2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

Slides:



Advertisements
Similar presentations
CMDH Refinement Contribution: oneM2M-ARC-0397
Advertisements

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
OneM2M-ARC Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
Requirements Overview Group Name: Technical Plenary (TP19) Source: Shelby Kiewel, iconectiv, Meeting Date: Agenda Item:
Step by step approach Group Name: WG2
Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: Agenda Item:
Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:
End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date:
PRO R01-URI_mapping_discussion Discussion on URI mapping in protocol context Group Name: PRO and ARC Source: Shingo Fujimoto, FUJITSU,
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.
Usage Scenarios for CSE Group Name: WG2(ARC-WG) Source: Shingo Meeting Date: Agenda Item: Message.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
Response Status Codes Concepts for oneM2M Group Name: WG3 Source: Philip Jacobs, Cisco, Meeting Date: Agenda Item: TS-0004.
Fuctional Procedure for oiC interworking
Supporting long polling Group Name: ARC WG Source: SeungMyeong, LG Electronics, Meeting Date: x-xx Agenda Item: TBD.
Proposal for WG3 & WG5 work area split
Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
Step by step approach Group Name: WG2 Source: Michael hs. Yang, LG uplus, Jaeseung Song, NEC Europe, Meeting.
Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Primitive End-to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting.
Technical questions on oneM2M certification Group Name: TST Source: JaeSeung Song KETI, TST WG Chair Meeting Date: Agenda.
OneM2M Challenges of M2M Security and Privacy
Securing Angular Apps Brian Noyes
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
Issues pertaining to IOP test Group Name: TST Source: Jiaxin Yin, Huawei Technologies Co., Ltd. Meeting Date: Agenda Item: TBD.
M2M Service Session Management (SSM) CSF
E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.
Routing Problem of the Current Architecture Group Name: ARC Source: Hongbeom Ahn, LG Electronics, Meeting Date: Agenda.
M2M Service Subscription Profile Discussion Group Name: oneM2M TP #19.2 Source: LG Electronics Meeting Date: Agenda Item:
SE abstraction scenarios Group Name: SEC Source: Claus Dietze, Giesecke & Devrient Meeting Date: Agenda Item: WI SE abstraction.
Introducing Event handler Group Name: SEC & ARC Source: FUJITSU Meeting Date: Agenda Item: Device Configuration.
Discussion about RESTful Admin API Group Name: SEC & ARC Source: FUJITSU Meeting Date: Agenda Item: Device Configuration.
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
SEC #11 WG4 Status & Release 1 Outlook Group Name: Source:,, Meeting Date: Agenda Item:
Issue regarding authentication at MN-CSE Group Name: ARC & SEC Source: FUJITSU Meeting Date: Agenda Item: Security Admin API.
Streaming Session Support in oneM2M Framework Group Name: WG2 Source: George Foti, Ericsson Meeting Date: Work Item :WI GPP_Rel13_IWK.
3GPP SCEF Interworking Discussions
M2M Service Session Management (SSM) CSF Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Clarification of Access Control Mechanism on Rel-1 & Rel-2 Group Name: SEC ( ARC & PRO for information) Source: FUJITSU Meeting Date: Agenda.
Authorization Architecture Discussion Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 28 MAY, 2014 Agenda.
Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,
FUCTIONAL ARCHITECTURE FOR OIC INTERWORKING Group Name: Architecture WG Source: Jieun Keum, Samsung Electronics,
Subscription and Notification Issue Group Name: WG2 Source: Qi Yu, Mitch Tseng- Huawei Technologies, Co. LTD. Meeting Date: ~23 Agenda Item:
Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
ARC Possible_Collaboration_Area_with_OSGi.pptx Possible Collaboration Area with OSGi Group Name: ARC WG Source: Hiroyuki Maeomichi, NTT (TTC)
Discussion on oneM2M and OSGi Interworking Group Name: ARC Source: Jessie, Huawei, Meeting Date: Agenda Item:
Discussion about Interoperability (&versioning) Group Name: PRO & ARC Source: FUJITSU Meeting Date: Agenda Item: TS-0004.
Introduction to Service Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López
Possible options of using DDS in oneM2M Group Name: ARC Source: KETI, Huawei, Hitachi, China Unicom Meeting Date: Agenda Item: DDS binding.
Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
Specifying the Address of Management Client of Managed Entity Group Name: ARC Source: Hongbeom Ahn, SK Telecom, Meeting Date: TP#21 Agenda.
WMarket For Developers API && Authorization.
MIME Type Definition Group Name: PRO WG
Group multicast fanOut Procedure
Possible options of using DDS in oneM2M
Discussion to clarify online/offline behavior
oneM2M Versioning Next Steps
Considering issues regarding handling token
Addressing the Beast: Single Sign-On II
WStore Programmer Guide
Presentation transcript:

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item: Access Control in protocol

© 2014 oneM2M Partners SEC Levels_Access_Control Introduction That is not clear yet how to implement 2- levels access control which is introduced in ArchTS This contribution proposed how we can implement 2 level of access control on HTTP considering best practices found in real world. 2

© 2014 oneM2M Partners SEC Levels_Access_Control 2-levels Access Control Model AE Local CSE IN-CSE Hosting CSE Check if AE is registered Check if AE is authorized to access resource Mca Mcc 3

© 2014 oneM2M Partners SEC Levels_Access_Control (High Level) Proposal Introduce token-based access control mechanism for HTTP Protocol binding as well as traditional password-based access control OAuth2 specification should be considered as the solution for HTTP protocol binding for access control mechanism 4

© 2014 oneM2M Partners SEC Levels_Access_Control [FYI] Access Control for HTTP Basic Authentication – Widely used to authenticate identity with pre- shared secret (=password) Bearer Authorization [RFC6750] – Widely used to carry the access token data which can work with OAuth2 based systems 5

© 2014 oneM2M Partners SEC Levels_Access_Control Proposal on implementation Local CSE will behave as proxy-server AE will connect to Local CSE, and request to establish TLS connection to targeted Host by issuing CONNECT method. Targeted CSE may forward the request to 1- hop further CSE. The credential to pass the check if AE is registered to be carried by “Proxy- Authorization” header 6

© 2014 oneM2M Partners SEC Levels_Access_Control [FYI] Communication Flow AE Local CSE IN-CSE hosting-CSE Establish TLS session CONNECT m2m.example.com:443 HTTP/1.1 Host: lcse.example.com Proxy-Authorization: CONNECT incse.example.com:443 HTTP/1.1 GET /cse3/foo/bar HTTP/1.1 Host: m2m.example.com Authorization: Bearer CONNECT hcse.example.com:443 HTTP/1.1 Reqs over TLS connction 7

© 2014 oneM2M Partners SEC Levels_Access_Control Proposal WG4 member should consider on feasibility of proposed solution to implement 2-levels access control WG4 member should consider on required APIs to accommodate proposed solution. 8

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.