Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:

Published byDoreen Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:"— Presentation transcript:

1 Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, v.dragan@oberthur.com Meeting Date: 09/12/2013 Agenda Item:

2 Status This status reflects the discussions of the Ad-Hoc AC/ACL/RBAC calls between TP#7 and TP#8 Contribution submitted © 2012 oneM2M Partners 2 SEC-2013-0056Terminologies and Procedures for RBACFUJITSUDiscussed Revision expected SEC-2013-0060R01 In-Band Access Control FrameworkQualcommDiscussed Revision expected SEC-2013-0063ALU Comments on SEC-2013-0056Alcatel- Lucent Discussed Requirements for approval SEC-2013-0061Draft way Forward on Access control Model and associated Terminology OberthurPostponed

3 USER concept USER of Application (Application Domain) – Is seen to be out of scope of the oneM2M Access Control Management (User Authentication at AE) – Access Control decision and Security impacts at CSE is to be considered- FFS USER of Service Layer (Service Layer Domain) – Using/Consuming the CSE Service/Resources. – USER as OWNER of the application – USER is Role based (RBAC principle) – Roles Authentication and Authorization at CSE © 2012 oneM2M Partners 3

4 In/Out Band Access Control In Band Access control – Authentication and Authorization at Service Layer ( CSE ) – FFS for Authorization Enforcement and Decision CSE Out Band Access control – External Authentication and Authorization – E.g.: OAuth, OpenID Both to be supported by oneM2M TBD if both or prioritize one at Rel.1 timeframe © 2012 oneM2M Partners 4

5 Attribute-Based Access Control RBAC+ABAC – Access Control Decision based on Roles and additional attributes. – Attributes may be characteristics of a role requesting access, as well as attributes of the resources being requested, against a policy that defines who is allowed to receive access and under what conditions Support for ABAC in Rel.2 TBD if needed at Rel.1 timeframe © 2012 oneM2M Partners 5

6 Delegation Concept Delegated operation – Authorization access to resources are delegated with delegating identity of the Resource Owner – External Authentication and Authorization( outBand access control) done by the Application Server (OAuth, OpenID, etC..). Token based Permission – The Security issues and threats have been raised – Some Security Requirements identified FFS on the use cases. Concept to be in Rel.1 TBD what should be specified at Rel.1 timeframe ? © 2012 oneM2M Partners 6

7 Where we’re going Approval of specific operation on a specific resource ARC work is ongoing on Resources (through ACLs) Resource (or Data) is within an Object Operation (e.g.: CRUD) is ability to do something on Objects Lead ARC + support ALL User Active Entity Attributes OPERA TIONS OBJECTS Privileges (ActE) Active Entity Assignment (PA) Permission Assignment Sess- ions activeEntity_sessions session_attributes Authorization Evaluation FFS: Data Structure for decision f (ID, rôle, Access Rights subscription, service, etc…) Lead SEC + supp.ALL Controlled Access to Permissions Security features before access to resources is granted – Identification, – Authentication – Managemnt of assignments and activation Sessions Attributes Permissions.. Lead SEC Resources of Entity being accessed

Download ppt "Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:"

Similar presentations

Access Control Mechanism Discussion

Access Control Mechanism Discussion
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 2013-12-9 Agenda Item:

Access Control Mechanism for User Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: Agenda Item:
Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.

Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:

Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Configuration Management

Configuration Management
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.
App-ID Use Cases, Syntax and Attributes SEC-2015-0508-App-ID_Use_Cases,_Syntax_and_Attributes Group Name: Architecture Source: Darold Hemphill, iconectiv,

App-ID Use Cases, Syntax and Attributes SEC App-ID_Use_Cases,_Syntax_and_Attributes Group Name: Architecture Source: Darold Hemphill, iconectiv,
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-19 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
CSCE 201 Introduction to Information Security Fall 2010 Access Control.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-26 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
G53SEC 1 Access Control principals, objects and their operations.

G53SEC 1 Access Control principals, objects and their operations.
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: 2014-04-07 Agenda Item: Management.

Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.

Similar presentations

Ads by Google