M2M Service Subscription Profile Discussion Group Name: oneM2M TP #19.2 Source: LG Electronics Meeting Date: Agenda Item:

Slides:



Advertisements
Similar presentations
Access Control Mechanism Discussion
Advertisements

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Is a Node or not Node? ARC Node_resolution Group Name: ARC Source: Barbara Pareglio, NEC, Meeting Date: ARC#9.1 Agenda.
Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:
Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
Discussion on oneM2M HTTP Binding Interoperability Test Spec.
On Persistent AE Identifiers Group Name: SEC#12.2 Source: Phil Hawkes, Qualcomm Inc (TIA), Francois Ennesser,
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
oneM2M-OIC Interworking Technical Comparison
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:
PRO R01-URI_mapping_discussion Discussion on URI mapping in protocol context Group Name: PRO and ARC Source: Shingo Fujimoto, FUJITSU,
Authorization for IoT Group Name: oneM2M SEC WG Source: Francois Ennesser, Gemalto NV Meeting Date: Agenda Item:
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.
TS0001 Identifiers way forward Group Name: WG2 Source: Elloumi, Foti, Scarrone, Lu (tbc), Jeong (tbc) Meeting Date: Agenda Item: ARC11/PRO11.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
App-ID Discussion Group Name: ARC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 31 July 2014 Agenda Item: TBD.
WG 2 Progress Report at TP #8 Group Name: oneM2M TP #8 Source: WG2 leadership Meeting Date: /13 Agenda Item: WG Reports.
Supporting long polling Group Name: ARC WG Source: SeungMyeong, LG Electronics, Meeting Date: x-xx Agenda Item: TBD.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
Step by step approach Group Name: WG2 Source: Michael hs. Yang, LG uplus, Jaeseung Song, NEC Europe, Meeting.
Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Node-Specific Resource Group Name: ARC&MAS Source: LGE, Meeting Date: Agenda Item: Contribution.
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.2,
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
Routing Problem of the Current Architecture Group Name: ARC Source: Hongbeom Ahn, LG Electronics, Meeting Date: Agenda.
PRO/ARC and TST/PRO joint sessions at TP20 Group Name: oneM2M TP20 Source: Peter Niblett, IBM Meeting Date:
Discussion about RESTful Admin API Group Name: SEC & ARC Source: FUJITSU Meeting Date: Agenda Item: Device Configuration.
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
WG5 – MAS#21 Status Report Group Name: WG5 MAS (Management, Abstraction & Semantics) Source: Yongjing Zhang (Huawei, WG5 Chair) Meeting Date:
M2M Service Session Management (SSM) CSF Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Attribute-level access control Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 16 Agenda Item: TBD.
Clarification of Access Control Mechanism on Rel-1 & Rel-2 Group Name: SEC ( ARC & PRO for information) Source: FUJITSU Meeting Date: Agenda.
Issues of Current Access Control Rule and New Proposal Introduction Group Name: ARC 21 Source: Wei Zhou, Datang, Meeting Date:
Adding Non-blocking Requests Contribution: oneM2M-ARC-0441R01R01 Source: Josef Blanz, Qualcomm UK, Meeting Date: ARC 7.0,
Authorization Architecture Discussion Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 28 MAY, 2014 Agenda.
Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,
Issues about management Group Name: MAS9.2 Source: Jiaxin Yin, Huawei Technologies Co., Ltd., Meeting Date: Agenda Item:
Subscription and Notification Issue Group Name: WG2 Source: Qi Yu, Mitch Tseng- Huawei Technologies, Co. LTD. Meeting Date: ~23 Agenda Item:
Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
Reasons for CSF Clean-up (Issues & Next Steps) Group Name: WG2 Source: Syed Husain – NTT DOCOMO Meeting Date: (ARC_9.3) Agenda Item: 6 DOC#:
WG1 - REQ Progress Report at TP #11 Group Name: WG1 REQ (Requirements) Source: WG1 Vice Chairs Meeting Date: to Agenda Item: TP#11,
Directions for Release 3 Group Name: SEC Source: NEC Europe Ltd. Meeting Date: SEC22, Agenda Item: Discuss directions.
TS-0004 guideline for new resource type definition Group Name: PRO WG Source: SeungMyeong JEONG, LG Electronics Meeting Date: Agenda Item: TS.
Introduction to Service Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Possible options of using DDS in oneM2M Group Name: ARC Source: KETI, Huawei, Hitachi, China Unicom Meeting Date: Agenda Item: DDS binding.
Specifying the Address of Management Client of Managed Entity Group Name: ARC Source: Hongbeom Ahn, SK Telecom, Meeting Date: TP#21 Agenda.
Resource subscription using DDS in oneM2M
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
Service Enabled AE (SAE)
Group multicast fanOut Procedure
2nd Interoperability testing issues
Possible options of using DDS in oneM2M
Issues of <locationPolicy> Discussion
Discussion about Use Case and Architecture in Developer Guide
Proposed design principles for modelling interworked devices
oneM2M Service Layer Protocol Version Handling
3GPP Interworking Abstraction
oneM2M Versioning Next Steps
LWM2M Interworking with <mgmtObj> Resources
CMDH Refinement Contribution: oneM2M-ARC-0397R01
Service Layer Dynamic Authorization [SLDA]
Notification Target Discussion
3GPP Interworking and Multicast retransmission
Presentation transcript:

M2M Service Subscription Profile Discussion Group Name: oneM2M TP #19.2 Source: LG Electronics Meeting Date: Agenda Item:

Introduction To disccuss M2M Service Subscription Profile – Purpose – Mechanism – Question – Discussion Point © 2015 oneM2M Partners 2

Purpose of SSP App Provider A would like to provide App1 to M2M Service Provider A App Provider A contracts with M2M Service Provider A Based on the critieria (e.g., Payment, Service of App1), M2M Service Provider allows App1 to use Location, Data Management Service Only among various services able to be provided by M2M Service Provider A M2M Service Provider need to allow access when App1 wants to access Location / Data Management Service M2M Service Provider need to reject access when App1 wants to access the other Services  M2M Service Provider Allow/Deny Access By Using M2M Service Subscription Profile © 2015 oneM2M Partners 3 App Provider A M2M Service Provider A Contract

Mechanism of SSP After the Contract, M2M Service Provider A configure M2M Service Subscription Profile in IN-CSE. – App1 is allowed to create locationPolicy, Container, and ContentInstace Registrar CSE checks whether AE is allowed to create a certain resource type based on M2M Service Subscription Profile Registrar CSE is the entry point to access M2M System in AE point of view FYI, Currently only Create operation is considered (rel.1)  can be extend to other operations (rel.2?) © 2015 oneM2M Partners 4

Mechanism of SSP © 2015 oneM2M Partners 5 AE Registrar CSE Hosting CSE Create on Hosting CSE Check M2M Service Subscription Profile Check Access Control Policy Forward Perform Operation Response oneM2M System Entry Point of oneM2M System

Mechanism of SSP © 2015 oneM2M Partners 6 AE Registrar CSE Hosting CSE Create on Hosting CSE Check M2M Service Subscription Profile Response (Not Authorized) oneM2M System

Mechanism of SSP © 2015 oneM2M Partners 7 List of S-Role IDs What is S-Role(Service-Role) ID? – An M2M Service Role is defined as a create permission pertaining to resource types which are associated with M2M Service. See Annex G for examples of M2M Service Provider defined Service Roles. (in ARC TS) – In release 1, Only Create request shall be verified.

Mechanism of SSP © 2015 oneM2M Partners 8 Information of Node where AE resides AE or App Info Associated to Service Roles

Difference bet. SSP and ACP © 2015 oneM2M Partners 9 M2M Service Subscription Profile vs Access Control Policy – M2M Service Subscription Profile defines who is allowed to access which resource type per operation – Access Control Policy defines who is allowed to access which resource per operation AE1 Allowed to create / retrieve / update / delete container resource type  It doesn’t mean AE1 has permission to access all containers container1 container2 container3 AE1 Allowed to retrieve / update / delete AE2 Allowed to retrieve AE1/2 Allowed to retrieve

Question Why Both M2M Service Subscription Profile and Access Control Policy are used for access control in release 1? – Example: – Based on the contract, M2M Service Provider would like to allow App A to use Location and Data Management Service, so he gives AE1(App A) access right by configuring Access Control Policy – M2M Service Provider would like to allow App B to use Device Management and Data Management Service, so he gives AE2(App B) access right by configuring Access Control Policy – If AE2 gives access right to AE1 for Data Management, AE1 can also do Device Management (see below example) © 2015 oneM2M Partners 10 CSE1 node 1. AE1 Create resource for Device Management 2. AE1 gives access right to AE for this resource Create Update ACP 3. AE2 can do Device Management

Discussion Point Differenciation of S-Role and Role based Access Control – We need to differenciate Role based Access Control from S-Role Ambiguity in M2M Service Subscription Profile – How to handle? Make it clear? Completely remove the concept? © 2015 oneM2M Partners 11