Summary of the MAF and MEF Interface Specification TS-0032

Slides:



Advertisements
Similar presentations
CMDH Refinement Contribution: oneM2M-ARC-0397
Advertisements

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Is a Node or not Node? ARC Node_resolution Group Name: ARC Source: Barbara Pareglio, NEC, Meeting Date: ARC#9.1 Agenda.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
Credential Identifiers Group Name: SEC#14.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
On Persistent AE Identifiers Group Name: SEC#12.2 Source: Phil Hawkes, Qualcomm Inc (TIA), Francois Ennesser,
App-ID Use Cases, Syntax and Attributes SEC App-ID_Use_Cases,_Syntax_and_Attributes Group Name: Architecture Source: Darold Hemphill, iconectiv,
World Class Standards WG8 presentation of current Subscription Management Activities TISPAN WG8 – 3GPP SA#5 Joint meeting Sophia Antipolis, May14th - 15.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:
WG 3 Progress Report at TP13 Group Name: oneM2M TP13 Source: Raymond Forbes, LM Ericsson, Meeting Date: to
WG-2 - ARC TP #16 Status Report Group Name: oneM2M TP #16 Source: WG2 Chair (Nicolas Damour – Meeting Date: Agenda.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.
TS0001 Identifiers way forward Group Name: WG2 Source: Elloumi, Foti, Scarrone, Lu (tbc), Jeong (tbc) Meeting Date: Agenda Item: ARC11/PRO11.
Supporting long polling Group Name: ARC WG Source: SeungMyeong, LG Electronics, Meeting Date: x-xx Agenda Item: TBD.
Certificate Enrolment STEs Group Name: SEC#17.3 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Customized Resource Types MAS Group Name: MAS + ARC + PRO WGs Source: Wolfgang Granzow, Qualcomm Inc., Meeting Date:
Primitive End-to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting.
WG 3 Progress Report at TP15 Group Name: oneM2M TP15 Source: Raymond Forbes, LM Ericsson, Meeting Date: to
OneM2M Challenges of M2M Security and Privacy
App-ID Use Cases, Syntax and Attributes ARC R01-App-ID_Use_Cases,_Syntax_and_Attributes Group Name: Architecture Source: Darold Hemphill, iconectiv,
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.2,
Credential Identifiers Group Name: SEC#14.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
OIC INTERWORKING OPERATIONAL PROCEDURE (ADDRESSING AND DISCOVERY) Group Name: Architecture WG Source: Kiran Vedula, Samsung Electronics,
Issues pertaining to IOP test Group Name: TST Source: Jiaxin Yin, Huawei Technologies Co., Ltd. Meeting Date: Agenda Item: TBD.
E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.
PRO/ARC and TST/PRO joint sessions at TP20 Group Name: oneM2M TP20 Source: Peter Niblett, IBM Meeting Date:
Protocol Issues related to Plugtest Group Name: TST Source: Wolfgang Granzow, Qualcomm Inc., Meeting Date: Agenda.
End-to-End Primitive Security: Challenges and Suggestions Group Name: SEC WG Source: Qualcomm Inc., Phil Hawkes, Wolfgang Granzow, Josef Blanz Meeting.
Clarification of Access Control Mechanism on Rel-1 & Rel-2 Group Name: SEC ( ARC & PRO for information) Source: FUJITSU Meeting Date: Agenda.
WG2 PRO Status Report at TP19 Group Name: oneM2M TP19 Source: Peter Niblett, IBM Meeting Date: to Agenda Item: TP19, Item 10.3, Reports.
Call for input from WGs on things to test Group Name: TST Source: Jiaxin Yin, Huawei Technologies Co., Ltd., Meeting Date:
Issues of Current Access Control Rule and New Proposal Introduction Group Name: ARC 21 Source: Wei Zhou, Datang, Meeting Date:
Adding Non-blocking Requests Contribution: oneM2M-ARC-0441R01R01 Source: Josef Blanz, Qualcomm UK, Meeting Date: ARC 7.0,
Authorization Architecture Discussion Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 28 MAY, 2014 Agenda.
Protocol Issues related to Plugtest Group Name: TST Source: Wolfgang Granzow, Qualcomm Inc., Meeting Date: Agenda.
On-Boarding and Enrolment Group Name: SEC WG Source: Qualcomm Inc., Phil Hawkes, Wolfgang Granzow, Josef Blanz Meeting Date: SEC#22, Agenda.
Discussion of open issues for WebSocket binding Group Name: PRO WG Source: Qualcomm Inc., Wolfgang Granzow, Nobu Uchida Meeting Date: PRO#22,
Possible Solution of Interworking between oneM2M and OSGi
Specifying the Address of Management Client of Managed Entity Group Name: ARC Source: Hongbeom Ahn, SK Telecom, Meeting Date: TP#21 Agenda.
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.1,
Joint PRO/ARC session at TP20 Group Name: oneM2M TP20 Source: Peter Niblett, IBM Meeting Date:
Resource subscription using DDS in oneM2M
[authenticationProfile] <mgmtObj> specialization
Discussion on DDS protocol binding
oneM2M interop 3 issues and optimizations
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
Service Enabled AE (SAE)
End-to-End Security for Primitives
MIME Type Definition Group Name: PRO WG
Group multicast fanOut Procedure
2nd Interoperability testing issues
Possible options of using DDS in oneM2M
Discussion about Use Case and Architecture in Developer Guide
NIDD Discussion Points
Proposed design principles for modelling interworked devices
oneM2M Service Layer Protocol Version Handling
MAF&MEF Interface Specification discussion of the next steps
WPM ad-hoc group report TP#25
Proximal IoT Interworking solution discussion
Discussion to clarify online/offline behavior
Overview of E2E Security CRs
CMDH Refinement Contribution: oneM2M-ARC-0397R01
Discussion on XSD open issues
Service Layer Dynamic Authorization [SLDA]
3GPP and SIP-AAA requirements
Presentation transcript:

Summary of the MAF and MEF Interface Specification TS-0032 SEC-2017-0109 Summary of the MAF and MEF Interface Specification TS-0032 Group Name: TP#30 joint ARC/PRO/SEC session Source: Wolfgang Granzow, Qualcomm Inc, wgranzow@qti.qualcomm.com Phil Hawkes, Qualcomm Inc, phawkes@qti.qualcomm.com Meeting Date: 2017-07-05

Objective MAF and MEF interface specification is expected to be finalized at TP#30 Specifications consist of following parts: TS-0032 „MAF and MEF Interface Specification“ XML schema for new resource types defined in TS-0032 Additions to TS-0003: MAF procedures, MEF procedures, including Certificate Provisioning Introduction of reference points Mmaf and Mmef in TS-0001 (ARC-2017-0248R01/0249R01) TS-0032 to be ratified after TP#30 and become part of release 2A Objective of this presentation is to inform ARC and PRO WGs on the work accomplished in the SEC WG and to obtain feedback

Reference points Mmaf and Mmef Reminder: M2M Authentication function (MAF) serves MAF-authenticated Security Association Establishment and End-to End-Security M2M Enrolment Function (MEF) serves Remote Security Provisioning including Symmetric Key and Certificate provisioning Strong relation with Device Configuration specified in TS-0022 Mmaf: reference point between a „MAF client“ and a MAF Mmef: reference point between a „MEF client“ and a MEF MAF and MEF clients can act on behalf of a node (ADN, ASN, MN) or on behalf of an entity (AE or CSE)

Reference Architecture MAF

Reference Architecture MEF

Protocol applied on Mmaf and Mmef A variant of Mca/Mcc protocol with restricted functionality Only few request and response primitive parameters are applicable No subscriptions, notifications, announcements needed Blocking mode only Special set of 6 resource types No ACPs, access permitted only for the registered originator, and authenticated clients of target entities/nodes listed in a resource attribute (for Retrieve operation only) reusing bindings defined in TS-0008, TS-0009 and TS-0020 (CoAP, HTTP and WebSocket, MQTT assumed not applicable)

Applicable primitive parameters Request primitive: Parameter Multiplicity Notes Operation 1   To From 0..1 If not present, the MEF internally assigns From to be the identity of the Node, CSE or AE associated with the credential used for the MEF Handshake procedure. Request Identifier Resource Type Content Result Content Response primitive: Parameter Multiplicity Notes Response Status Code 1   Request Identifier Content 0..1

Applicable Resource Types Reference Point Resource Type Usage Mmef <MAFBase> Base resource of a MAF, corresponds to <CSEBase> <mafClientReg> Child of MAFBase, includes registration information of a MAF client, equivalent to <AE> Mmaf <MEFBase> Base resource of a MEF, corresponds to <CSEBase> <mefClientReg> Child of MEFBase, includes registration information of a MEF client, equivalent to <AE> <mefClientCmd> (see Note) Child of <mefClientReg>, contains an instruction to be executed by a MEF client Mmaf & Mmef <symmKeyReg> Child of <MAFBase> or <MEFBase>, carries symmetric key credentials assigned by the MAF or MEF and to be shared by source and target MAF or MEF clients NOTE: proposed at SEC#30, under discussion in SEC WG, overview presentation in SEC-2017-0103

Structure of TS-0032 Clause 5: General description 5.1 MAF Interface 5.2 MEF Interface Clause 6: Processing and representation of primitives 5.1 Common aspects 5.2 MAF Interface 5.3 MEF Interface Clause 7: Resource Type definitions corresponding to clause 9.6 of TS-0001 Clause 8: Resource Type specific procedures and definitions corresponding to clause 7.4 of TS-0004 Clause 9: Short names corresponding to clause 8.2 of TS-0004

Impact on TS-0003 Clause 12: Security-specific data types Clause 8.3: Detailed Specification of MEF procedures corresponding to clause 10 of TS-0001 8.3.5 MEF client registration and symmetric key provisioning 8.3.6 Certificate provisioning 8.3.7 MEF client configuration 8.3.x MEF client command processing (CR under review) Clause 8.6: Detailed Specification of MAF procedures 8.8.2 MAF Security Framework Processing and Information Flows 8.8.3 MAF client configuration Clause 12: Security-specific data types corresponding to clause 6.3 of TS-0004 Reusing data types defined in TS-0004 additional data types defined in a namespace identified by prefix „sec:“

XML Schema Resource types using namespace prefix „sec:“ Supplied as SEC-2017-0101 under review in SEC: SEC-commonTypes-v2_7_0.xsd SEC-MAFBase-v2_0_0.xsd SEC-mafClientReg-v2_0_0.xsd SEC-MEFBase-v2_0_0.xsd SEC-mefClientCmd-v2_0_0.xsd SEC-mefClientReg-v2_0_0.xsd SEC-symmKeyReg-v2_0_0.xsd

Final Steps Suggest doing a quick walk through TS-0032v0.1.0 (last update afterTP#29) in this session General corrections CR (mostly editorial) agreed as SEC-2017-0099R01 Introduction of <mefClientCmd> in SEC-2017, under review in SEC WG After including CRs agreed at TP#30, TS-0032 needs to be reviewed by editHelp! Resulting TS-0032v2.0.0 proposed to be ratified and published as part of Release 2A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.