Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2013-10-17.

Published byBernadette Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2013-10-17."— Presentation transcript:

1 Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, shingo_fujimoto@jp.fujitsu.com Meeting Date: 2013-10-17 Agenda Item: Access Control

2 Introduction Role-Based Access Control had discussed with collaborating WG2 and WG4 experts What is ‘Role’ is still not clear This contribution illustrates one view on the issue regarding concept of Role in M2M Service 2

3 oneM2M-ARC-2013-0457R01-User_Role_Concept Role-based Access Control In RBAC, Activity will be controlled following permissions to given to specific ‘Role’ RBAC steps: – Define Role: Roles are defined as allowed Activities in specific context – Assign Role(s) for user Authorization is minimal requirement – Control Activity by assigned Role Access control is enforced by Role 3

4 oneM2M-ARC-2013-0457R01-User_Role_Concept Discussion What kind of Roles should be defined in M2M System ? Clarification on the model of delegation of Ownership The way forward … 4

5 oneM2M-ARC-2013-0457R01-User_Role_Concept Actors in M2M System Privileged Actor – Administrator: Responsible to keep system running (But no responsibility on data content) Normal Actors – Device Owner: full access to device and its data – Data Provider: partial access only to the data – Application: restricted access with authorization 5

6 oneM2M-ARC-2013-0457R01-User_Role_Concept Characteristics of Data in M2M DataUse of DataOwnerActorsNote Measured Value Collecting information for application Device Owner, Data Provider Device Owner, Application Provider, Application Raw data collected from M2M Device, Note: updating data is only allowed Owner Processed Data Information generated from ‘Measured Value’ Data ProviderDevice Owner, Application Provider, Application Device Settings Control the behavior of Device or Gateways Device OwnerDevice Owner, Administrator Settings are User Configurable Parameters Device Runtime Manage Device to keep it healthy Device OwnerDevice Owner, Administrator Firmware, Applications on Device 6

7 oneM2M-ARC-2013-0457R01-User_Role_Concept Example of RBAC Attr-A Attr-B Attr-C Attr-D Att-E Attr-A Attr-B Attr-C Attr-D Att-E Attr-A Attr-B Attr-C Attr-D Att-E Attr-A Attr-B Attr-C Attr-D Att-E AdministratorDevice OwnerApp-1 App-2 Cannot Create resource Hidden From App-1 Hidden From App-1 Hidden From App-2 Can anything but never do it 7

8 oneM2M-ARC-2013-0457R01-User_Role_Concept [FYI]Difference of RBAC with ACL ACL assigns the permission to data object “RBAC differs from access control lists (ACLs), used in traditional discretionary access-control systems, in that it assigns permissions to specific operations with meaning in the organization, rather than to low level data objects. “ ACL does not support semantics: “The assignment of permission to perform a particular operation is meaningful” 8

Download ppt "Introducing User’s Role concept Group Name: WG2(ARC) and WG4(SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2013-10-17."

Similar presentations

RBAC Role-Based Access Control

RBAC Role-Based Access Control
File Server Organization and Best Practices IT Partners June, 02, 2010.

File Server Organization and Best Practices IT Partners June, 02, 2010.
Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 2013-12-9 Agenda Item:

Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.

Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies (2000) Author: Sylvia Osborn, Ravi Sandhu,Qamar Munawer.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:

Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
Role-Based Access Control Richard Newman (c) 2012 R. Newman.

Role-Based Access Control Richard Newman (c) 2012 R. Newman.
Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: 2013-10-18 Agenda Item:

Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: Agenda Item:
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2015-03-25 Agenda Item:

Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

Similar presentations

Ads by Google