Issues of Current Access Control Rule and New Proposal Introduction Group Name: ARC 21 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

What are the Differences between Computer File and oneM2M Resource Tree in Access Control Access Control List (ACL):  Designed for Computer File System  File does not have sub-structure  ACL is OK for file access control oneM2M Resource Tree:  Designed for oneM2M System  Node in tree may have complicated sub-structure, e.g.,,  Currently using ACL for access control  ACL is not OK for the access control of oneM2M resource tree

Evaluation of Current ACP Rule : Example Scenario Scenario: AE1 and AE2 register to CSE1 AE1 and AE2 share data via Basic procedures: 1.AE2 makes a subscription to in order to get Notifications 2.AE1 creates in 3.CSE1 notifies the AE2 after AE1 creates a in 4.AE2 retrieves from

Evaluation of Current ACP Rule : Example Rules Access Control Rules: Rule-1: [(AE1, AE2), (Create), ()] Rul2-2: [(AE2), (Retrieve), ()] What we expect in access control are:  AE1 can only create in  AE2 can only create for notification about the change of in  AE2 can only retrieve in  AE1 and AE2 shall not create in

Evaluation of Current ACP Rule : Evaluation Rule-1: [(AE1, AE2), (Create), ()]: We expect AE1 can only create We expect AE2 can only create However what we get are: AE1 and AE2 can create any child resources in Rul2-2: [(AE2), (Retrieve), ()]: We expect AE2 can only retrieve However what we get are: AE2 can retrieve any attributes and child resources in

Evaluation of Current ACP Rule : Conclusion Current oneM2M access control rule is too weak. It cannot meet the security requirements of the oneM2M System in the aspect of access control. More powerful access control rules should be developed so that fine grained access control could be supported by the oneM2M System.

New Proposal : Rule Format Current access control rule format (3-tuple): [accessControlOriginators, accessControlOperations, accessControlContexts] Proposed access control rule format (6-tuple): [accessControlResources, permittedAttributes, permittedChildResources, accessControlOriginators, accessControlOperations, accessControlContexts]  accessControlResources: mandatory parameter, representing the set of address of the resources that shall be protected by this access control rule.  permittedAttributes: optional parameter, representing the set of permitted attributes under the resources defined in the accessControlResources.  permittedChildResources: optional parameter, representing the set of permitted child resources under the resources defined in the accessControlResources.  accessControlOriginators: same as the existing definition.  accessControlOperations: same as the existing definition.  accessControlContexts: same as the existing definition.

New Proposal : Example Rules and Evaluation New Access Control Rule Examples: New Rule-1: [( ); (); ( ); (AE1); (Create); ()] New Rule-2: [( ); (); ( ; (AE2); (Create); ()] New Rule-3: [( ); (); ( ); (AE2); (Retrieve); ()] What we expect in access control are:  AE1 can only create in the  AE2 can only create for notification about the change of in the  AE2 can only retrieve in the  AE1 and AE2 shall not create in the Old Access Control Rules: Rule-1: [(AE1, AE2), (Create), ()] Rul2-2: [(AE2), (Retrieve), ()]

New Proposal : Conclusion 1.Compared with current rule format the new rule format can more accurately describe access control rules, and can be used for supporting fine grained access control. 2.The new access control rule contains the information of resources and Originators, so the access control rules belonging to different resources can be organized into one access control policy. This can simplify the access control policy management.

Thank You! Q&A Issues of Current Access Control Rule and New Proposal Introduction