**Session Date/Time:** 30 Mar 2023 04:00 # i2nsf ## Summary This was the final i2nsf working group meeting. The agenda included updates on several drafts, including the capability data model, NSF facing interface, and end monitoring data model. Presentations covered recent hackathon work, updates to consumer facing and registration interfaces, security policy translation guidelines, an analytics interface, and a controller facing interface. The group discussed the status of documents in IESG review and potential paths for further work on remaining drafts, including independent submissions or adoption by other working groups. ## Key Discussion Points * **Hackathon Report:** A team from Kingston University presented their hackathon project, focusing on implementing the latest versions of the consumer facing interface and registration interface YANG models. They demonstrated a proof-of-concept for several use cases, including time-based firewalls and URL filtering. The team switched the roles of netconf client/server between the security controller and DMS and added a query interface. * **Consumer Facing and Registration Interface Updates:** Updates were presented, including adding a profile for antivirus configuration (allow/deny lists) and clarifying how to handle negative offset values. Revisions also simplified the architecture, using a method to query for the device management system (DMS). * **Security Policy Translation Guidelines:** A guideline document was presented outlining the relationship between high-level consumer facing interface policies and low-level NSF interface models. Updates included new guidelines for antivirus mapping and handling geographic location using country and city instead of a single name. The document proposed as an informational draft, intended to aid developers in translating between policy levels. * **Analytics Interface YANG Model:** A new interface was presented for handling real-time situations, enabling closed-loop control and security management automation through analysis of monitoring data. The interface would provide configuration and feedback information, identifying problems and suggesting solutions for network security. * **Controller Facing Interface for Cross-Domain Security Policy Exchange:** An update on the controller-facing interface was presented, addressing information model improvements and updates to peer-to-peer and hierarchical use cases. The presentation highlighted a negotiation process to check security controller capabilities across domains before policy delivery. * **IESG Review:** Status of the consumer facing interface, the registration interface, and the end-to-end monitoring data model drafts were discussed. IESG review is scheduled for the second week of April. ## Decisions and Action Items * **Action Item:** Patrick to investigate the geolocation representation defined in the LISP working group for potential reference in the security policy translation document. * **Decision:** Security policy translation and analytics interface drafts were suggested to be submitted as independent submissions. * **Decision:** Advise the controller facing interface draft submitters to consult the sec dispatch list for guidance. ## Next Steps * Monitor IESG review of the consumer facing interface, the registration interface, and the end-to-end monitoring data model drafts. * Submit security policy translation and analytics interface drafts to the IETF as individual submissions or discuss adoption with appropriate working groups via Sec Dispatch. * Continue discussion on the i2nsf mailing list regarding drafts even after the working group closes.