draft-birkholz-rats-mud/ietf-mud-rats.yang at master · ietf-rats/draft-birkholz-rats-mud · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
module ietf-mud-rats {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-mud-rats";
  prefix "mud-rats";

  import ietf-mud {
    prefix "mud";
  }

  import ietf-inet-types {
    prefix "inet";
  }

  organization
    "IETF RATS (Remote ATtestation procedureS) Working Group";

  contact
    "WG Web: http://tools.ietf.org/wg/rats/
     WG List: rats@ietf.org
     Author: Eliot Lear <lear@cisco.com>
     Author: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>";

  description
    "This YANG module augments the ietf-mud model to provide for three
     optional lists to enable Remote Attestation Procedures so that
     this device type may be used as a controller for other
     MUD-enabled devices.

     Copyright (c) 2020 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Simplified BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
      for full legal notices.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.";

  revision 2020-03-09 {
    description
      "Initial proposed standard.";
       reference "RFC XXXX: MUD Extension to find RATS supply chain
       entity resources: remote attestation services, endorsement
       documents, and reference integrity measurement";
  }

  grouping mud-rats-grouping {
    description
      "Grouping to locate RATS services";
    container ras {
      description
        "Lists of Remote Attestation Service
         (RAS/Verifiers) candidates.";
      leaf-list ras-uris {
        type inet:uri;
        description
          "A list of Verifiers that can appraise evidence produced by
           the entity that presents a DevID including this MUD URI.";
      }
    }
    container rim {
      description
        "Lists of Reference Integrity Measurement (RIM) candidates.";
      leaf-list rim-uris {
        type inet:uri;
        description
          "A list of RIM CoSWID that provide reference integrity
           measurements represented as signed CoSWID using
           the CoSWID RIM extension.";
      }
    }
    container edt {
      description
        "List of Endorsements for Roots of Trusts (e.g. Endorsement
         Key Certificates).";
      leaf-list edt-uris {
        type inet:uri;
        description
          "A list of Endorsements that vouch for the characteristics
           of Roots of Trusts the entity possesses.";
      }
    }
  }
  augment "/mud:mud" {
    uses mud-rats-grouping;
    description
      "add mud-rats URI resources";
  }
}