oneM2M Logo transparent 196x130

Standards for M2M and the Internet of Things

TR-0057 Data Collection Principles - ACP

Access Control Policy

  • Access Control Policies (ACPs) are used by the CSE to control access to the resources.

  • The resources are always linked to Access Control Policies. ACPs are shared between several resources

  • Access Control Policies contain the rules (Privileges) defining:

    • WHO can access the Resource (e.g. Identifiers of authorized AE/CSE).

    • For WHAT operation (CREATE / RETRIEVE / UPDATE / DELETE…).

    • Under WHICH contextual circumstances (Time, Location, IP address).

  • ACPs are represented by <accessControlPolicy> resources.

    • Comprised of attributes privileges and selfPrivileges that represent a set of access control rules for entities.

 

<accessControlPolicy> resource content:

acp

 

Signification

  • acr = « Access Control Rule »

  • acor = « Access Control Originators »

  • acop = « Access Control Operations »

 

Operation Code

Combinations of these values are specified by adding them together. For example the value 5 is interpreted as "CREATE and UPDATE".

  • CREATE 1

  • RETRIEVE 2

  • UPDATE 4

  • DELETE 8

  • NOTIFY 16

  • DISCOVERY 32

 

Example:

acp example

 

  • Common attribute accessControlPolicyIDs link resources that are not <accessControlPolicy> resources to <accessControlPolicy> resources.

    • All resources are accessible only if the privileges from the ACP grants it.

    • All resources have an associated accessControlPolicyIDs attribute, either explicitly or implicitly.

    ACP verificationDiscovery example
Subscribe to oneM2M News Please enter your name and email address, then click on submit.
Alternatively, you can send an email from your preferred email application with a blank subject to
Listserv@list.etsi.org with subscribe oneM2M_News in the message body.

Subscribe to oneM2M News

Your Name(*)
Please let us know your name.

Your Email(*)
Please let us know your email address.