Autonomic Networking Integrated Model and Approach (anima) Internet Drafts


      
 Constrained Bootstrapping Remote Secure Key Infrastructure (cBRSKI)
 
 draft-ietf-anima-constrained-voucher-25.txt
 Date: 08/07/2024
 Authors: Michael Richardson, Peter van der Stok, Panos Kampanakis, Esko Dijk
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
This document defines the Constrained Bootstrapping Remote Secure Key Infrastructure (cBRSKI) protocol, which provides a solution for secure zero-touch onboarding of resource-constrained (IoT) devices into the network of a domain owner. This protocol is designed for constrained networks, which may have limited data throughput or may experience frequent packet loss. cBRSKI is a variant of the BRSKI protocol, which uses an artifact signed by the device manufacturer called the "voucher" which enables a new device and the owner's network to mutually authenticate. While the BRSKI voucher data is encoded in JSON, cBRSKI uses a compact CBOR-encoded voucher. The BRSKI voucher data definition is extended with new data types that allow for smaller voucher sizes. The Enrollment over Secure Transport (EST) protocol, used in BRSKI, is replaced with EST-over- CoAPS; and HTTPS used in BRSKI is replaced with DTLS-secured CoAP (CoAPS). This document Updates RFC 8995 and RFC 9148.
 Information Distribution over GRASP
 
 draft-ietf-anima-grasp-distribution-12.txt
 Date: 11/12/2024
 Authors: Sheng Jiang, Bing Liu, Xun Xiao, Artur Hecker, Xiuli Zheng
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
This document specifies experimental extensions to the GRASP protocol to enable information distribution capabilities. The extension has two aspects: 1) new GRASP messages and options; 2) processing behaviors on the nodes. With these extensions, the GRASP would have following new capabilities which make it a sufficient tool for general information distribution: 1) Pub-Sub model of information processing; 2) one node can actively sending data to another, without GRASP negotiation procedures; 3) selective flooding mechanism to allow the ASAs control the flooding scope. This document updates RFC8990, the GeneRic Autonomic Signaling Protocol (GRASP)[RFC8990].
 BRSKI Cloud Registrar
 
 draft-ietf-anima-brski-cloud-11.txt
 Date: 15/10/2024
 Authors: Owen Friel, Rifaat Shekh-Yusef, Michael Richardson
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
Bootstrapping Remote Secure Key Infrastructures defines how to onboard a device securely into an operator maintained infrastructure. It assumes that there is local network infrastructure for the device to discover and help the device. This document extends the new device behavior so that if no local infrastructure is available, such as in a home or remote office, that the device can use a well-defined "call-home" mechanism to find the operator maintained infrastructure. This document defines how to contact a well-known Cloud Registrar, and two ways in which the new device may be redirected towards the operator maintained infrastructure. The Cloud Registrar enables discovery of the operator maintained infrastructure, and may enable establishment of trust with operator maintained infrastructure that does not support BRSKI mechanisms.
 JWS signed Voucher Artifacts for Bootstrapping Protocols
 
 draft-ietf-anima-jws-voucher-14.txt
 Date: 29/11/2024
 Authors: Thomas Werner, Michael Richardson
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
I-D.ietf-anima-rfc8366bis defines a digital artifact (known as a voucher) as a YANG-defined JSON document that is signed using a Cryptographic Message Syntax (CMS) structure. This document introduces a variant of the voucher artifact in which CMS is replaced by the JSON Object Signing and Encryption (JOSE) mechanism described in RFC7515 to support deployments in which JOSE is preferred over CMS. In addition to specifying the format, the "application/voucher- jws+json" media type is registered and examples are provided.
 BRSKI with Pledge in Responder Mode (BRSKI-PRM)
 
 draft-ietf-anima-brski-prm-15.txt
 Date: 26/08/2024
 Authors: Steffen Fries, Thomas Werner, Eliot Lear, Michael Richardson
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
This document defines enhancements to Bootstrapping a Remote Secure Key Infrastructure (BRSKI, RFC8995) to enable bootstrapping in domains featuring no or only limited connectivity between a pledge and the domain registrar. It specifically changes the interaction model from a pledge-initiated mode, as used in BRSKI, to a pledge- responding mode, where the pledge is in server role. For this, BRSKI with Pledge in Responder Mode (BRSKI-PRM) introduces new endpoints for the Domain Registrar and pledge, and a new component, the Registrar-Agent, which facilitates the communication between pledge and registrar during the bootstrapping phase. To establish the trust relation between pledge and registrar, BRSKI-PRM relies on object security rather than transport security. The approach defined here is agnostic to the enrollment protocol that connects the domain registrar to the Key Infrastructure (e.g., domain CA).
 A Voucher Artifact for Bootstrapping Protocols
 
 draft-ietf-anima-rfc8366bis-12.txt
 Date: 08/07/2024
 Authors: Kent Watsen, Michael Richardson, Max Pritikin, Toerless Eckert, Qiufang Ma
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
This document defines a strategy to securely assign a pledge to an owner using an artifact signed, directly or indirectly, by the pledge's manufacturer. This artifact is known as a "voucher". This document defines an artifact format as a YANG-defined JSON or CBOR document that has been signed using a variety of cryptographic systems. The voucher artifact is normally generated by the pledge's manufacturer (i.e., the Manufacturer Authorized Signing Authority (MASA)). This document updates RFC8366, merging a number of extensions into the YANG. The RFC8995 voucher request is also merged into this document.
 BRSKI-AE: Alternative Enrollment Protocols in BRSKI
 
 draft-ietf-anima-brski-ae-13.txt
 Date: 17/09/2024
 Authors: David von Oheimb, Steffen Fries, Hendrik Brockhaus
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
This document defines enhancements to the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol, known as BRSKI-AE (Alternative Enrollment). BRSKI-AE extends BRSKI to support certificate enrollment mechanisms instead of the originally specified use of EST. It supports certificate enrollment protocols, such as CMP, that use authenticated self-contained signed objects for certification messages, allowing for flexibility in network device onboarding scenarios. The enhancements address use cases where the existing enrollment mechanism may not be feasible or optimal, providing a framework for integrating suitable alternative enrollment protocols. This document also updates the BRSKI reference architecture to accommodate these alternative methods, ensuring secure and scalable deployment across a range of network environments.
 BRSKI discovery and variations
 
 draft-ietf-anima-brski-discovery-05.txt
 Date: 21/10/2024
 Authors: Toerless Eckert, Esko Dijk
 Working Group: Autonomic Networking Integrated Model and Approach (anima)
This document specifies how BRSKI entities, such as registrars, proxies, pledges or others that are acting as responders, can be discovered and selected by BRSKI entities acting as initiators, especially in the face of variations in the protocols that can introduce non-interoperability when not equally supported by both responder and initiator.


data-group-menu-data-url="/group/groupmenu.json">

Skip to main content

Autonomic Networking Integrated Model and Approach (anima)

WG Name Autonomic Networking Integrated Model and Approach
Acronym anima
Area Operations and Management Area (ops)
State Active
Charter charter-ietf-anima-02 Approved
Document dependencies
Additional resources Issue tracker, Wiki, Zulip Stream
Personnel Chairs Sheng Jiang, Toerless Eckert
Area Director Mahesh Jethanandani
Tech Advisor Nancy Cam-Winget
Delegates Michael Richardson, Mike McBride
Secretary Michael Richardson
Liaison Contacts Sheng Jiang, Toerless Eckert
Mailing list Address anima@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/anima
Archive https://mailarchive.ietf.org/arch/browse/anima/
Chat Room address https://zulip.ietf.org/#narrow/stream/anima

Charter for Working Group

The Autonomic Networking Integrated Model and Approach (ANIMA) working group develops and maintains specifications and documentation for interoperable protocols and procedures for automated network management and control of professionally-managed networks.

The vision is a network that configures, heals, optimizes and protects itself. The strategy is the incremental introduction of components to smoothly evolve existing and new networks accordingly.

ANIMA work will rely on the framework described in draft-ietf-anima-reference-model already approved for publication. Work not related to this framework is welcome for review, but WG adoption of such work requires explicit rechartering. The two concrete areas of the reference model are (1) the Autonomic Networking Infrastructure (ANI), and (2) Autonomic Functions (AF) built from software modules called Autonomic Service Agents (ASA).

The ANI is specified through prior ANIMA work. It is composed of the Autonomic Control Plane (ACP; RFC 8368), Bootstrap over Secure Key Infrastructures (BRSKI) including Vouchers (RFC8366), and the Generic Autonomic Signaling Protocol (GRASP). ANIMA will work on closing gaps and extending the ANI and its components.

ANIMA will start to define Autonomic Functions (AF) to enable service automation in networks; it will also work on generic aspects of ASA including design guidelines and lifecycle management, coordination and dependency management.

The reference model also discusses Intent, but ANIMA will not work on this without explicit rechartering. It will rely on the Network Management Research Group (NMRG) to define the next steps for this topic. ANIMA will coordinate with other IETF and IRTF groups as needed.

The scope of possible work items are (additional works are subject to extra approval from the responsible AD):

  • Extensions to the ANI, including variations of ANI deployment (e.g. in virtualised environments), information distribution within an AN, ANI OAMP interfaces (Operations, Administration, Management, Provisioning), interaction with YANG-based mechanisms, defining the domain boundary and membership management of the domain.

  • Support for Autonomic Service Agents, including design and implementation guidelines for ASAs, life cycle management, authorization and coordination of ASA.

  • BRSKI features, including proxies, enrollment, adaptions over various network protocols, variations of voucher formats.

  • Generic use cases of Autonomic Network and new GRASP extensions/options for them, including bulk transfer, DNS-SD interworking, autonomic resource management, autonomic SLA assurance, autonomic multi-tenant management, autonomic network measurement.

  • Integration with Network Operations Centers (NOCs), including autonomic discovery/connectivity to NOC, YANG-based ANI/ASA management by the NOC and reporting AF from node to NOC.

Milestones

Date Milestone Associated documents
Jul 2020 Recharter or close the WG
Mar 2020 Submit Guidelines for Developing Autonomic Service Agents to the IESG
Mar 2020 Submit Lifecycle and Management of Autonomic Service Agents to the IESG
Dec 2019 Submit Constrained Join Proxy for Bootstrapping Protocols to the IESG
Dec 2019 Submit Constrained Voucher Artifacts for Bootstrapping Protocols to the IESG
Nov 2019 Submit Information distribution over GRASP to the IESG