Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: 2014-01-09 Discussion  Source: OBERTHUR Technologies Information  Contact:

Slides:



Advertisements
Similar presentations
Access Control Mechanism Discussion
Advertisements

CMDH Refinement Contribution: oneM2M-ARC-0397
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:
Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Answer the Questions Regarding Pending Issues on Access Control Group Name: WG4 SEC Source: LG Electronics Meeting Date: Agenda Item: SEC#11.4.
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
WG 2 Progress Report at TP #8 Group Name: oneM2M TP #8 Source: WG2 leadership Meeting Date: /13 Agenda Item: WG Reports.
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.
Windows Role-Based Access Control Longhorn Update
Supporting long polling Group Name: ARC WG Source: SeungMyeong, LG Electronics, Meeting Date: x-xx Agenda Item: TBD.
Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
TP WG1 status report to TP#16 Group Name: oneM2M TP16 Source: Shelby Kiewel (iconectiv) Meeting Date: to Agenda Item: TP#16,
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
WG 2 Progress Report at TP#9 Group Name: oneM2M TP #9 Source: WG2 leadership Meeting Date: /21 Agenda Item: WG Reports.
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.2,
SEC Conference calls following TP#11 Group Name: WG4 (SEC ) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information.
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
Role Based Access Control In oneM2m
M2M Service Session Management (SSM) CSF
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
WG-2 - ARC TP #18 Status Report Group Name: oneM2M TP #18 Source: WG2 Chair (Nicolas Damour – Meeting Date: Agenda.
M2M Service Subscription Profile Discussion Group Name: oneM2M TP #19.2 Source: LG Electronics Meeting Date: Agenda Item:
Discussion about RESTful Admin API Group Name: SEC & ARC Source: FUJITSU Meeting Date: Agenda Item: Device Configuration.
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
SEC #11 WG4 Status & Release 1 Outlook Group Name: Source:,, Meeting Date: Agenda Item:
M2M Service Session Management (SSM) CSF Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Attribute-level access control Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 16 Agenda Item: TBD.
WG2 - ARC TP #20 Status Report Group Name: oneM2M TP #20 Source: WG2 Chair (Nicolas Damour – Meeting Date: Agenda.
Clarification of Access Control Mechanism on Rel-1 & Rel-2 Group Name: SEC ( ARC & PRO for information) Source: FUJITSU Meeting Date: Agenda.
Issues of Current Access Control Rule and New Proposal Introduction Group Name: ARC 21 Source: Wei Zhou, Datang, Meeting Date:
WG1 status report to TP#20 Group Name: oneM2M TP20 Source: Joerg Swetina (NEC) Meeting Date: to Agenda Item: TP#19, Item 10.4, Reports.
Adding Non-blocking Requests Contribution: oneM2M-ARC-0441R01R01 Source: Josef Blanz, Qualcomm UK, Meeting Date: ARC 7.0,
Authorization Architecture Discussion Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 28 MAY, 2014 Agenda.
Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,
Subscription and Notification Issue Group Name: WG2 Source: Qi Yu, Mitch Tseng- Huawei Technologies, Co. LTD. Meeting Date: ~23 Agenda Item:
Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
DM Collaboration – OMA & BBF: Deployment Scenarios Group Name: WG5 - MAS Source: Tim Carey, ALU, Meeting Date:
WG1 - REQ Progress Report at TP #11 Group Name: WG1 REQ (Requirements) Source: WG1 Vice Chairs Meeting Date: to Agenda Item: TP#11,
TS-0004 guideline for new resource type definition Group Name: PRO WG Source: SeungMyeong JEONG, LG Electronics Meeting Date: Agenda Item: TS.
Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
Specifying the Address of Management Client of Managed Entity Group Name: ARC Source: Hongbeom Ahn, SK Telecom, Meeting Date: TP#21 Agenda.
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.1,
Adding Role to ACPs Group Name: SEC Source: OBERTHUR Technologies, Dragan Vujcic Meeting Date: Agenda Item: RBAC.
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
Service Enabled AE (SAE)
End-to-End Security for Primitives
Discussion about Use Case and Architecture in Developer Guide
MAF&MEF Interface Specification discussion of the next steps
Considering issues regarding handling token
CMDH Refinement Contribution: oneM2M-ARC-0397R01
Service Layer Dynamic Authorization [SLDA]
Access Control What’s New?
Presentation transcript:

Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact: Other  Agenda Item: Report on Action items

Status This status, reports the agreed Access Control Terminology and Way Forwards at TP#8 on AC/ACL/RBAC – Agreed Access Control Terminology in oneM2M-REQ R2 – Agreed Way Forwards in oneM2M-SEC R01 © 2012 oneM2M Partners 2

Status This status reports the agreed Access Control Terminology and Way Forwards at TP#8 on AC/ACL/RBAC – Agreed Access Control Terminology in oneM2M-REQ R2 The word “Permission” has multiple meanings and often used interchangeably with the “Privilege” which cause confusion To make clear distinction between an entity’s privileges and its permissions, definitions of “Access Decision”, “Privilege” and Access control Attributes were agreed – Agreed Way Forwards in oneM2M-SEC R01 Alignment of the RBAC model Terminology with the existion oneM2M Terminology – (RBAC) User => (oneM2M) Originator – (RBAC) operations, objects => oneM2M (Hosting CSE resources) – Support for ACL and ABAC (Role as an attribute of ABAC) © 2012 oneM2M Partners 3

Agreed Access Control Definitions – Access Decision: Authorization reached when an entity’s Privileges, as well as other Access Control Attributes, are evaluated. – Privilege: Qualification given to an entity that allows a specific operation (e.g. Read/Update) on a specific resource (e.g.: an entry in ACL specifies a privilege, not an Access Decision). Note: In addition to being granted a Privilege, the entity must also satisfy any conditions of the Access Control Attributes. – Access Control Attributes: Set of parameters of the originator, target resource, and environment against which there could be rules evaluated to control access. Note: An example of Access Control Attributes of Originator is a role. Examples of Access Control Attributes of Environment are time, day and IP address. An example of Access Control Attributes of targeted resource is creation time. © 2012 oneM2M Partners 4 => “Permission” to be replaced by “Privilege”.

Agreed Way Forwards (1/2) Attribute-Based Access Control Decisions – The set of attributes to be considered to an authorization decision Access control attributes of Originator (e.g.: role, subscription…) Access control attributes of Environment (e.g.: Time, Day, IP address,…) Access control attributes of requested Resource (e.g. : create, …) Internal /External Access Control Policy Management – Design first Internal Access Control Policy Management – Access control Management component based on Enforcer and Decision. – FFS whether they are on same or separate CSE

Agreed Way Forwards (2/2) Delegation using Tokens Concept – Delegation is desirable feature – Action Item established Aiming for some support in Rel.1 (Human) User Concept – (Human) User is not known at CSE – User authorization will be provided through tokens and transparent to the CSE.

RBAC model aligned with the oneM2M Terminology Approval of specific operation on a specific resource ARC work is ongoing on Resources (through ACLs) Resource (or Data) is within an Object Operation (e.g.: CRUD) is ability to do something on Objects Lead ARC + support ALL Originator Attributes (Role, etc..) OPERA TIONS OBJECTS Privileges Originator Attributes Assignment (e.g. Role) Privileges Assignment for Access Decision Sess- ions originator_sessions session_attributes Authorization Evaluation FFS: Data Structure for decision f (ID, rôle, Access Rights subscription, service, etc…) Lead SEC + supp.ALL Controlled Access to Permissions Security features before access to resources is granted – Identification, – Authentication – Management of assignments and activation Sessions Attributes Privileges.. Lead SEC Hosting CSE

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.