Consideration on HTTPCo AP Protocol Bindings Group Name

Consideration on HTTP/Co. AP Protocol Bindings Group Name: WG 3(PRO) & WG 4(SEC) Source: Shingo Fujimoto, FUJITSU, shingo_fujimoto@jp. fujitsu. com Meeting Date: 2014 -05 -12 Agenda Item: HTTP / Co. AP Binding TS PRO-2014 -0197 -Access_Control_Consideration

Introduction • We should not try ‘inventing wheel’ on one. M 2 M security since there are no time to evaluate new solution • Using TLS/DTLS sounds reasonable • The use of credential is remaining security issue in protocol WG’s scope. PRO-2014 -0197 -Access_Control_Consideration 2

Communication Models Field Domain ADN IN-CSE ASN IN-CSE ADN MN-CSE (GW) IN-CSE Infrastructure Domain Border of Field/Infrastructure should be protected PRO-2014 -0197 -Access_Control_Consideration 3

Access Control for User behind AE M 2 M App (AE) IN-CSE CSERoot Res 1 ASN Res 2 M 2 M App Users Individual Authorization Res 3 Access Control for AE is not enough “App-ID + individual authorization” is required PRO-2014 -0197 -Access_Control_Consideration 4

Issue on hop by hop security • All intermediate entities must be fully trusted • Each end point may not be distinguished Authorization may be given by intermediate Credential for Access should be carried transport independent way PRO-2014 -0197 -Access_Control_Consideration 5

Proposed solution M 2 M App (AE) HTTP+PSK(AE) HTTP+token over TLS HTTP+PSK(AE) IN-CSE HTTP+token over TLS Registrar-CSE IN-CSE Co. AP+TLS-PSK(AE) Co. AP+token-URL over DTLS Co. AP+TLS-PSK IN-CSE HTTP Co. AP+token HTTP+token Registrar-CSE PRO-2014 -0197 -Access_Control_Consideration IN-CSE 6