Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » OM2M » Access control policies (oneM2M)(How to assign new ACPs to resources?)
Access control policies (oneM2M) [message #1749677] Fri, 09 December 2016 12:15 Go to next message
Daan Ravesteijn is currently offline Daan RavesteijnFriend
Messages: 1
Registered: December 2016
Junior Member
Hi,

When following the short tutorial on the wiki, I've created a new sensor and subscribed to it using my own application. This is all working great, my application is receiving updates whenever new data is published.

I've noticed the ACPs (Access Control Policies) for resources are automatically generated when creating the resources, giving full rights to the creator (in my case admin:admin) of those resources. Now I would like to add custom ACPs, as in assign multiple ACPs to one resource, with different user:pw combinations and different rights.

What would be the correct way of doing this?

Thanks in advance!

Daan
Re: Access control policies (oneM2M) [message #1751479 is a reply to message #1749677] Tue, 10 January 2017 16:10 Go to previous messageGo to next message
Guillaume Garzone is currently offline Guillaume GarzoneFriend
Messages: 54
Registered: April 2015
Member
Hi and sorry for the delay.

First of all to have more detailed information about ACP, you can check in the TS-001 section 9.6.2 (and other sections) here: http://onem2m.org/technical/published-documents.

There are two ways to do what you want to achieve, in my opinion.

You can update the ACP linked to the AE by adding new access control rules with different rights and originators. The inconvenient is you will have to update each ACP for each AE.

The second option is to create a "generic" ACP (or several) and link it to the concerned AEs.
You can choose which privileges to give to a specific originator in the "acr" (access control rule). (section 6.3.4.2.29 of the TS-004 to know which numbers to use for the different rights).
What you can do is create a specific ACP with all the access control rules you need with specific originators. The originator is set to admin:admin for the administrator entity but you can set it to the specific originators used by your AEs (id used in the originator in the requests).

Here is an example of ACP resource:
<m2m:acp xmlns:m2m="http://www.onem2m.org/xml/protocols">
    <pv>
        <acr>
            <acor>admin:admin</acor>
            <acop>63</acop>
        </acr>
        <acr>
            <acor>test</acor>
            <acop>34</acop>
        </acr>
    </pv>
    <pvs>
        <acr>
            <acor>admin:admin</acor>
            <acop>63</acop>
        </acr>
    </pvs>
</m2m:acp>


In this example of ACP you have two sections: the privileges (pv) and the self privileges. The privileges gathers the access control rules (acr) regarding the rights with on the resources linked to the ACP.
The self privileges (pvs) section gathers the rules concerning the ACP itself. In the example, the admin has all rights on any linked resource and the "test" entity has only discovery and retrieval rights. However, only the admin can modify the ACP and change the privileges. The "test" AE will not be able to see nor modify this ACP.

Link it to the AE(s) by updating the "acpi" attribute of the concerned AEs (you will have to interact as admin to make this update).
Be careful the "acpi" is a list of acp uris so you can set multiple ACPs for an AE. Just list the resource-ids of the concerned ACPs (separated with a blank space " ").

Hope this helps,

Guillaume



Re: Access control policies (oneM2M) [message #1760990 is a reply to message #1751479] Fri, 05 May 2017 03:34 Go to previous message
Fariz Alemuda is currently offline Fariz AlemudaFriend
Messages: 9
Registered: July 2016
Junior Member
Hi Guillaume,

Would you mind to create a specific tutorial to create the ACP? Honestly, I am so confused to go through the standards. Specifically, about the Content-Type, what should we put as the Header. Thank you.


[Update]

My bad, I just found the standard in oneM2M spec TS-0004 (V2.7.1), Table 6.3.4.2.1-1

So now, it works.

Best Regards,

Fariz Alemuda

[Updated on: Fri, 05 May 2017 08:21]

Report message to a moderator

Previous Topic:Group resource-Fanout content instance
Next Topic:Is there any SDK to use in the device?
Goto Forum:
  


Current Time: Thu Mar 28 16:11:01 GMT 2024

Powered by FUDForum. Page generated in 0.03046 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top