Download presentation
Presentation is loading. Please wait.
Published byNathaniel Singleton Modified over 9 years ago
1
Status Report on Access Control @ TP8 Group Name: WG2 Decision Meeting Date: 2014-01-09 Discussion Source: OBERTHUR Technologies Information Contact: v.dragan@oberthur.com Other Agenda Item: Report on Action items
2
Status This status, reports the agreed Access Control Terminology and Way Forwards at TP#8 on AC/ACL/RBAC – Agreed Access Control Terminology in oneM2M-REQ-2013-0429R2 – Agreed Way Forwards in oneM2M-SEC-2013-0083R01 © 2012 oneM2M Partners 2
3
Status This status reports the agreed Access Control Terminology and Way Forwards at TP#8 on AC/ACL/RBAC – Agreed Access Control Terminology in oneM2M-REQ-2013-0429R2 The word “Permission” has multiple meanings and often used interchangeably with the “Privilege” which cause confusion To make clear distinction between an entity’s privileges and its permissions, definitions of “Access Decision”, “Privilege” and Access control Attributes were agreed – Agreed Way Forwards in oneM2M-SEC-2013-0083R01 Alignment of the RBAC model Terminology with the existion oneM2M Terminology – (RBAC) User => (oneM2M) Originator – (RBAC) operations, objects => oneM2M (Hosting CSE resources) – Support for ACL and ABAC (Role as an attribute of ABAC) © 2012 oneM2M Partners 3
4
Agreed Access Control Definitions – Access Decision: Authorization reached when an entity’s Privileges, as well as other Access Control Attributes, are evaluated. – Privilege: Qualification given to an entity that allows a specific operation (e.g. Read/Update) on a specific resource (e.g.: an entry in ACL specifies a privilege, not an Access Decision). Note: In addition to being granted a Privilege, the entity must also satisfy any conditions of the Access Control Attributes. – Access Control Attributes: Set of parameters of the originator, target resource, and environment against which there could be rules evaluated to control access. Note: An example of Access Control Attributes of Originator is a role. Examples of Access Control Attributes of Environment are time, day and IP address. An example of Access Control Attributes of targeted resource is creation time. © 2012 oneM2M Partners 4 => “Permission” to be replaced by “Privilege”.
5
Agreed Way Forwards (1/2) Attribute-Based Access Control Decisions – The set of attributes to be considered to an authorization decision Access control attributes of Originator (e.g.: role, subscription…) Access control attributes of Environment (e.g.: Time, Day, IP address,…) Access control attributes of requested Resource (e.g. : create, …) Internal /External Access Control Policy Management – Design first Internal Access Control Policy Management – Access control Management component based on Enforcer and Decision. – FFS whether they are on same or separate CSE
6
Agreed Way Forwards (2/2) Delegation using Tokens Concept – Delegation is desirable feature – Action Item established Aiming for some support in Rel.1 (Human) User Concept – (Human) User is not known at CSE – User authorization will be provided through tokens and transparent to the CSE.
7
RBAC model aligned with the oneM2M Terminology Approval of specific operation on a specific resource ARC work is ongoing on Resources (through ACLs) Resource (or Data) is within an Object Operation (e.g.: CRUD) is ability to do something on Objects Lead ARC + support ALL Originator Attributes (Role, etc..) OPERA TIONS OBJECTS Privileges Originator Attributes Assignment (e.g. Role) Privileges Assignment for Access Decision Sess- ions originator_sessions session_attributes Authorization Evaluation FFS: Data Structure for decision f (ID, rôle, Access Rights subscription, service, etc…) Lead SEC + supp.ALL Controlled Access to Permissions Security features before access to resources is granted – Identification, – Authentication – Management of assignments and activation Sessions Attributes Privileges.. Lead SEC Hosting CSE
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.