Considering issues regarding handling token Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, shingo_fujimoto@jp.fujitsu.com Meeting Date: 2013-12-11 Agenda Item: Access control & API
Background Token based authorization is studied in Security TR There are some gap will be exist to apply the existing solution to M2M platform This contribution clarify the issues regarding handling tokens from study of OAuth 2.0 systems.
OAuth 2.0 See details at: http://tutorials.jenkov.com/oauth2/authorization.html
OAuth 2.0 (another use) See details at: http://www.flickr.com/services/api/auth.oauth.html
Apply OAuth to M2M Platform
Scope of M2M Platform
Functional Requirement Both CSE and AE Storing token associated with target Resource(s) Provide required token when accessing to targeted Resource(s) For CSE only Storing authorization context associated with target Resource(s) Issuing token responding Authorization request [optional]
Conclusion Discussion point Proposal Review the proposed flow for OAuth usage in oneM2M architecture Consider Authorization Server is in or out of the CSE (at infrastructure node) Proposal Define necessary Resources and its attributes