Presentation is loading. Please wait.

Presentation is loading. Please wait.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

Published byLenard Walters Modified over 9 years ago

Similar presentations

Presentation on theme: "2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting."— Presentation transcript:

1 2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, shingo_fujimoto@jp.fujitsu.com Meeting Date: 2014-03-05 Agenda Item: Access Control in protocol

2 © 2014 oneM2M Partners SEC-2014-0222-2-Levels_Access_Control Introduction That is not clear yet how to implement 2- levels access control which is introduced in ArchTS This contribution proposed how we can implement 2 level of access control on HTTP considering best practices found in real world. 2

3 © 2014 oneM2M Partners SEC-2014-0222-2-Levels_Access_Control 2-levels Access Control Model AE Local CSE IN-CSE Hosting CSE Check if AE is registered Check if AE is authorized to access resource Mca Mcc 3

4 © 2014 oneM2M Partners SEC-2014-0222-2-Levels_Access_Control (High Level) Proposal Introduce token-based access control mechanism for HTTP Protocol binding as well as traditional password-based access control OAuth2 specification should be considered as the solution for HTTP protocol binding for access control mechanism 4

5 © 2014 oneM2M Partners SEC-2014-0222-2-Levels_Access_Control [FYI] Access Control for HTTP Basic Authentication – Widely used to authenticate identity with pre- shared secret (=password) Bearer Authorization [RFC6750] – Widely used to carry the access token data which can work with OAuth2 based systems 5

6 © 2014 oneM2M Partners SEC-2014-0222-2-Levels_Access_Control Proposal on implementation Local CSE will behave as proxy-server AE will connect to Local CSE, and request to establish TLS connection to targeted Host by issuing CONNECT method. Targeted CSE may forward the request to 1- hop further CSE. The credential to pass the check if AE is registered to be carried by “Proxy- Authorization” header 6

7 © 2014 oneM2M Partners SEC-2014-0222-2-Levels_Access_Control [FYI] Communication Flow AE Local CSE IN-CSE hosting-CSE Establish TLS session CONNECT m2m.example.com:443 HTTP/1.1 Host: lcse.example.com Proxy-Authorization: CONNECT incse.example.com:443 HTTP/1.1 GET /cse3/foo/bar HTTP/1.1 Host: m2m.example.com Authorization: Bearer CONNECT hcse.example.com:443 HTTP/1.1 Reqs over TLS connction 7

8 © 2014 oneM2M Partners SEC-2014-0222-2-Levels_Access_Control Proposal WG4 member should consider on feasibility of proposed solution to implement 2-levels access control WG4 member should consider on required APIs to accommodate proposed solution. 8

Download ppt "2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting."

Similar presentations

CMDH Refinement Contribution: oneM2M-ARC-0397

CMDH Refinement Contribution: oneM2M-ARC-0397
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 2013-12-9 Agenda Item:

Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.

Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:

Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:

Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
OneM2M-ARC-2013-0365-Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,

OneM2M-ARC Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21, 2014 1.

SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
Requirements Overview Group Name: Technical Plenary (TP19) Source: Shelby Kiewel, iconectiv, Meeting Date: 2015-09-07 Agenda Item:

Requirements Overview Group Name: Technical Plenary (TP19) Source: Shelby Kiewel, iconectiv, Meeting Date: Agenda Item:
Step by step approach Group Name: WG2

Step by step approach Group Name: WG2
Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: 2013-10-18 Agenda Item:

Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: Agenda Item:
Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2015-03-25 Agenda Item:

Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:
End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date: 2015-05-18.

End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date:
PRO-2014-0516R01-URI_mapping_discussion Discussion on URI mapping in protocol context Group Name: PRO and ARC Source: Shingo Fujimoto, FUJITSU,

PRO R01-URI_mapping_discussion Discussion on URI mapping in protocol context Group Name: PRO and ARC Source: Shingo Fujimoto, FUJITSU,
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: 2014-04-07 Agenda Item: Management.

Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.
Usage Scenarios for CSE Group Name: WG2(ARC-WG) Source: Shingo Meeting Date: 2013-09-19 Agenda Item: Message.

Usage Scenarios for CSE Group Name: WG2(ARC-WG) Source: Shingo Meeting Date: Agenda Item: Message.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.

Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
Response Status Codes Concepts for oneM2M Group Name: WG3 Source: Philip Jacobs, Cisco, Meeting Date: 2014-05-22 Agenda Item: TS-0004.

Response Status Codes Concepts for oneM2M Group Name: WG3 Source: Philip Jacobs, Cisco, Meeting Date: Agenda Item: TS-0004.

Similar presentations

Ads by Google