy-clause-detail-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-CLAUSE-TYPE')"; description "This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyClause class end point of the association represented by this instance of the SUPAHasPolicyClause association [1]. The grouping supa-has-policy-clause-detail represents the SUPAHasPolicyClauseDetail association class. Thus, the instance identified by this leaf is the SUPAPolicyClause instance that is associated by this association to the set of SUPAPolicyStructure instances referenced by the supa-has-policy-clause-detail-agg-ptr leaf of this grouping."; } } // grouping supa-has-policy-clause-detail container supa-policy-clause-detail-container { description "This is a container to collect all object instances of type SUPAPolicyClauseDetail."; list supa-policy-clause-detail-list { key "supa-policy-ID"; description "This is a list of all supa-policy-clause-detail objects."; uses supa-has-policy-clause-detail; } // list supa-policy-clause-detail-list } // container supa-policy-clause-detail-container identity SUPA-HAS-POLICY-EXEC-ACTION-ASSOC { base POLICY-OBJECT-TYPE; description "The identity corresponding to a SUPAHasPolExecFailActionToTake association class object instance."; } grouping supa-has-policy-exec-action-detail { description "This is an association class, and defines the semantics of the SUPAHasPolExecFailTakeAction association. The attributes and relationships of this class can be used to determine which SUPAPolicyAction objects are executed in response to a failure of the SUPAPolicyStructure object instance that owns this association."; uses supa-policy-object-type { refine } leaf supa-has-exec-fail-action-detail-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-STRUCTURE-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolExecFailActionToTake association [1] that was executing a SUPAPolicy. This SUPAPolicyStructure is referred to as the 'parent' SUPAPolicyStructure instance, while the other instance end point of this association is called the 'child' SUPAPolicyStructure. The grouping supa-policy-structure-type represents the SUPAPolicyStructure class. Thus, the instance identified by this leaf is the parent SUPAPolicyStructure instance that is associated by this association to the child SUPAPolicyStructure instance referenced by the supa-has-exec-fail-action-detail-part-ptr leaf of this grouping."; } leaf supa-has-exec-fail-action-detail-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-STRUCTURE-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolExecFailActionToTake association [1] that was NOT currently executing a SUPAPolicy. This SUPAPolicyStructure is referred to as the 'child' SUPAPolicyStructure instance, while the other instance end point of this association is called the 'parent' SUPAPolicyStructure. The grouping supa-policy-structure-type represents the SUPAPolicyStructure class. Thus, the instance identified by this leaf is the child SUPAPolicyStructure instance that is associated by this association to the child SUPAPolicyStructure instance referenced by the supa-has-exec-fail-action-detail-part-ptr leaf of this grouping."; } leaf-list supa-policy-exec-fail-take-action-name { type string; description "This is a list that contains the set of names for SUPAPolicyActions to use if the SUPAPolicyStructure object that owns this association failed to execute properly. This association defines a set of child SUPAPolicyStructure objects to use if this (the parent) SUPAPolicyStructure object fails to execute correctly. Each child SUPAPolicyStructure object has one or more SUPAPolicyActions; this attribute defines the name(s) of each SUPAPolicyAction in each child SUPAPolicyStructure that should be used to try and remediate the failure."; } } // grouping supa-has-policy-exec-action-detail container supa-policy-exec-fail-take-action-detail-container { description "This is a container to collect all object instances of type SUPAPolExecFailActionToTakeDetail."; list supa-policy-exec-fail-take-action-detail-list { key "supa-policy-ID"; description "This is a list of all supa-has-policy-exec-action-detail objects."; uses supa-has-policy-exec-action-detail; } // list supa-policy-exec-fail-take-action-detail-list } // container supa-policy-exec-fail-take-action-detail-container identity SUPA-HAS-POLICY-METADATA-DECORATOR-DETAIL-ASSOC { base POLICY-METADATA-TYPE; description "The identity corresponding to a SUPAHasMetadataDecoratorDetail association class object instance."; } grouping supa-has-policy-metadata-dec-detail { description "This is an association class, and defines the semantics of the SUPAHasMetadataDecorator association. The attributes and relationships of this class can be used to define which concrete subclasses of the SUPAPolicyMetadataDecorator class can be used to wrap which concrete subclasses of the SUPAPolicyMetadata class."; uses supa-policy-metadata-type { refine } leaf supa-has-policy-metadata-detail-dec-agg-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-METADATA-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicyMetadataDecorator instance end point of the association represented by this instance of the SUPAHasMetadataDecorator association [1]. The grouping supa-has-policy-metadata-detail represents the SUPAHasMetadataDecoratorDetail association class. Thus, the instance identified by this leaf is the SUPAPolicyMetadataDecorator instance that is associated by this association to the set of SUPAPolicyMetadata instances referenced by the supa-has-policy-metadata-detail-dec-part-ptr leaf of this grouping."; } leaf supa-has-policy-metadata-detail-dec-part-ptr { type instance-identifier; must "derived-from-or-self (deref(.)/entity-class, 'POLICY-METADATA-TYPE')"; description "This leaf is an instance-identifier that references a SUPAPolicyMetadata instance end point of the association represented by this instance of the SUPAHasMetadataDecorator association [1]. The grouping supa-has-policy-metadata-detail represents the SUPAHasMetadataDecoratorDetail association class. Thus, the instance identified by this leaf is the SUPAPolicyMetadata instance that is associated by this association to the set of SUPAPolicyMetadataDecorator instances referenced by the supa-has-policy-metadata-detail-dec-agg-ptr leaf of this grouping."; } } // grouping supa-has-policy-metadata-dec-detail container supa-policy-metadata-decorator-detail-container { description "This is a container to collect all object instances of type SUPAHasMetadaDecoratorDetail."; list supa-policy-metadata-decorator-detail-list { key "supa-policy-metadata-id"; description "This is a list of all supa-policy-metadata-detail objects."; uses supa-has-policy-metadata-dec-detail; } // list supa-policy-metadata-decorator-detail-list } // container supa-policy-metadata-decorator-detail-container } // module ietf-supa-policy
Summary
| Organization | IETF |
| Module | ietf-supa-policy |
| Version | 2017-06-16 |
| File | ietf-supa-policy@2017-06-16.yang |
| Prefix | supa-pdm |
| Namespace | urn:ietf:params:xml:ns:yang:ietf-supa-policy |
| Cooked | /cookedmodules/ietf-supa-policy/2017-06-16 |
| YANG | /src/ietf-supa-policy@2017-06-16.yang |
| XSD | /xsd/ietf-supa-policy@2017-06-16.xsd |
| Abstract | This module defines a data model for generic high level definition of policies to be applied to a network. This module is deri... |
| Contact | Editor: Joel Halpern email: jmh@joelhalpern.com; Editor: John Strassner email: strazpdj@gmail.com; |
Description
This module defines a data model for generic high level definition of policies to be applied to a network. This module is derived from, and aligns with, draft-ietf-supa-generic-policy-info-model-03. Details on all classes, associations, and attributes can be found there. Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). |
Groupings
| Grouping | Objects | Abstract |
| supa-encoded-clause-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-deploy-status supa-has-policy-clause-part-ptr supa-policy-clause-has-decorator-agg-ptrsupa-encoded-clause-content supa-encoded-clause-language | This class refines the behavior of the supa-policy-clause by encoding the contents of the clause into the attributes of this object. This enables clauses that are not based on other SUPA objects to be modeled. For example, a POLICY Application could defin... |
| supa-has-decorator-policy-component-detail | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-component-decorator-agg-ptr supa-has-policy-component-decorator-part-ptr supa-has-decorator-constraint supa-has-decorator-constraint-encoding | This is a concrete association class that defines the semantics of the SUPAHasDecoratedPolicyComponent association. The purpose of this class is to use the Decorator pattern [1] to detemine which SUPAPolicyComponentDecorator object instances, if any, are ... |
| supa-has-policy-clause-detail | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-clause-detail-agg-ptr supa-has-policy-clause-detail-part-ptr | This is an association class, and defines the semantics of the SUPAHasPolicyClause association. The attributes and relationships of this class can be used to define which SUPAPolicyTarget objects can be used by which particular set of SUPAPolicyStructure ... |
| supa-has-policy-exec-action-detail | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-exec-fail-action-detail-agg-ptr supa-has-exec-fail-action-detail-part-ptr supa-policy-exec-fail-take-action-name | This is an association class, and defines the semantics of the SUPAHasPolExecFailTakeAction association. The attributes and relationships of this class can be used to determine which SUPAPolicyAction objects are executed in response to a failure of the SU... |
| supa-has-policy-metadata-dec-detail | entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptrsupa-has-policy-metadata-detail-dec-agg-ptr supa-has-policy-metadata-detail-dec-part-ptr | This is an association class, and defines the semantics of the SUPAHasMetadataDecorator association. The attributes and relationships of this class can be used to define which concrete subclasses of the SUPAPolicyMetadataDecorator class can be used to wra... |
| supa-has-policy-metadata-detail | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-metadata-detail-agg-ptr supa-has-policy-metadata-detail-part-ptr supa-policy-metadata-detail-is-applicable supa-policy-metadata-detail-constraint supa-policy-metadata-detail-constraint-encoding | This is a concrete association class that defines the semantics of the SUPAHasPolicyMetadata association. This enables the attributes and relationships of the SUPAHasPolicyMetadataDetail class to be used to constrain which SUPAPolicyMetadata objects can b... |
| supa-has-policy-source-detail | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-source-detail-agg-ptr supa-has-policy-source-detail-part-ptr supa-policy-source-is-authenticated supa-policy-source-is-trusted | This is an association class, and defines the semantics of the SUPAHasPolicySource association. The attributes and relationships of this class can be used to define which SUPAPolicySource objects can be attached to which particular set of SUPAPolicyStruct... |
| supa-has-policy-target-detail | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-target-detail-agg-ptr supa-has-policy-target-detail-part-ptr supa-policy-target-is-authenticated supa-policy-target-is-enabled | This is an association class, and defines the semantics of the SUPAHasPolicyTarget association. The attributes and relationships of this class can be used to define which SUPAPolicyTarget objects can be attached to which particular set of SUPAPolicyStruct... |
| supa-policy-clause-component-decorator-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding | This object implements the Decorator pattern [1], which enables all or part of one or more concrete objects to wrap another concrete object. The set of decorated objects is then wrapped by a concrete subclass of the SUPAPolicyClause object, which enables ... |
| supa-policy-clause-has-decorator-detail | supa-policy-clause-has-decorator-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-pol-clause-dec-constraint supa-pol-clause-dec-constraint-encoding | This is a concrete association class that defines the semantics of the SUPAPolicyClauseHasDecorator aggregation. |
| supa-policy-clause-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-policy-clause-deploy-status supa-has-policy-clause-part-ptr supa-policy-clause-has-decorator-agg-ptr | The parent class for all SUPA Policy Clauses. A SUPAPolicyClause is a fundamental building block for creating SUPA Policies. A SUPAPolicy is a set of statements, and a SUPAPolicyClause can be thought of as all or part of a statement. The Decorator pattern... |
| supa-policy-component-decorator-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encodingsupa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding | This object implements the Decorator pattern [1], which enables all or part of one or more concrete objects of the SUPAPolicyClauseComponentDecorator class to create a set of wrapped objects that are in turn aggregated by a SUPAPolicyClause object. This e... |
| supa-policy-component-structure-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr | This represents the SUPAPolicyComponent class [1], which is the superclass for all objects that represent different components of a Policy. Important subclasses include the SUPAPolicyClause and the SUPAPolicyClauseComponentDecorator. SUPAPolicyClause is u... |
| supa-policy-concrete-metadata-type | entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptrsupa-policy-metadata-valid-period-end supa-policy-metadata-valid-period-start | This is a concrete class that will be wrapped by concrete instances of the SUPA Policy Metadata Decorator class. It can be viewed as a container for metadata that will be attached to a subclass of SUPA Policy Object. It may contain all or part of one or m... |
| supa-policy-generic-decorated-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encodingsupa-policy-generic-decorated-content supa-policy-generic-decorated-encoding | This class enables a generic object to be defined and used as a decorator in a SUPA Policy Clause. This class should not be confused with the SUPAEncodedClause class. A SUPAGenericDecoratedComponent object represents a single, atomic object that defines a... |
| supa-policy-metadata-decorator-access-type | entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptr supa-has-policy-metadata-dec-agg-ptrsupa-policy-metadata-access-priv-def supa-policy-metadata-access-priv-model-name supa-policy-metadata-access-priv-model-ref | This is a concrete class that defines metadata for access control information that can be added to any SUPAPolicyObject object instance. This is done using the SUPAHasPolicyMetadata association in conjunction with the Decorator pattern [1]. |
| supa-policy-metadata-decorator-type | entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptrsupa-has-policy-metadata-dec-agg-ptr | This object implements the Decorator pattern [1] for all SUPA metadata objects. This enables all or part of one or more metadata objects to wrap another concrete metadata object. The only concrete subclass of SUPAPolicyMetadata in this document is SUPAPol... |
| supa-policy-metadata-decorator-version-type | entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptr supa-has-policy-metadata-dec-agg-ptrsupa-policy-metadata-version-major supa-policy-metadata-version-minor supa-policy-metadata-version-patch supa-policy-metadata-version-prerelease supa-policy-metadata-version-build | This is a concrete class that defines metadata for version control information that can be added to any SUPAPolicyObject. This is done using the SUPAHasPolicyMetadata association. This class uses the Semantic Versioning Specification [6] as follows: <ma... |
| supa-policy-metadata-type | entity-class supa-policy-metadata-id supa-policy-metadata-description supa-policy-metadata-name supa-has-policy-metadata-part-ptr supa-has-policy-metadata-dec-part-ptr | This is the superclass of all metadata classes. Metadata is information that describes and/or prescribes the characteristics and behavior of another object that is not an inherent, distinguishing characteristics or behavior of that object. |
| supa-policy-object-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr | This represents the SUPAPolicyObject [1] class. It is the superclass for all SUPA Policy objects (i.e., all objects that are either Policies or components of Policies). Note that SUPA Policy Metadata objects are NOT subclassed from this class; they are in... |
| supa-policy-operator-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding supa-policy-term-is-negatedsupa-policy-value-op-type | This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyT... |
| supa-policy-source-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-source-part-ptr | This object defines a set of managed entities that authored, or are otherwise responsible for, this SUPAPolicy. Note that a SUPAPolicySource does NOT evaluate or execute SUPAPolicies. Its primary use is for auditability and the implementation of deontic l... |
| supa-policy-structure-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-policy-admin-status supa-policy-continuum-level supa-policy-deploy-status supa-policy-exec-fail-strategy supa-has-policy-source-agg-ptr supa-has-policy-target-agg-ptr supa-has-policy-clause-agg-ptr supa-has-policy-exec-fail-action-agg-ptr supa-has-policy-exec-fail-action-part-ptr | A superclass for all objects that represent different types of SUPAPolicies. Currently, this is limited to a single type, which is the event-condition-action (ECA) Policy Rule. A SUPA Policy may be an individual policy, or a set of policies. Subclasses MA... |
| supa-policy-target-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptrsupa-has-policy-target-part-ptr | This object defines a set of managed entities that a SUPAPolicy is applied to. It is expected that this grouping will be extended (i.e., subclassed) when used, so that the system can add specific information appropriate to policy targets of that particul... |
| supa-policy-term-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encodingsupa-policy-term-is-negated | This is the superclass of all SUPA policy objects that are used to test or set the value of a variable. It does this by defining a {variable-operator-value} three-tuple, where each element of the three-tuple is defined by a concrete subclass of the approp... |
| supa-policy-value-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding supa-policy-term-is-negatedsupa-policy-value-content supa-policy-value-encoding | This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyT... |
| supa-policy-variable-type | entity-class supa-policy-ID supa-policy-name supa-policy-object-description supa-has-policy-metadata-agg-ptr supa-policy-clause-has-decorator-part-ptr supa-has-decorated-policy-component-part-ptr supa-pol-clause-constraint supa-pol-clause-constraint-encoding supa-has-decorated-policy-component-agg-ptr supa-pol-comp-constraint supa-pol-comp-constraint-encoding supa-policy-term-is-negatedsupa-policy-variable-name | This is one formulation of a SUPA Policy Clause. It uses the canonical form of an expression, which is a three-tuple in the form {variable, operator, value}. In this approach, each of the three terms can either be a subclass of the appropriate SUPAPolicyT... |
Objects
| Type Key |
| Mandatory config |
| Optional config |
| Not config |
| Object | Type | Abstract |
| supa-encoding-clause-container | container | This is a container to collect all object instances of type SUPAEncodedClause. |
| supa-encoding-clause-list | list | A list of all instances of supa-encoding-clause-type. If a module defines subclasses of the encoding clause, those will be stored in a separate container. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-encoded-clause-content | leaf | This defines the content of this SUPAEncodedClause. Since the target is YANG, the supaEncodedClauseEncoding attribute is NOT required, and therefore, not mapped. |
| supa-encoded-clause-language | leaf | Indicates the language used for this SUPAEncodedClause object instance. Prescriptive and/or descriptive information about the usage of this SUPAEncodedClause may be provided by one or more SUPAPolicyMetadata objects, which are each attached to the object ... |
| supa-has-policy-clause-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyClause aggregation [1], and is represented by the grouping supa-has-policy-clause-detail. This aggregation describes how each SUPAPolicyClause instance is related to this particular S... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-policy-clause-deploy-status | leaf | This defines whether this SUPAPolicy has been deployed and, if so, whether it is enabled and ready to be used or not. |
| supa-policy-clause-has-decorator-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClause object instance is de... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-clause-detail-container | container | This is a container to collect all object instances of type SUPAPolicyClauseDetail. |
| supa-policy-clause-detail-list | list | This is a list of all supa-policy-clause-detail objects. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-clause-detail-agg-ptr | leaf-list | This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyStructure class end point of the association represented by this instance of the SUPAHasPolicyClause association [1]. The grouping supa-has-policy-clause-detail repre... |
| supa-has-policy-clause-detail-part-ptr | leaf | This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyClause class end point of the association represented by this instance of the SUPAHasPolicyClause association [1]. The grouping supa-has-policy-clause-detail represen... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-clause-has-decorator-detail-container | container | This is a container to collect all object instances of type SUPAPolicyClauseHasDecoratorDetail. |
| supa-policy-component-decorator-detail-list | list | This is a list of all supa-policy-component-decorator-details. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-decorator-constraint | leaf-list | A constraint expression applying to this association between a SUPAPolicyClauseComponentDecorator and any components that decorate it. The supa-has-decorator-constraint-encoding attribute specifies the language used to write the set of constraint expressi... |
| supa-has-decorator-constraint-encoding | leaf | The language in which the constraints on the SUPAHasDecoratedPolicyComponent aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-has-policy-component-decorator-agg-ptr | leaf | This leaf is an instance-identifier that references the SUPAPolicyComponentDecorator instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t... |
| supa-has-policy-component-decorator-part-ptr | leaf | This leaf is an instance-identifier that references the SUPAPolicyComponentStructure instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-component-decorator-detail-container | container | This is a container to collect all object instances of type SUPAPolicyComponentDecoratorDetail. |
| supa-policy-component-decorator-detail-list | list | This is a list of all supa-policy-component-decorator-details. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-decorator-constraint | leaf-list | A constraint expression applying to this association between a SUPAPolicyClauseComponentDecorator and any components that decorate it. The supa-has-decorator-constraint-encoding attribute specifies the language used to write the set of constraint expressi... |
| supa-has-decorator-constraint-encoding | leaf | The language in which the constraints on the SUPAHasDecoratedPolicyComponent aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-has-policy-component-decorator-agg-ptr | leaf | This leaf is an instance-identifier that references the SUPAPolicyComponentDecorator instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t... |
| supa-has-policy-component-decorator-part-ptr | leaf | This leaf is an instance-identifier that references the SUPAPolicyComponentStructure instance end point of the association represented by this instance of the SUPAHasDecoratedPolicyComponent association [1]. The groupings supa-policy-component-decorator-t... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-concrete-metadata-container | container | This is a container to collect all object instances of type SUPAPolicyConcreteMetadata. |
| supa-policy-concrete-metadata-list | list | A list of all supa-policy-metadata instances in the system. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-dec-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w... |
| supa-has-policy-metadata-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres... |
| supa-policy-metadata-description | leaf | This contains a free-form textual description of this metadata object (e.g., what it may be used for). |
| supa-policy-metadata-id | leaf | This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP... |
| supa-policy-metadata-name | leaf | This contains a human-readable name for this metadata object. |
| supa-policy-metadata-valid-period-end | leaf | This defines the ending date and time that this metadata object is valid for. |
| supa-policy-metadata-valid-period-start | leaf | This defines the starting date and time that this metadata object is valid for. |
| supa-policy-exec-fail-take-action-detail-container | container | This is a container to collect all object instances of type SUPAPolExecFailActionToTakeDetail. |
| supa-policy-exec-fail-take-action-detail-list | list | This is a list of all supa-has-policy-exec-action-detail objects. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-exec-fail-action-detail-agg-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolExecFailActionToTake association [1] that was executing a SUPAPolicy. This SUPAPolicyStructure is... |
| supa-has-exec-fail-action-detail-part-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolExecFailActionToTake association [1] that was NOT currently executing a SUPAPolicy. This SUPAPoli... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-policy-exec-fail-take-action-name | leaf-list | This is a list that contains the set of names for SUPAPolicyActions to use if the SUPAPolicyStructure object that owns this association failed to execute properly. This association defines a set of child SUPAPolicyStructure objects to use if this (the par... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-generic-decorated-container | container | This is a container to collect all object instances of type SUPAGenericDecoratedComponent. |
| supa-encoding-clause-list | list | List of all instances of supa-policy-generic-decorated-type. If a module defines subclasses of this class, those will be stored in a separate container. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-decorated-policy-component-agg-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc... |
| supa-has-decorated-policy-component-part-ptr | leaf | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-pol-clause-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ... |
| supa-pol-clause-constraint-encoding | leaf | The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-pol-comp-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object... |
| supa-pol-comp-constraint-encoding | leaf | The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-policy-clause-has-decorator-part-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object... |
| supa-policy-generic-decorated-content | leaf-list | The content of this SUPAGenericDecoratedComponent object instance. The data type of this attribute is specified in the leaf supa-policy-generic-decorated-encoding. |
| supa-policy-generic-decorated-encoding | leaf | The datatype of the supa-policy-generic-decorated-content attribute. |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-metadata-decorator-access-container | container | This is a container to collect all object instances of type SUPAPolicyAccessMetadataDef. |
| supa-policy-metadata-decorator-access-list | list | A list of all supa-policy-metadata-decorator-access instances in the system. Instances of subclasses will be in a separate list. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-dec-agg-ptr | leaf | This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w... |
| supa-has-policy-metadata-dec-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w... |
| supa-has-policy-metadata-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres... |
| supa-policy-metadata-description | leaf | This contains a free-form textual description of this metadata object (e.g., what it may be used for). |
| supa-policy-metadata-id | leaf | This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP... |
| supa-policy-metadata-name | leaf | This contains a human-readable name for this metadata object. |
| supa-policy-metadata-decorator-detail-container | container | This is a container to collect all object instances of type SUPAHasMetadaDecoratorDetail. |
| supa-policy-metadata-decorator-detail-list | list | This is a list of all supa-policy-metadata-detail objects. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-dec-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w... |
| supa-has-policy-metadata-detail-dec-agg-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicyMetadataDecorator instance end point of the association represented by this instance of the SUPAHasMetadataDecorator association [1]. The grouping supa-has-policy-metadata-detail represents t... |
| supa-has-policy-metadata-detail-dec-part-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicyMetadata instance end point of the association represented by this instance of the SUPAHasMetadataDecorator association [1]. The grouping supa-has-policy-metadata-detail represents the SUPAHa... |
| supa-has-policy-metadata-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres... |
| supa-policy-metadata-description | leaf | This contains a free-form textual description of this metadata object (e.g., what it may be used for). |
| supa-policy-metadata-id | leaf | This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP... |
| supa-policy-metadata-name | leaf | This contains a human-readable name for this metadata object. |
| supa-policy-metadata-decorator-version-container | container | This is a container to collect all object instances of type SUPAPolicyVersionMetadataDef. |
| supa-policy-metadata-decorator-version-list | list | A list of all supa-policy-metadata-decorator-version instances in the system. Instances of subclasses will be in a separate list. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-dec-agg-ptr | leaf | This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w... |
| supa-has-policy-metadata-dec-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasMetadaDecorator association [1]. This association is represented by the grouping supa-has-policy-metadata-dec-detail. This association describes how a SUPAPolicyMetadataDecorator instance w... |
| supa-has-policy-metadata-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1], which is represented by the grouping supa-has-policy-metadata-detail. Each instance- identifier defines a unique set of information that describe and/or pres... |
| supa-policy-metadata-description | leaf | This contains a free-form textual description of this metadata object (e.g., what it may be used for). |
| supa-policy-metadata-id | leaf | This represents the object identifier of an instance of this class. This attribute is named supaPolMetadataIDContent in [1], and is used with another attribute (supaPolMetadataIDEncoding); since the YANG data model does not need this genericity, the supaP... |
| supa-policy-metadata-name | leaf | This contains a human-readable name for this metadata object. |
| supa-policy-metadata-detail-container | container | This is a container to collect all object instances of type SUPAPolicyMetadataDetail. |
| supa-policy-metadata-detail-list | list | This is a list of all supa-policy-metadata-detail instances in the system. Instances of subclasses will be in a separate list. Note that this association class is made concrete for exemplary purposes. To be useful, it almost certainly needs refinement. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-has-policy-metadata-detail-agg-ptr | leaf | This leaf is an instance-identifier that references a concrete subclass of the SUPAPolicyObject instance end point of the aggregation represented by this instance of the SUPAHasPolicyMetadata aggregation [1]. The groupings supa-policy-object-type and supa... |
| supa-has-policy-metadata-detail-part-ptr | leaf | This leaf is an instance-identifier that references the SUPAPolicyMetadata instance end point of the aggregation represented by this instance of the SUPAHasPolicyMetadata aggregation [1]. The groupings supa-policy-object-type and supa-policy-metadata-type... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-metadata-detail-constraint | leaf-list | A list of constraints, expressed as strings, in the language defined by the supa-policy-metadata-detail-encoding attribute. If there are no constraints on using this SUPAPolicyMetadata object with this particular SUPAPolicyObject object, then this leaf-l... |
| supa-policy-metadata-detail-constraint-encoding | leaf | The language in which the constraints on the SUPAHasPolicyMetadata aggregation is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-policy-metadata-detail-is-applicable | leaf | This attribute controls whether the associated metadata is currently considered applicable to this SUPAPolicyObject; this enables metadata to be turned on and off when needed without disturbing the structure of the object that the metadata applies to, or ... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-operator-container | container | This is a container to collect all object instances of type SUPAPolicyOperator. |
| supa-policy-operator-list | list | List of all instances of supa-policy-operator-type. If a module defines subclasses of this class, those will be stored in a separate container. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-decorated-policy-component-agg-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc... |
| supa-has-decorated-policy-component-part-ptr | leaf | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-pol-clause-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ... |
| supa-pol-clause-constraint-encoding | leaf | The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-pol-comp-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object... |
| supa-pol-comp-constraint-encoding | leaf | The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-policy-clause-has-decorator-part-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-term-is-negated | leaf | If the value of this attribute is true, then this particular term is negated. |
| supa-policy-value-op-type | leaf | The type of operator used to compare the variable and value portions of this SUPAPolicyTerm. |
| supa-policy-source-container | container | This is a container to collect all object instances of type SUPAPolicySource. |
| supa-policy-source-list | list | A list of all supa-policy-source instances in the system. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-has-policy-source-part-ptr | leaf-list | This leaf-list holds the instance-identifiers that reference a SUPAHasPolicySource association [1], which is represented by the supa-has-policy-source-detail grouping. This association describes how each SUPAPolicySource instance is related to this partic... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-source-detail-container | container | This is a container to collect all object instances of type SUPAPolicySourceDetail. |
| supa-policy-source-detail-list | list | This is a list of all supa-policy-source-detail objects. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-has-policy-source-detail-agg-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolicySource association [1]. The grouping supa-has-policy-source-detail represents the SUPAHasPolic... |
| supa-has-policy-source-detail-part-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicySource instance end point of the association represented by this instance of the SUPAHasPolicySource association [1]. The grouping supa-has-policy-source-detail represents the SUPAHasPolicySo... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-source-is-authenticated | leaf | If the value of this attribute is true, then this SUPAPolicySource object has been authenticated by a policy engine or application that is executing this particular SUPAPolicyStructure object. |
| supa-policy-source-is-trusted | leaf | If the value of this attribute is true, then this SUPAPolicySource object has been verified to be trusted by a policy engine or application that is executing this particular SUPAPolicyStructure object. |
| supa-policy-target-container | container | This is a container to collect all object instances of type SUPAPolicyTarget. |
| supa-policy-target-list | list | A list of all supa-policy-target instances in the system. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-has-policy-target-part-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyTarget association. This is represented by the supa-has-policy-target-detail grouping. This association describes how each SUPAPolicyTarget instance is related to a particular SUPAPol... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-target-detail-container | container | This is a container to collect all object instances of type SUPAPolicyTargetDetail. |
| supa-policy-target-detail-list | list | This is a list of all supa-policy-target-detail objects. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-has-policy-target-detail-agg-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicyStructure instance end point of the association represented by this instance of the SUPAHasPolicyTarget association [1]. The grouping supa-has-policy-target-detail represents the SUPAHasPolic... |
| supa-has-policy-target-detail-part-ptr | leaf | This leaf is an instance-identifier that references a SUPAPolicyTarget instance end point of the association represented by this instance of the SUPAHasPolicyTarget association [1]. The grouping supa-has-policy-target-detail represents the SUPAHasPolicyTa... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-target-is-authenticated | leaf | If the value of this attribute is true, then this SUPAPolicyTarget object has been authenticated by a policy engine or application that is executing this particular SUPAPolicyStructure object. |
| supa-policy-target-is-enabled | leaf | If the value of this attribute is true, then each SUPAPolicyTarget object that is referenced by this SUPAHasPolicyTarget aggregation is able to be used as a SUPAPolicyTarget by the SUPAPolicyStructure object that is referenced by this SUPAHasPolicyTarget ... |
| supa-policy-value-container | container | This is a container to collect all object instances of type SUPAPolicyValue. |
| supa-policy-value-list | list | List of all instances of supa-policy-value-type. If a module defines subclasses of this class, those will be stored in a separate container. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-decorated-policy-component-agg-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc... |
| supa-has-decorated-policy-component-part-ptr | leaf | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-pol-clause-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ... |
| supa-pol-clause-constraint-encoding | leaf | The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-pol-comp-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object... |
| supa-pol-comp-constraint-encoding | leaf | The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-policy-clause-has-decorator-part-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-term-is-negated | leaf | If the value of this attribute is true, then this particular term is negated. |
| supa-policy-value-content | leaf-list | The content of the value portion of this SUPA Policy Clause. The data type of the content is specified in the supa-policy-value-encoding attribute. |
| supa-policy-value-encoding | leaf | The data type of the supa-policy-value-content attribute. |
| supa-policy-variable-container | container | This is a container to collect all object instances of type SUPAPolicyVariable. |
| supa-policy-variable-list | list | List of all instances of supa-policy-variable-type. If a module defines subclasses of this class, those will be stored in a separate container. |
| entity-class | leaf | The identifier of the class of this grouping. |
| supa-has-decorated-policy-component-agg-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyComponentDecorator instanc... |
| supa-has-decorated-policy-component-part-ptr | leaf | This leaf holds instance-identifiers that reference a SUPAHasDecoratedPolicyComponent aggregation [1], and is represented by the grouping supa-has-decorated-policy-component-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator i... |
| supa-has-policy-metadata-agg-ptr | leaf-list | This leaf-list holds instance-identifiers that reference a SUPAHasPolicyMetadata association [1]. This association is represented by the grouping supa-has-policy-metadata-detail. This association describes how each SUPAPolicyMetadata instance is related t... |
| supa-pol-clause-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClause object instance that is ... |
| supa-pol-clause-constraint-encoding | leaf | The language in which the constraints on the SUPAPolicyClauseComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-pol-comp-constraint | leaf-list | This is a set of constraint expressions that are applied to this decorator object instance. These constraints restrict the semantics of this object instance, and hence, restrict how these objects interact with the SUPAPolicyClauseComponentDecorator object... |
| supa-pol-comp-constraint-encoding | leaf | The language in which constraints on the SUPAPolicyComponentDecorator is expressed. Examples include OCL 2.4 [2], Alloy [3], and English text. |
| supa-policy-clause-has-decorator-part-ptr | leaf-list | This leaf holds instance-identifiers that reference a SUPAPolicyClauseHasDecorator aggregation, [1], and is represented by the grouping supa-policy-clause-has-decorator-detail. This aggregation describes how each SUPAPolicyClauseComponentDecorator object... |
| supa-policy-ID | leaf | The string identifier of this policy object, which functions as the unique object identifier of this object instance. This attribute MUST be unique within the policy system. This attribute is named supaPolObjIDContent in [1], and is used with the supaPolO... |
| supa-policy-name | leaf | A human-readable name for this policy object. Note that this is NOT the object ID. |
| supa-policy-object-description | leaf | A human-readable description of the characteristics and behavior of this policy object. |
| supa-policy-term-is-negated | leaf | If the value of this attribute is true, then this particular term is negated. |
| supa-policy-variable-name | leaf | A human-readable name for this policy variable. |