Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 2013-12-9 Agenda Item:

Similar presentations


Presentation on theme: "Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 2013-12-9 Agenda Item:"— Presentation transcript:

1 Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item: TBD

2 Introduction There were some discussions on whether oneM2M needs to define authorization of user in previous calls The motivation of the contribution is to introduce access control mechanism for user without any changes/impacts on current resource/architecture if we need the authorization of user This contribution is – To propose not to include any user context into resource/architecture – To provide means to access control per User © 2013 oneM2M Partners 2

3 We need to separate User  AE domain and AE  CSE domain © 2013 oneM2M Partners 3 User interacts with Application (AE). AE interacts with Application Framework (CSE). User doesn’t interact with Application Framework Imagine there is an Andriod application (e.g., Amazon). User logs in Amazon but it doesn’t mean User logs in Google; Authentication/Authorization of User shall be done at Amazon with Amazon User ID and PW. Google only knows Amazon Application ID and Amazon Application behavior.  Service Provider of AE and CSE cannot be the same. We should not allow Application Framework to know any context of User. Separation of Domains

4 Access Control per User? (1) How could we provide access control per User? – Case 1: Access Control on AE © 2013 oneM2M Partners 4 Access Control is done at AE. oneM2M doesn’t need to specify anything

5 Access Control per User? (2) – Case 2: Access Control on CSE (Delegation to CSE) 1.Use Extended AE ID consisting of App-Inst-ID and Extended-ID, Assign/Keep unique Extended-ID per User 2.Authorization per AE © 2013 oneM2M Partners 5

6 Proposal If we would like to achieve Authorization for User, it’s better to have unique AE ID per User – CSE doesn’t need to know User information (User ID, token, etc.) – It works with current architecture without changing resource/adding entities – We can reuse current access control mechanism defined in ARC (i.e., accessRight Resource) © 2013 oneM2M Partners 6


Download ppt "Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 2013-12-9 Agenda Item:"

Similar presentations


Ads by Google