Intended use of SAStaticAction Class

["Casey Carr" <caseycarr@xxxxxxx>]

I would like some guidance on the intended use of SAStaticAction classes.
The intended use of these classes does not appear to be as well described in
"draft-ietf-ipsp-config-policy-model-01.txt" as the SANegotiatedAction
classes.

My question is with regard to the SAStaticAction classes associated with
SARule classes.  The IPSecRule and IKERule are explicitly shown as
composited associations contained by the IPSecPolicyGroup.  That is to say
that instances of the SANegotiatedRule class can be contained in one and
only one PolicyGroup.  However, there is no equivalent class for static
rules (i.e. SAStaticRule).  Therefore, to associated a Rule with an
SAStaticAction we must rely on the more generic PolicyRule.  This
association does not explicitly state that a PolicyRule can be with one and
only one PolicyGroup.

If I we are to implement this model as stated, I believe I am required to
allow PolicyRules to be associated with more than one PolicyGroup.  I would
be required to do this just to support associations of SAStaticAction
classes with rules.  This seems to be exactly opposite what was intended for
the SANegotiatedRules.  Is this the intent or am I missing something?

I would propose the following relationship be added to the model.  This
seems to me more in line with the intended associations between SARule
classes and IPSecPolicyGroup classes.  I added the SAStaticRule class and a
composite association with IPSecPolicyGroup.

Thanks for your consideration.

Casey





Shop Safely Online Without a Credit Card
http://www.rocketcash.com