Presentation is loading. Please wait.

Presentation is loading. Please wait.

Role Based Access Control In oneM2m

Published byPaul Stokes Modified over 9 years ago

Similar presentations

Presentation on theme: "Role Based Access Control In oneM2m"— Presentation transcript:

1 Role Based Access Control In oneM2m
Group Name: Requirements Working Group Source: Timothy Carey, Alcatel-Lucent, Meeting Date: Agenda Item: Requirements Working Group

2 Role Based Access Control
In Role Based Access Control (RBAC), permissions to access a resource is based on the Role (job function) of the requestor. RBAC has been described by NIST: This is similar to the user/group permission mechanism in a Unix OS A group is basically composed of a set of users. The administrator can give that group Read, Write and Execute privileges to that group For instance: the admin can create a group with all under-graduate students and grant that group read privilege to all under-graduate lecture (files) An under-graduate student is therefore a ‘Role’ A specific user can be in multiple groups -> therefore have multiple roles

3 oneM2M RBAC RBAC is expected to be used for the Services (e.g., Device Management) provided by the M2M Service Layer. Example roles for Device Management and Charging are: Device Management Administration – Systems that maintain device management functionalities Device Management Software Update – Systems that update software on the device Device Management Technical Support – Systems that provide device troubleshooting Charging Administration – Systems that maintain charging functionalities Charging Recorder – Systems that record charging data Charging Collector – Systems that collect charging data Roles are given access permissions on resources associated with the Service Device Management Software Update role might allow download, install, revert operations on application software within a device. Device Management Technical Support role might allow reset and read operations for a device.

4 Roles to Service Subscription
Subscribers are associated with Services via Service Subscriptions: Devices and Applications are associated with Service Subscriptions Roles are associated with Service Subscriptions which provides access control to the associated devices and applications Take for example: Subscriber X subscribes to Device Management Service (Subscription1) for Smart Grid Applications Device1 and Smart Grid Technical Support Application1 are associated with Subscription1 Role Device Management Technical Support is assigned to Smart Grid Technical Support Application1 in Subscription1

5 Role Based Translation
Role to Account Translation Account to ACL Translation

6 Role to ACL Translation
Application requests an Operation Smart Grid Technical Support Application1 requests a Reset operation in Device 1 M2M Service Layer Determines the DMS Account Role for Smart Grid Technical Support Application1 for Reset Operation on Device 1 in Subscription 1 is Device Management Technical Support DMS Account for Device Management Technical Support on Device 1 is Account1 DMS Translates Account to Device based ACL if necessary Some DMSs will not need to translate but will have mechanisms to secure the clients within the DMS.

7 OMA-DM Server Delegation
OMA-DM Servers provide the capability to delegate control of resources within a OMA-DM Client A Delegating DM Server controls access of a Delegated DM Server to resources within a DM Client via control of ACLs within the DM Client The DM Client connects to multiple servers to both DM Servers

8 DM Server Delegation Translation
Network Operator represents the delegating DM-Server; the Service Provider represents the delegated DM-Server. Access Control is enforced using the OMA-DM Delegation principles.

Download ppt "Role Based Access Control In oneM2m"

Similar presentations

Pharos Uniprint 8.3.

Pharos Uniprint 8.3.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.

28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
MI807: Database Systems for Managers Introduction –Course Goals & Schedule –Logistics –Syllabus Review Relational DBMS Basics –RDBMS Role in Applications.

MI807: Database Systems for Managers Introduction –Course Goals & Schedule –Logistics –Syllabus Review Relational DBMS Basics –RDBMS Role in Applications.
Chapter 2 Introduction to Systems Architecture. Chapter goals Discuss the development of automated computing Describe the general capabilities of a computer.

Chapter 2 Introduction to Systems Architecture. Chapter goals Discuss the development of automated computing Describe the general capabilities of a computer.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Installing software on personal computer

Installing software on personal computer
Understanding Active Directory

Understanding Active Directory
Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.

Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.
© 2010 VMware Inc. All rights reserved Access Control Module 8.

© 2010 VMware Inc. All rights reserved Access Control Module 8.
Access Control Module 8. Module 2-275 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.

Access Control Module 8. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.

Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Step by step approach Group Name: WG2

Step by step approach Group Name: WG2
April 2000Dr Milan Simic1 Network Operating Systems Windows NT.

April 2000Dr Milan Simic1 Network Operating Systems Windows NT.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

Similar presentations

Ads by Google