Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2013-10-17.

Slides:

Advertisements

Similar presentations

RBAC Role-Based Access Control

Advertisements

File Server Organization and Best Practices IT Partners June, 02, 2010.

Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Li Xiong CS573 Data Privacy and Security Access Control.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

Role-Based Access Control Richard Newman (c) 2012 R. Newman.

Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: Agenda Item:

Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.

Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

PRO R01-URI_mapping_discussion Discussion on URI mapping in protocol context Group Name: PRO and ARC Source: Shingo Fujimoto, FUJITSU,

NIST Standard for Role- Based Access Control Present by Wenyi Ni.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

G53SEC 1 Access Control principals, objects and their operations.

Li Xiong CS573 Data Privacy and Security Access Control.

Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.

Protection Models Yeong-Tay Timothy Sun September 27, Dennis Kafura – CS5204 – Operating Systems.

Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.

Proposal for WG3 & WG5 work area split

Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:

 hy-asana hy-asana.

Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.

Introducing concept of M2M-application data modeling Group Name: MAS Source: FUJITSU Meeting Date: Agenda Item: Semantics and Device Configuration.

Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:

1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.

CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.

Privilege Management Chapter 22.

Role Based Access Control In oneM2m

Computer Security: Principles and Practice

Protection & Security Greg Bilodeau CS 5204 October 13, 2009.

M2M Service Subscription Profile Discussion Group Name: oneM2M TP #19.2 Source: LG Electronics Meeting Date: Agenda Item:

Introducing Event handler Group Name: SEC & ARC Source: FUJITSU Meeting Date: Agenda Item: Device Configuration.

Discussion about RESTful Admin API Group Name: SEC & ARC Source: FUJITSU Meeting Date: Agenda Item: Device Configuration.

Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.

Configuring and Managing Resource Access Lecture 5.

Device Management Deployments In oneM2m Group Name: MAS Working Group Source: Timothy Carey, Alcatel-Lucent, Meeting Date:

Attribute-level access control Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 16 Agenda Item: TBD.

Clarification of Access Control Mechanism on Rel-1 & Rel-2 Group Name: SEC ( ARC & PRO for information) Source: FUJITSU Meeting Date: Agenda.

Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,

Application Analysis. Application Interaction Model The purpose of analysis is to understand the problem so.

Discussion about App-ID naming convention Group Name: ARC/SEC/PRO Source: FUJITSU Meeting Date: Agenda Item: App-ID operation.

Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:

Introducing concept of M2M-application data modeling Group Name: MAS Source: FUJITSU Meeting Date: Agenda Item: Semantics and Device Configuration.

DM Collaboration – OMA & BBF: Deployment Scenarios Group Name: WG5 - MAS Source: Tim Carey, ALU, Meeting Date:

22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.

Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:

Adding Role to ACPs Group Name: SEC Source: OBERTHUR Technologies, Dragan Vujcic Meeting Date: Agenda Item: RBAC.

1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.

May 4, 2006Dane Skow Managing (Dis)Honorable Guests -- A Role for Grid Security Dane Skow University of Chicago and Argonne National.

ACI RBAC Rules More fine grained Role-Based Access Control for the ACI REST API.

Database and Cloud Security

Access Control Model SAM-5.

Introduction to NTFS Permissions

FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY

Azure Identity Premier Fast Start

Considering issues regarding handling token

Role-Based Access Control Richard Newman (c) 2012 R. Newman

Access Control What’s New?

Presentation transcript:

Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item: Access Control

Introduction Role-Based Access Control had discussed with collaborating WG2 and WG4 experts What is ‘Role’ is still not clear This contribution illustrates one view on the issue regarding concept of Role in M2M Service 2

oneM2M-ARC R01-User_Role_Concept Role-based Access Control In RBAC, Activity will be controlled following permissions to given to specific ‘Role’ RBAC steps: – Define Role: Roles are defined as allowed Activities in specific context – Assign Role(s) for user Authorization is minimal requirement – Control Activity by assigned Role Access control is enforced by Role 3

oneM2M-ARC R01-User_Role_Concept Discussion What kind of Roles should be defined in M2M System ? Clarification on the model of delegation of Ownership The way forward … 4

oneM2M-ARC R01-User_Role_Concept Actors in M2M System Privileged Actor – Administrator: Responsible to keep system running (But no responsibility on data content) Normal Actors – Device Owner: full access to device and its data – Data Provider: partial access only to the data – Application: restricted access with authorization 5

oneM2M-ARC R01-User_Role_Concept Characteristics of Data in M2M DataUse of DataOwnerActorsNote Measured Value Collecting information for application Device Owner, Data Provider Device Owner, Application Provider, Application Raw data collected from M2M Device, Note: updating data is only allowed Owner Processed Data Information generated from ‘Measured Value’ Data ProviderDevice Owner, Application Provider, Application Device Settings Control the behavior of Device or Gateways Device OwnerDevice Owner, Administrator Settings are User Configurable Parameters Device Runtime Manage Device to keep it healthy Device OwnerDevice Owner, Administrator Firmware, Applications on Device 6

oneM2M-ARC R01-User_Role_Concept Example of RBAC Attr-A Attr-B Attr-C Attr-D Att-E Attr-A Attr-B Attr-C Attr-D Att-E Attr-A Attr-B Attr-C Attr-D Att-E Attr-A Attr-B Attr-C Attr-D Att-E AdministratorDevice OwnerApp-1 App-2 Cannot Create resource Hidden From App-1 Hidden From App-1 Hidden From App-2 Can anything but never do it 7

oneM2M-ARC R01-User_Role_Concept [FYI]Difference of RBAC with ACL ACL assigns the permission to data object “RBAC differs from access control lists (ACLs), used in traditional discretionary access-control systems, in that it assigns permissions to specific operations with meaning in the organization, rather than to low level data objects. “ ACL does not support semantics: “The assignment of permission to perform a particular operation is meaningful” 8