Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2013-10-14.

Published byLeonard Sims Modified over 8 years ago

Similar presentations

Presentation on theme: "Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2013-10-14."— Presentation transcript:

1 Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, shingo_fujimoto@jp.fujitsu.com Meeting Date: 2013-10-14 Agenda Item: Access Control

2 Introduction Role-Based Access Control had discussed collaborating WG2 and WG4 experts What is ‘Role’ is still not clear This contribution illustrates one thinking on the concept of Role in M2M Service 2

3 oneM2M-ARC-2013-0457-User_Role_Concept Role-based Access Control The permissions to perform certain operations are assigned to specific ‘Role’ Users are not assigned permissions directly RBAC steps: – Define Role: Allowed operations in specific context – Assign Role(s) for user Authorization is minimal requirement – Control user operations by assigned(=authorized) Role 3

4 oneM2M-ARC-2013-0457-User_Role_Concept Discussion What can be Role in M2M System ? How benefits on introducing RBAC ? The way forward … 4

5 oneM2M-ARC-2013-0457-User_Role_Concept User of M2M System Administrator – Responsible to keep system running (But no responsibility on data content) Users – Device Owner: uses system to host the device – Data Provider: uses system to manage data – Application Provider: uses system as data provider – Application User: uses system as one of Web Service 5

6 oneM2M-ARC-2013-0457-User_Role_Concept Characteristics of Data in M2M DataUse of DataOwnerUserNote Measured Value Collecting information for application Device Owner, Data Provider Device Owner, Application Provider, Application User Raw data collected from M2M Device, Note: updating data is only allowed Owner Processed Data Information generated from ‘Measured Value’ Data ProviderDevice Owner, Application Provider, Application User Device Settings Control the behavior of Device or Gateways Device OwnerDevice Owner, Administrator Settings are User Configurable Parameters Device Runtime Manage Device to keep it healthy Device OwnerDevice Owner, Administrator Firmware, Applications on Device 6

7 oneM2M-ARC-2013-0457-User_Role_Concept Some Example for RBAC My home doctor can read my health records, but other doctor cannot. => I can give permission to the hospital This device is not allowed to update firmware by user, but possible to authorized by vendor. => When the user obtained the authorization code from vendor become firmware update 7

8 oneM2M-ARC-2013-0457-User_Role_Concept Conclusion Removing the Access Control Rule attribute from Resource is suggested (Role can be defined within domain scope) Each CSF will determine if the operation is allowed or not by role of user Role can ease access control since access pattern in M2M system is not so vary. 8

9 oneM2M-ARC-2013-0457-User_Role_Concept [FYI]Difference of RBAC with ACL ACL assigns the permission to data object “RBAC differs from access control lists (ACLs), used in traditional discretionary access-control systems, in that it assigns permissions to specific operations with meaning in the organization, rather than to low level data objects. “ ACL does not support semantics: “The assignment of permission to perform a particular operation is meaningful” 9

Download ppt "Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2013-10-14."

Similar presentations

File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:

Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: 2013-10-18 Agenda Item:

Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: Agenda Item:
DLM: The uPortal Pushmi-Pullyu JA-SIG with Altitude, Denver 2007 Susan Bramhall,Yale University Jim Helwig, University of Wisconsin-Madison.

DLM: The uPortal Pushmi-Pullyu JA-SIG with Altitude, Denver 2007 Susan Bramhall,Yale University Jim Helwig, University of Wisconsin-Madison.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-19 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2015-03-25 Agenda Item:

Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:
PRO-2014-0516R01-URI_mapping_discussion Discussion on URI mapping in protocol context Group Name: PRO and ARC Source: Shingo Fujimoto, FUJITSU,

PRO R01-URI_mapping_discussion Discussion on URI mapping in protocol context Group Name: PRO and ARC Source: Shingo Fujimoto, FUJITSU,
Agent-Oriented Data Curation in Bioinformatics Simon Miles University of Southampton PASOA project: www.pasoa.org.

Agent-Oriented Data Curation in Bioinformatics Simon Miles University of Southampton PASOA project:
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-26 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

Similar presentations

Ads by Google