2

I'm working on IoTKETI Mobius platform. I try to implement group-based authentication methods in oneM2M, Mobius platform. I was able to Register, Update, Delete an Application Entity. I did not use access control policies yet, because of my main aim is group-based authentication i thought that i should use an external authentication server. I did my research in onem2m documents, however i couldn't find any direct answer. Is there a way that, implement group-based authentication in IoTKETI Mobius ? Do i need external authentication server or it can be done with acp ? If authencation server needed, which one should i research ?

İbrahim Uğur ABA
  • 140
  • 1
  • 10
  • Could you elaborate a bit about your use case? And did you have a look at oneM2M's TR-0038 http://www.onem2m.org/tr-0038 ? – Andreas Kraft Apr 02 '20 at 20:18
  • I already read TR-0038 document. This is my thesis subject, so it's an academic work. There is not any specific use case. I guess, i should implement an authentication server with node js. While AE's are registering, i will add some lines of code into security check part. By this way, like passport.js, the system use external authentication server. So group of AE's can register and authenticate simultaneously. – İbrahim Uğur ABA Apr 03 '20 at 13:14
  • Your approach sounds feasible. For the actual management of authorisations you will need an authorisation management system. You may also have a look at Eclipse om2m, pre-release for 1.4 (https://projects.eclipse.org/projects/iot.om2m/reviews/1.4.0-release-review) There, support for dynamic authorization is implemented). – Andreas Kraft Apr 03 '20 at 14:36
  • Is there an authorization management system that integrate mobius or onem2m directly ? My first choice is Eclipse om2m but Mobius is certified, it will be used as a golden sample to validate test cases and testing system. Because of this reason we changed our focus on Mobius. If my thoughts are feasible, i will start working with node js, passport.js. – İbrahim Uğur ABA Apr 03 '20 at 16:06
  • I am sorry, but I am not an expert on AAA or identity systems. But your work sounds pretty interesting. Are you or your organisation a member of one of the oneM2M partners so that you can directly participate in the oneM2M work, also perhaps in the testing group and contribute to oneM2M's security specs? – Andreas Kraft Apr 03 '20 at 17:17
  • But coming back to the question: when you say group-based authentication, do you role-based? Did you have a look at the resource or the resource? The latter can be used to assign a role to an AE, which can be referenced in an ACP. So, yes, you can use ACP and roles to handle authorisations. – Andreas Kraft Apr 03 '20 at 20:52
  • Sorry for late reply. Unfortunately there is not any member of oneM2M partners. My academic advisor is the former employee of one of the oneM2M partners. Practically there is not direct connection. If this thesis is successful, i will try to connect them. The answer of that question is that: my main aim is implement previous group-based authentication methods like G-AKA, SE-AKA, GR-AKA etc. Because of this reason there is no direct answer, some of schema can use role-based, some of not. I did research about serviceSubscribedAppRule but i will read that more detail. – İbrahim Uğur ABA Apr 04 '20 at 21:04
  • There is always the possibility to present your work at one of the public events, like ETSI IoT Week or one of the industry days. You may contact oneM2M's TP directly for this. Regarding your inquiry: oneM2M defines the behaviour of resources and the service framework, but doesn't define the business logic behind management, so a solution should separate the technical management part and the business requirements. Anyway: Good luck with your thesis! Looking forward to see the results. – Andreas Kraft Apr 04 '20 at 21:16
  • Thank you Andreas I hope, I can present this work – İbrahim Uğur ABA Apr 06 '20 at 06:23

0 Answers0