Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Similar presentations


Presentation on theme: "Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:"— Presentation transcript:

1 Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, zhouwei@catt.cn Meeting Date: Agenda Item:

2 General Information about The WI Proposal Work Item Title: Study of Authorization Architecture for Supporting Heterogeneous Access Control Policies Work Item Content:  Detailed design of authorization architecture  Supporting user specified access control policies  Using XACML in oneM2M authorization system Why set up this work item: Related topics have been suggested to be firstly discussed in a TR.

3 Detailed Design of Authorization Architecture (1/2) Investigating the interfaces among authoriztion components Investigating how these components could be distributed in different oneM2M entities Investigating how to use service subscription roles

4 Detailed Design of Authorization Architecture (2/2) Topics related to interfaces among these components: Message flows Message contents Message formats Topics related to distributed authorization components: Establishing trust relations among authorization components Securing message exchanges among authorization components Topics related using service subscription roles: Retrieving service subscription roles RBAC policy and evaluation

5 Supporting User Specified Access Control Policies It is difficult to predict all oneM2M access control requirements, so the oneM2M authorization system shall being an extensible system that can support: User-defined access control mechanisms User-defined access control policy languages

6 Using XACML in oneM2M authorization system eXtensible Access Control Markup Language (XACML) is an XML-based access control language defined by the Organization for the Advancement of Structured Information Standards (OASIS). XACML access control framework conforms to the Attribute Based Access Control (ABAC). XACML is currently the only standardized access control policy language.

7 XACML supports different types of access control mechanisms, e.g. ACL, RBAC, ABAC; XACML supports a variety of rule and policy combing algorithms; XACML is extensible, e.g. adding new data types, new functions, roles and/or authoriztion tokens. XACML Policy Structure and Main Features

8 New Proposal for Part 3 Investigating existing access control policy languages and security policies: Some standardization organizations have defined some access control policy languages or security policies. For example eXtensible Access Control Markup Language (XACML) is an XML-based access control language that is defined by the Organization for the Advancement of Structured Information Standards (OASIS). XACML access control framework also conforms to the Attribute Based Access Control (ABAC). This WI will investigate if these access control policy languages or security policies can be adopted and used by oneM2M authorization system.


Download ppt "Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:"

Similar presentations


Ads by Google