Download presentation
Presentation is loading. Please wait.
Published byἜρεβος Παπανδρέου Modified over 6 years ago
1
Summary of the MAF and MEF Interface Specification TS-0032
SEC Summary of the MAF and MEF Interface Specification TS-0032 Group Name: TP#30 joint ARC/PRO/SEC session Source: Wolfgang Granzow, Qualcomm Inc, Phil Hawkes, Qualcomm Inc, Meeting Date:
2
Objective MAF and MEF interface specification is expected to be finalized at TP#30 Specifications consist of following parts: TS „MAF and MEF Interface Specification“ XML schema for new resource types defined in TS-0032 Additions to TS-0003: MAF procedures, MEF procedures, including Certificate Provisioning Introduction of reference points Mmaf and Mmef in TS-0001 (ARC R01/0249R01) TS-0032 to be ratified after TP#30 and become part of release 2A Objective of this presentation is to inform ARC and PRO WGs on the work accomplished in the SEC WG and to obtain feedback
3
Reference points Mmaf and Mmef
Reminder: M2M Authentication function (MAF) serves MAF-authenticated Security Association Establishment and End-to End-Security M2M Enrolment Function (MEF) serves Remote Security Provisioning including Symmetric Key and Certificate provisioning Strong relation with Device Configuration specified in TS-0022 Mmaf: reference point between a „MAF client“ and a MAF Mmef: reference point between a „MEF client“ and a MEF MAF and MEF clients can act on behalf of a node (ADN, ASN, MN) or on behalf of an entity (AE or CSE)
4
Reference Architecture MAF
5
Reference Architecture MEF
6
Protocol applied on Mmaf and Mmef
A variant of Mca/Mcc protocol with restricted functionality Only few request and response primitive parameters are applicable No subscriptions, notifications, announcements needed Blocking mode only Special set of 6 resource types No ACPs, access permitted only for the registered originator, and authenticated clients of target entities/nodes listed in a resource attribute (for Retrieve operation only) reusing bindings defined in TS-0008, TS-0009 and TS-0020 (CoAP, HTTP and WebSocket, MQTT assumed not applicable)
7
Applicable primitive parameters
Request primitive: Parameter Multiplicity Notes Operation 1 To From 0..1 If not present, the MEF internally assigns From to be the identity of the Node, CSE or AE associated with the credential used for the MEF Handshake procedure. Request Identifier Resource Type Content Result Content Response primitive: Parameter Multiplicity Notes Response Status Code 1 Request Identifier Content 0..1
8
Applicable Resource Types
Reference Point Resource Type Usage Mmef <MAFBase> Base resource of a MAF, corresponds to <CSEBase> <mafClientReg> Child of MAFBase, includes registration information of a MAF client, equivalent to <AE> Mmaf <MEFBase> Base resource of a MEF, corresponds to <CSEBase> <mefClientReg> Child of MEFBase, includes registration information of a MEF client, equivalent to <AE> <mefClientCmd> (see Note) Child of <mefClientReg>, contains an instruction to be executed by a MEF client Mmaf & Mmef <symmKeyReg> Child of <MAFBase> or <MEFBase>, carries symmetric key credentials assigned by the MAF or MEF and to be shared by source and target MAF or MEF clients NOTE: proposed at SEC#30, under discussion in SEC WG, overview presentation in SEC
9
Structure of TS-0032 Clause 5: General description
5.1 MAF Interface 5.2 MEF Interface Clause 6: Processing and representation of primitives 5.1 Common aspects 5.2 MAF Interface 5.3 MEF Interface Clause 7: Resource Type definitions corresponding to clause 9.6 of TS-0001 Clause 8: Resource Type specific procedures and definitions corresponding to clause 7.4 of TS-0004 Clause 9: Short names corresponding to clause 8.2 of TS-0004
10
Impact on TS-0003 Clause 12: Security-specific data types
Clause 8.3: Detailed Specification of MEF procedures corresponding to clause 10 of TS-0001 8.3.5 MEF client registration and symmetric key provisioning 8.3.6 Certificate provisioning 8.3.7 MEF client configuration 8.3.x MEF client command processing (CR under review) Clause 8.6: Detailed Specification of MAF procedures 8.8.2 MAF Security Framework Processing and Information Flows 8.8.3 MAF client configuration Clause 12: Security-specific data types corresponding to clause 6.3 of TS-0004 Reusing data types defined in TS-0004 additional data types defined in a namespace identified by prefix „sec:“
11
XML Schema Resource types using namespace prefix „sec:“
Supplied as SEC under review in SEC: SEC-commonTypes-v2_7_0.xsd SEC-MAFBase-v2_0_0.xsd SEC-mafClientReg-v2_0_0.xsd SEC-MEFBase-v2_0_0.xsd SEC-mefClientCmd-v2_0_0.xsd SEC-mefClientReg-v2_0_0.xsd SEC-symmKeyReg-v2_0_0.xsd
12
Final Steps Suggest doing a quick walk through TS-0032v0.1.0 (last update afterTP#29) in this session General corrections CR (mostly editorial) agreed as SEC R01 Introduction of <mefClientCmd> in SEC-2017, under review in SEC WG After including CRs agreed at TP#30, TS needs to be reviewed by editHelp! Resulting TS-0032v2.0.0 proposed to be ratified and published as part of Release 2A
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.