tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search

RFC 3460

 
 
 

Policy Core Information Model (PCIM) Extensions

Part 4 of 4, p. 75 to 93
Prev RFC Part

 


prevText      Top      Up      ToC       Page 75 
7. Association and Aggregation Definitions

   The following definitions supplement those in PCIM itself.  PCIM
   definitions that are not DEPRECATED here are still current parts of
   the overall Policy Core Information Model.

7.1. The Aggregation "PolicySetComponent"

   PolicySetComponent is a new aggregation class that collects instances
   of PolicySet subclasses (PolicyGroups and PolicyRules) into coherent
   sets of policies.

Top      Up      ToC       Page 76 
   NAME             PolicySetComponent
   DESCRIPTION      A concrete class representing the components of a
                    policy set that have the same decision strategy, and
                    are prioritized within the set.
   DERIVED FROM     PolicyComponent
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref PolicySet[0..n]]
                    PartComponent[ref PolicySet[0..n]]
                    Priority

   The definition of the Priority property is unchanged from its
   previous definition in [PCIM].

   NAME             Priority
   DESCRIPTION      A non-negative integer for prioritizing this
                    PolicySet component relative to other components of
                    the same PolicySet.  A larger value indicates a
                    higher priority.
   SYNTAX           uint16
   DEFAULT VALUE    0

7.2. Deprecate PCIM's Aggregation "PolicyGroupInPolicyGroup"

   The new aggregation PolicySetComponent is used directly to represent
   aggregation of PolicyGroups by a higher-level PolicyGroup.  Thus the
   aggregation PolicyGroupInPolicyGroup is no longer needed, and can be
   deprecated.

   NAME             PolicyGroupInPolicyGroup
   DEPRECATED FOR   PolicySetComponent
   DESCRIPTION      A class representing the aggregation of PolicyGroups
                    by a higher-level PolicyGroup.
   DERIVED FROM     PolicyComponent
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref PolicyGroup[0..n]]
                    PartComponent[ref PolicyGroup[0..n]]

7.3. Deprecate PCIM's Aggregation "PolicyRuleInPolicyGroup"

   The new aggregation PolicySetComponent is used directly to represent
   aggregation of PolicyRules by a PolicyGroup.  Thus the aggregation
   PolicyRuleInPolicyGroup is no longer needed, and can be deprecated.

   NAME             PolicyRuleInPolicyGroup
   DEPRECATED FOR   PolicySetComponent
   DESCRIPTION      A class representing the aggregation of PolicyRules
                    by a PolicyGroup.
   DERIVED FROM     PolicyComponent

Top      Up      ToC       Page 77 
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref PolicyGroup[0..n]]
                    PartComponent[ref PolicyRule[0..n]]

7.4. The Abstract Association "PolicySetInSystem"

   PolicySetInSystem is a new association that defines a relationship
   between a System and a PolicySet used in the administrative scope of
   that system (e.g., AdminDomain, ComputerSystem).  The Priority
   property is used to assign a relative priority to a PolicySet within
   the administrative scope in contexts where it is not a component of
   another PolicySet.

   NAME             PolicySetInSystem
   DESCRIPTION      An abstract class representing the relationship
                    between a System and a PolicySet that is used in the
                    administrative scope of the System.
   DERIVED FROM     PolicyInSystem
   ABSTRACT         TRUE
   PROPERTIES       Antecedent[ref System[0..1]]
                    Dependent [ref PolicySet[0..n]]
                    Priority

   The Priority property is used to specify the relative priority of the
   referenced PolicySet when there are more than one PolicySet instances
   applied to a managed resource that are not PolicySetComponents and,
   therefore, have no other relative priority defined.

   NAME             Priority
   DESCRIPTION      A non-negative integer for prioritizing the
                    referenced PolicySet among other PolicySet
                    instances that are not components of a common
                    PolicySet.  A larger value indicates a higher
                    priority.
   SYNTAX           uint16
   DEFAULT VALUE    0

7.5. Update PCIM's Weak Association "PolicyGroupInSystem"

   Regardless of whether it a component of another PolicySet, a
   PolicyGroup is itself defined within the scope of a System.  This
   association links a PolicyGroup to the System in whose scope the
   PolicyGroup is defined.  It is a subclass of the abstract
   PolicySetInSystem association.  The class definition for the
   association is as follows:

Top      Up      ToC       Page 78 
   NAME             PolicyGroupInSystem
   DESCRIPTION      A class representing the fact that a PolicyGroup is
                    defined within the scope of a System.
   DERIVED FROM     PolicySetInSystem
   ABSTRACT         FALSE
   PROPERTIES       Antecedent[ref System[1..1]]
                    Dependent     [ref PolicyGroup[weak]]

   The Reference "Antecedent" is inherited from PolicySetInSystem, and
   overridden to restrict its cardinality to [1..1].  It serves as an
   object reference to a System that provides a scope for one or more
   PolicyGroups.  Since this is a weak association, the cardinality for
   this object reference is always 1, that is, a PolicyGroup is always
   defined within the scope of exactly one System.

   The Reference "Dependent" is inherited from PolicySetInSystem, and
   overridden to become an object reference to a PolicyGroup defined
   within the scope of a System.  Note that for any single instance of
   the association class PolicyGroupInSystem, this property (like all
   reference properties) is single-valued.  The [0..n] cardinality
   indicates that a given System may have 0, 1, or more than one
   PolicyGroups defined within its scope.

7.6. Update PCIM's Weak Association "PolicyRuleInSystem"

   Regardless of whether it a component of another PolicySet, a
   PolicyRule is itself defined within the scope of a System.  This
   association links a PolicyRule to the System in whose scope the
   PolicyRule is defined.  It is a subclass of the abstract
   PolicySetInSystem association. The class definition for the
   association is as follows:

   NAME             PolicyRuleInSystem
   DESCRIPTION      A class representing the fact that a PolicyRule is
                    defined within the scope of a System.
   DERIVED FROM     PolicySetInSystem
   ABSTRACT         FALSE
   PROPERTIES       Antecedent[ref System[1..1]]
                    Dependent[ref PolicyRule[weak]]

   The Reference "Antecedent" is inherited from PolicySetInSystem, and
   overridden to restrict its cardinality to [1..1].  It serves as an
   object reference to a System that provides a scope for one or more
   PolicyRules.  Since this is a weak association, the cardinality for
   this object reference is always 1, that is, a PolicyRule is always
   defined within the scope of exactly one System.

Top      Up      ToC       Page 79 
   The Reference "Dependent" is inherited from PolicySetInSystem, and
   overridden to become an object reference to a PolicyRule defined
   within the scope of a System.  Note that for any single instance of
   the association class PolicyRuleInSystem, this property (like all
   Reference properties) is single-valued.  The [0..n] cardinality
   indicates that a given System may have 0, 1, or more than one
   PolicyRules defined within its scope.

7.7. The Abstract Aggregation "PolicyConditionStructure"

   NAME             PolicyConditionStructure
   DESCRIPTION      A class representing the aggregation of
                    PolicyConditions by an aggregating instance.
   DERIVED FROM     PolicyComponent
   ABSTRACT         TRUE
   PROPERTIES       PartComponent[ref PolicyCondition[0..n]]
                    GroupNumber
                    ConditionNegated
7.8. Update PCIM's Aggregation "PolicyConditionInPolicyRule"

   The PCIM aggregation "PolicyConditionInPolicyRule" is updated, to
   make it a subclass of the new abstract aggregation
   PolicyConditionStructure.  The properties GroupNumber and
   ConditionNegated are now inherited, rather than specified explicitly
   as they were in PCIM.

   NAME             PolicyConditionInPolicyRule
   DESCRIPTION      A class representing the aggregation of
                    PolicyConditions by a PolicyRule.
   DERIVED FROM     PolicyConditionStructure
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref PolicyRule[0..n]]

7.9. The Aggregation "PolicyConditionInPolicyCondition"

   A second subclass of PolicyConditionStructure is defined,
   representing the compounding of policy conditions into a higher-level
   policy condition.

   NAME             PolicyConditionInPolicyCondition
   DESCRIPTION      A class representing the aggregation of
                    PolicyConditions by another PolicyCondition.
   DERIVED FROM     PolicyConditionStructure
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref CompoundPolicyCondition[0..n]]

Top      Up      ToC       Page 80 
7.10. The Abstract Aggregation "PolicyActionStructure"

   NAME             PolicyActionStructure
   DESCRIPTION      A class representing the aggregation of
                    PolicyActions by an aggregating instance.
   DERIVED FROM     PolicyComponent
   ABSTRACT         TRUE
   PROPERTIES       PartComponent[ref PolicyAction[0..n]]
                    ActionOrder

   The definition of the ActionOrder property appears in Section 7.8.3
   of PCIM [1].

7.11. Update PCIM's Aggregation "PolicyActionInPolicyRule"

   The PCIM aggregation "PolicyActionInPolicyRule" is updated, to make
   it a subclass of the new abstract aggregation PolicyActionStructure.
   The property ActionOrder is now inherited, rather than specified
   explicitly as it was in PCIM.

   NAME             PolicyActionInPolicyRule
   DESCRIPTION      A class representing the aggregation of
                    PolicyActions by a PolicyRule.
   DERIVED FROM     PolicyActionStructure
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref PolicyRule[0..n]]

7.12. The Aggregation "PolicyActionInPolicyAction"

   A second subclass of PolicyActionStructure is defined, representing
   the compounding of policy actions into a higher-level policy action.

   NAME             PolicyActionInPolicyAction
   DESCRIPTION      A class representing the aggregation of
                    PolicyActions by another PolicyAction.
   DERIVED FROM     PolicyActionStructure
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref CompoundPolicyAction[0..n]]

7.13. The Aggregation "PolicyVariableInSimplePolicyCondition"

   A simple policy condition is represented as an ordered triplet
   {variable, operator, value}.  This aggregation provides the linkage
   between a SimplePolicyCondition instance and a single PolicyVariable.
   The aggregation PolicyValueInSimplePolicyCondition links the
   SimplePolicyCondition to a single PolicyValue.  The Operator property
   of SimplePolicyCondition represents the third element of the triplet,
   the operator.

Top      Up      ToC       Page 81 
   The class definition for this aggregation is as follows:

   NAME             PolicyVariableInSimplePolicyCondition
   DERIVED FROM     PolicyComponent
   ABSTRACT         False
   PROPERTIES       GroupComponent[ref SimplePolicyCondition[0..n]]
                    PartComponent[ref PolicyVariable[1..1] ]

   The reference property "GroupComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   SimplePolicyCondition that contains exactly one PolicyVariable.  Note
   that for any single instance of the aggregation class
   PolicyVariableInSimplePolicyCondition, this property is single-
   valued.  The [0..n] cardinality indicates that there may be 0, 1, or
   more SimplePolicyCondition objects that contain any given policy
   variable object.

   The reference property "PartComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   PolicyVariable that is defined within the scope of a
   SimplePolicyCondition.  Note that for any single instance of the
   association class PolicyVariableInSimplePolicyCondition, this
   property (like all reference properties) is single-valued.  The
   [1..1] cardinality indicates that a SimplePolicyCondition must have
   exactly one policy variable defined within its scope in order to be
   meaningful.

7.14. The Aggregation "PolicyValueInSimplePolicyCondition"

   A simple policy condition is represented as an ordered triplet
   {variable, operator, value}.  This aggregation provides the linkage
   between a SimplePolicyCondition instance and a single PolicyValue.
   The aggregation PolicyVariableInSimplePolicyCondition links the
   SimplePolicyCondition to a single PolicyVariable.  The Operator
   property of SimplePolicyCondition represents the third element of the
   triplet, the operator.

   The class definition for this aggregation is as follows:

   NAME             PolicyValueInSimplePolicyCondition
   DERIVED FROM     PolicyComponent
   ABSTRACT         False
   PROPERTIES       GroupComponent[ref SimplePolicyCondition[0..n]]
                    PartComponent[ref PolicyValue[1..1] ]

   The reference property "GroupComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   SimplePolicyCondition that contains exactly one PolicyValue.  Note

Top      Up      ToC       Page 82 
   that for any single instance of the aggregation class
   PolicyValueInSimplePolicyCondition, this property is single-valued.
   The [0..n] cardinality indicates that there may be 0, 1, or more
   SimplePolicyCondition objects that contain any given policy value
   object.

   The reference property "PartComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   PolicyValue that is defined within the scope of a
   SimplePolicyCondition.  Note that for any single instance of the
   association class PolicyValueInSimplePolicyCondition, this property
   (like all reference properties) is single-valued.  The [1..1]
   cardinality indicates that a SimplePolicyCondition must have exactly
   one policy value defined within its scope in order to be meaningful.

7.15. The Aggregation "PolicyVariableInSimplePolicyAction"

   A simple policy action is represented as a pair {variable, value}.
   This aggregation provides the linkage between a SimplePolicyAction
   instance and a single PolicyVariable.  The aggregation
   PolicyValueInSimplePolicyAction links the SimplePolicyAction to a
   single PolicyValue.

   The class definition for this aggregation is as follows:

   NAME             PolicyVariableInSimplePolicyAction
   DERIVED FROM     PolicyComponent
   ABSTRACT         False
   PROPERTIES       GroupComponent[ref SimplePolicyAction[0..n]]
                    PartComponent[ref PolicyVariable[1..1] ]

   The reference property "GroupComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   SimplePolicyAction that contains exactly one PolicyVariable.  Note
   that for any single instance of the aggregation class
   PolicyVariableInSimplePolicyAction, this property is single-valued.
   The [0..n] cardinality indicates that there may be 0, 1, or more
   SimplePolicyAction objects that contain any given policy variable
   object.

   The reference property "PartComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   PolicyVariable that is defined within the scope of a
   SimplePolicyAction.  Note that for any single instance of the
   association class PolicyVariableInSimplePolicyAction, this property
   (like all reference properties) is single-valued.  The [1..1]
   cardinality indicates that a SimplePolicyAction must have exactly one
   policy variable defined within its scope in order to be meaningful.

Top      Up      ToC       Page 83 
7.16. The Aggregation "PolicyValueInSimplePolicyAction"

   A simple policy action is represented as a pair {variable, value}.
   This aggregation provides the linkage between a SimplePolicyAction
   instance and a single PolicyValue.  The aggregation
   PolicyVariableInSimplePolicyAction links the SimplePolicyAction to a
   single PolicyVariable.

   The class definition for this aggregation is as follows:

   NAME             PolicyValueInSimplePolicyAction
   DERIVED FROM     PolicyComponent
   ABSTRACT         False
   PROPERTIES       GroupComponent[ref SimplePolicyAction[0..n]]
                    PartComponent[ref PolicyValue[1..1] ]

   The reference property "GroupComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   SimplePolicyAction that contains exactly one PolicyValue.  Note that
   for any single instance of the aggregation class
   PolicyValueInSimplePolicyAction, this property is single-valued.  The
   [0..n] cardinality indicates that there may be 0, 1, or more
   SimplePolicyAction objects that contain any given policy value
   object.

   The reference property "PartComponent" is inherited from
   PolicyComponent, and overridden to become an object reference to a
   PolicyValue that is defined within the scope of a SimplePolicyAction.
   Note that for any single instance of the association class
   PolicyValueInSimplePolicyAction, this property (like all reference
   properties) is single-valued.  The [1..1] cardinality indicates that
   a SimplePolicyAction must have exactly one policy value defined
   within its scope in order to be meaningful.

7.17. The Association "ReusablePolicy"

   The association ReusablePolicy makes it possible to include any
   subclass of the abstract class "Policy" in a ReusablePolicyContainer.

   NAME             ReusablePolicy
   DESCRIPTION      A class representing the inclusion of a reusable
                    policy element in a ReusablePolicyContainer.
                    Reusable elements may be PolicyGroups, PolicyRules,
                    PolicyConditions, PolicyActions, PolicyVariables,
                    PolicyValues, or instances of any other subclasses
                    of the abstract class Policy.

Top      Up      ToC       Page 84 
   DERIVED FROM     PolicyInSystem
   ABSTRACT         FALSE
   PROPERTIES       Antecedent[ref ReusablePolicyContainer[0..1]]

7.18. Deprecate PCIM's "PolicyConditionInPolicyRepository"

   NAME             PolicyConditionInPolicyRepository
   DEPRECATED FOR   ReusablePolicy
   DESCRIPTION      A class representing the inclusion of a reusable
                    PolicyCondition in a PolicyRepository.
   DERIVED FROM     PolicyInSystem
   ABSTRACT         FALSE
   PROPERTIES       Antecedent[ref PolicyRepository[0..1]]
                    Dependent[ref PolicyCondition[0..n]]

7.19. Deprecate PCIM's "PolicyActionInPolicyRepository"

   NAME             PolicyActionInPolicyRepository
   DEPRECATED FOR   ReusablePolicy
   DESCRIPTION      A class representing the inclusion of a reusable
                    PolicyAction in a PolicyRepository.
   DERIVED FROM     PolicyInSystem
   ABSTRACT         FALSE
   PROPERTIES       Antecedent[ref PolicyRepository[0..1]]
                    Dependent[ref PolicyAction[0..n]]

7.20. The Association ExpectedPolicyValuesForVariable

   This association links a PolicyValue object to a PolicyVariable
   object, modeling the set of expected values for that PolicyVariable.
   Using this association, a variable (instance) may be constrained to
   be bound- to/assigned only a set of allowed values.  For example,
   modeling an enumerated source port variable, one creates an instance
   of the PolicySourcePortVariable class and associates with it the set
   of values (integers) representing the allowed enumeration, using
   appropriate number of instances of the
   ExpectedPolicyValuesForVariable association.

   Note that a single variable instance may be constrained by any number
   of values, and a single value may be used to constrain any number of
   variables.  These relationships are manifested by the n-to-m
   cardinality of the association.

   The purpose of this association is to support validation of simple
   policy conditions and simple policy actions, prior to their
   deployment to an enforcement point.  This association, and the

Top      Up      ToC       Page 85 
   PolicyValue object that it refers to, plays no role when a PDP or a
   PEP is evaluating a simple policy condition, or executing a simple
   policy action.  See Section 5.8.3 for more details on this point.

   The class definition for the association is as follows:

   NAME             ExpectedPolicyValuesForVariable
   DESCRIPTION      A class representing the association of a set of
                    expected values to a variable object.
   DERIVED FROM     Dependency
   ABSTRACT         FALSE
   PROPERTIES       Antecedent [ref PolicyVariable[0..n]]
                    Dependent [ref PolicyValue [0..n]]

   The reference property Antecedent is inherited from Dependency.  Its
   type and cardinality are overridden to provide the semantics of a
   variable optionally having value constraints.  The [0..n] cardinality
   indicates that any number of variables may be constrained by a given
   value.

   The reference property "Dependent" is inherited from Dependency, and
   overridden to become an object reference to a PolicyValue
   representing the values that a particular PolicyVariable can have.
   The [0..n] cardinality indicates that a given policy variable may
   have 0, 1 or more than one PolicyValues defined to model the set(s)
   of values that the policy variable can take.

7.21. The Aggregation "ContainedDomain"

   The aggregation ContainedDomain provides a means of nesting of one
   ReusablePolicyContainer inside another one.  The aggregation is
   defined at the level of ReusablePolicyContainer's superclass,
   AdminDomain, to give it applicability to areas other than Core
   Policy.

   NAME             ContainedDomain
   DESCRIPTION      A class representing the aggregation of lower level
                    administrative domains by a higher-level
                    AdminDomain.
   DERIVED FROM     SystemComponent
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref AdminDomain [0..n]]
                    PartComponent[ref AdminDomain [0..n]]

Top      Up      ToC       Page 86 
7.22. Deprecate PCIM's "PolicyRepositoryInPolicyRepository"

   NAME             PolicyRepositoryInPolicyRepository
   DEPRECATED FOR   ContainedDomain
   DESCRIPTION      A class representing the aggregation of
                    PolicyRepositories by a higher-level
                    PolicyRepository.
   DERIVED FROM     SystemComponent
   ABSTRACT         FALSE
   PROPERTIES       GroupComponent[ref PolicyRepository[0..n]]
                    PartComponent[ref PolicyRepository[0..n]]

7.23. The Aggregation "EntriesInFilterList"

   This aggregation is a specialization of the Component aggregation; it
   is used to define a set of filter entries (subclasses of
   FilterEntryBase) that are aggregated by a FilterList.

   The cardinalities of the aggregation itself are 0..1 on the
   FilterList end, and 0..n on the FilterEntryBase end.  Thus in the
   general case, a filter entry can exist without being aggregated into
   any FilterList.  However, the only way a filter entry can figure in
   the PCIMe model is by being aggregated into a FilterList by this
   aggregation.

   The class definition for the aggregation is as follows:

   NAME              EntriesInFilterList
   DESCRIPTION       An aggregation used to define a set of
                     filter entries (subclasses of
                     FilterEntryBase) that are aggregated by
                     a particular FilterList.
   DERIVED FROM      Component
   ABSTRACT          False
   PROPERTIES        GroupComponent[ref
                        FilterList[0..1]],
                     PartComponent[ref
                        FilterEntryBase[0..n],
                     EntrySequence

7.23.1. The Reference GroupComponent

   This property is overridden in this aggregation to represent an
   object reference to a FilterList object (instead of to the more
   generic ManagedSystemElement object defined in its superclass).  It
   also restricts the cardinality of the aggregate to 0..1 (instead of
   the more generic 0-or-more), representing the fact that a filter
   entry always exists within the context of at most one FilterList.

Top      Up      ToC       Page 87 
7.23.2. The Reference PartComponent

   This property is overridden in this aggregation to represent an
   object reference to a FilterEntryBase object (instead of to the more
   generic ManagedSystemElement object defined in its superclass).  This
   object represents a single filter entry, which may be aggregated with
   other filter entries to form the FilterList.

7.23.3. The Property EntrySequence

   An unsigned 16-bit integer indicating the order of the filter entry
   relative to all others in the FilterList.  The default value '0'
   indicates that order is not significant, because the entries in this
   FilterList are ANDed together.

7.24. The Aggregation "ElementInPolicyRoleCollection"

   The following aggregation is used to associate ManagedElements with a
   PolicyRoleCollection object that represents a role played by these
   ManagedElements.

   NAME             ElementInPolicyRoleCollection
   DESCRIPTION      A class representing the inclusion of a
                    ManagedElement in a collection, specified as
                    having a given role.  All the managed elements
                    in the collection share the same role.
   DERIVED FROM     MemberOfCollection
   ABSTRACT         FALSE
   PROPERTIES       Collection[ref PolicyRoleCollection [0..n]]
                    Member[ref ManagedElement [0..n]]

7.25. The Weak Association "PolicyRoleCollectionInSystem"

   A PolicyRoleCollection is defined within the scope of a System.  This
   association links a PolicyRoleCollection to the System in whose scope
   it is defined.

   When associating a PolicyRoleCollection with a System, this should be
   done consistently with the system that scopes the policy rules/groups
   that are applied to the resources in that collection.  A
   PolicyRoleCollection is associated with the same system as the
   applicable PolicyRules and/or PolicyGroups, or to a System higher in
   the tree formed by the SystemComponent association.

   The class definition for the association is as follows:

Top      Up      ToC       Page 88 
   NAME             PolicyRoleCollectionInSystem
   DESCRIPTION      A class representing the fact that a
                    PolicyRoleCollection is defined within the scope of
                    a System.
   DERIVED FROM     Dependency
   ABSTRACT         FALSE
   PROPERTIES       Antecedent[ref System[1..1]]
                    Dependent[ref PolicyRoleCollection[weak]]

   The reference property Antecedent is inherited from Dependency, and
   overridden to become an object reference to a System, and to restrict
   its cardinality to [1..1].  It serves as an object reference to a
   System that provides a scope for one or more PolicyRoleCollections.
   Since this is a weak association, the cardinality for this object
   reference is always 1, that is, a PolicyRoleCollection is always
   defined within the scope of exactly one System.

   The reference property Dependent is inherited from Dependency, and
   overridden to become an object reference to a PolicyRoleCollection
   defined within the scope of a System.  Note that for any single
   instance of the association class PolicyRoleCollectionInSystem, this
   property (like all Reference properties) is single-valued.  The
   [0..n] cardinality indicates that a given System may have 0, 1, or
   more than one PolicyRoleCollections defined within its scope.

8. Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11.

   Copies of claims of rights made available for publication and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.

Top      Up      ToC       Page 89 
9. Acknowledgements

   The starting point for this document was PCIM itself [1], and the
   first three submodels derived from it [11], [12], [13].  The authors
   of these documents created the extensions to PCIM, and asked the
   questions about PCIM, that are reflected in PCIMe.

10. Contributors

   This document includes text written by a number of authors (including
   the editor), that was subsequently merged by the editor.  The
   following people contributed text to this document:

   Lee Rafalow
   IBM Corporation, BRQA/501
   4205 S. Miami Blvd.
   Research Triangle Park, NC 27709

   Phone: +1 919-254-4455
   Fax: +1 919-254-6243
   EMail: rafalow@us.ibm.com


   Yoram Ramberg
   Cisco Systems
   4 Maskit Street
   Herzliya Pituach, Israel  46766

   Phone: +972-9-970-0081
   Fax:  +972-9-970-0219
   EMail: yramberg@cisco.com


   Yoram Snir
   Cisco Systems
   4 Maskit Street
   Herzliya Pituach, Israel  46766

   Phone: +972-9-970-0085
   Fax:  +972-9-970-0366
   EMail: ysnir@cisco.com

Top      Up      ToC       Page 90 
   Andrea Westerinen
   Cisco Systems
   Building 20
   725 Alder Drive
   Milpitas, CA  95035

   Phone: +1-408-853-8294
   Fax: +1-408-527-6351
   EMail: andreaw@cisco.com


   Ritu Chadha
   Telcordia Technologies
   MCC 1J-218R
   445 South Street
   Morristown NJ 07960.

   Phone: +1-973-829-4869
   Fax: +1-973-829-5889
   EMail: chadha@research.telcordia.com


   Marcus Brunner
   NEC Europe Ltd.
   C&C Research Laboratories
   Adenauerplatz 6
   D-69115 Heidelberg, Germany

   Phone: +49 (0)6221 9051129
   Fax: +49 (0)6221 9051155
   EMail: brunner@ccrle.nec.de


   Ron Cohen
   Ntear LLC

   EMail: ronc@ntear.com


   John Strassner
   INTELLIDEN, Inc.
   90 South Cascade Avenue
   Colorado Springs, CO  80903

   Phone: +1-719-785-0648
   EMail: john.strassner@intelliden.com

Top      Up      ToC       Page 91 
11. Security Considerations

   The Policy Core Information Model (PCIM) [1] describes the general
   security considerations related to the general core policy model.
   The extensions defined in this document do not introduce any
   additional considerations related to security.

12. Normative References

   [1]  Moore, B., Ellesson, E., Strassner, J. and A. Westerinen,
        "Policy Core Information Model -- Version 1 Specification", RFC
        3060, February 2001.

   [2]  Distributed Management Task Force, Inc., "DMTF Technologies: CIM
        Standards  CIM Schema: Version 2.5", available at
        http://www.dmtf.org/standards/cim_schema_v25.php.

   [3]  Distributed Management Task Force, Inc., "Common Information
        Model (CIM) Specification: Version 2.2", June 14, 1999,
        available at
        http://www.dmtf.org/standards/documents/CIM/DSP0004.pdf.

   [4]  Mockapetris, P., "Domain Names - implementation and
        specification", STD 13, RFC 1035, November 1987.

   [5]  Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight
        Directory Access Protocol (v3): Attribute Syntax Definitions",
        RFC 2252, December 1997.

   [6]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
        Specifications: ABNF", RFC 2234, November 1997.

   [7]  Hinden, R. and S. Deering, "IP Version 6 Addressing
        Architecture", RFC 2373, July 1998.

   [8]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

13. Informative References

   [9]  Hovey, R. and S. Bradner, "The Organizations Involved in the
        IETF Standards Process", BCP 11, RFC 2028, October 1996.

   [10] Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M.,
        Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J. and
        Waldbusser, "Terminology for Policy-Based Management", RFC 3198,
        November 2001.

Top      Up      ToC       Page 92 
   [11] Snir, Y., and Y. Ramberg, J. Strassner, R. Cohen, "Policy QoS
        Information Model", Work in Progress.

   [12] Jason, J., and L. Rafalow, E. Vyncke, "IPsec Configuration
        Policy Model", Work in Progress.

   [13] Chadha, R., and M. Brunner, M. Yoshida, J. Quittek, G.
        Mykoniatis, A.  Poylisher, R. Vaidyanathan, A. Kind, F.
        Reichmeyer, "Policy Framework MPLS Information Model for QoS and
        TE", Work in Progress.

   [14] S. Waldbusser, and J. Saperia, T. Hongal, "Policy Based
        Management MIB", Work in Progress.

   [15] B. Moore, and D. Durham, J. Halpern, J. Strassner, A.
        Westerinen, W.  Weiss, "Information Model for Describing Network
        Device QoS Datapath Mechanisms", Work in Progress.

Author's Address

   Bob Moore
   IBM Corporation, BRQA/501
   4205 S. Miami Blvd.
   Research Triangle Park, NC 27709

   Phone: +1 919-254-4436
   Fax: +1 919-254-6243
   EMail: remoore@us.ibm.com

Top      Up      ToC       Page 93 
Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.