Presentation is loading. Please wait.

Presentation is loading. Please wait.

Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: 2014-01-09 Discussion  Source: OBERTHUR Technologies Information  Contact:

Published byNathaniel Singleton Modified over 9 years ago

Similar presentations

Presentation on theme: "Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: 2014-01-09 Discussion  Source: OBERTHUR Technologies Information  Contact:"— Presentation transcript:

1 Status Report on Access Control @ TP8 Group Name: WG2 Decision  Meeting Date: 2014-01-09 Discussion  Source: OBERTHUR Technologies Information  Contact: v.dragan@oberthur.com Other  Agenda Item: Report on Action items

2 Status This status, reports the agreed Access Control Terminology and Way Forwards at TP#8 on AC/ACL/RBAC – Agreed Access Control Terminology in oneM2M-REQ-2013-0429R2 – Agreed Way Forwards in oneM2M-SEC-2013-0083R01 © 2012 oneM2M Partners 2

3 Status This status reports the agreed Access Control Terminology and Way Forwards at TP#8 on AC/ACL/RBAC – Agreed Access Control Terminology in oneM2M-REQ-2013-0429R2 The word “Permission” has multiple meanings and often used interchangeably with the “Privilege” which cause confusion To make clear distinction between an entity’s privileges and its permissions, definitions of “Access Decision”, “Privilege” and Access control Attributes were agreed – Agreed Way Forwards in oneM2M-SEC-2013-0083R01 Alignment of the RBAC model Terminology with the existion oneM2M Terminology – (RBAC) User => (oneM2M) Originator – (RBAC) operations, objects => oneM2M (Hosting CSE resources) – Support for ACL and ABAC (Role as an attribute of ABAC) © 2012 oneM2M Partners 3

4 Agreed Access Control Definitions – Access Decision: Authorization reached when an entity’s Privileges, as well as other Access Control Attributes, are evaluated. – Privilege: Qualification given to an entity that allows a specific operation (e.g. Read/Update) on a specific resource (e.g.: an entry in ACL specifies a privilege, not an Access Decision). Note: In addition to being granted a Privilege, the entity must also satisfy any conditions of the Access Control Attributes. – Access Control Attributes: Set of parameters of the originator, target resource, and environment against which there could be rules evaluated to control access. Note: An example of Access Control Attributes of Originator is a role. Examples of Access Control Attributes of Environment are time, day and IP address. An example of Access Control Attributes of targeted resource is creation time. © 2012 oneM2M Partners 4 => “Permission” to be replaced by “Privilege”.

5 Agreed Way Forwards (1/2) Attribute-Based Access Control Decisions – The set of attributes to be considered to an authorization decision Access control attributes of Originator (e.g.: role, subscription…) Access control attributes of Environment (e.g.: Time, Day, IP address,…) Access control attributes of requested Resource (e.g. : create, …) Internal /External Access Control Policy Management – Design first Internal Access Control Policy Management – Access control Management component based on Enforcer and Decision. – FFS whether they are on same or separate CSE

6 Agreed Way Forwards (2/2) Delegation using Tokens Concept – Delegation is desirable feature – Action Item established Aiming for some support in Rel.1 (Human) User Concept – (Human) User is not known at CSE – User authorization will be provided through tokens and transparent to the CSE.

7 RBAC model aligned with the oneM2M Terminology Approval of specific operation on a specific resource ARC work is ongoing on Resources (through ACLs) Resource (or Data) is within an Object Operation (e.g.: CRUD) is ability to do something on Objects Lead ARC + support ALL Originator Attributes (Role, etc..) OPERA TIONS OBJECTS Privileges Originator Attributes Assignment (e.g. Role) Privileges Assignment for Access Decision Sess- ions originator_sessions session_attributes Authorization Evaluation FFS: Data Structure for decision f (ID, rôle, Access Rights subscription, service, etc…) Lead SEC + supp.ALL Controlled Access to Permissions Security features before access to resources is granted – Identification, – Authentication – Management of assignments and activation Sessions Attributes Privileges.. Lead SEC Hosting CSE

Download ppt "Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: 2014-01-09 Discussion  Source: OBERTHUR Technologies Information  Contact:"

Similar presentations

Access Control Mechanism Discussion

Access Control Mechanism Discussion
CMDH Refinement Contribution: oneM2M-ARC-0397

CMDH Refinement Contribution: oneM2M-ARC-0397
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 2013-12-9 Agenda Item:

Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:
Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.

Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.

Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.

RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-19 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
CSCE 201 Introduction to Information Security Fall 2010 Access Control.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-26 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Answer the Questions Regarding Pending Issues on Access Control Group Name: WG4 SEC Source: LG Electronics Meeting Date: 2014-07-15 Agenda Item: SEC#11.4.

Answer the Questions Regarding Pending Issues on Access Control Group Name: WG4 SEC Source: LG Electronics Meeting Date: Agenda Item: SEC#11.4.
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: 2014-04-07 Agenda Item: Management.

Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.

Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
WG 2 Progress Report at TP #8 Group Name: oneM2M TP #8 Source: WG2 leadership Meeting Date: 2013-12-09/13 Agenda Item: WG Reports.

WG 2 Progress Report at TP #8 Group Name: oneM2M TP #8 Source: WG2 leadership Meeting Date: /13 Agenda Item: WG Reports.
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Similar presentations

Ads by Google