From:	owner-onem2m_mas@LIST.ONEM2M.ORG on behalf of Carey, Timothy 
(Timothy) [timothy.carey@ALCATEL-LUCENT.COM]
Sent:	Wednesday, February 12, 2014 9:24 PM
To:	Ennesser Francois; oneM2M_MAS@list.oneM2M.org; 
oneM2M_SEC@LIST.ONEM2M.ORG
Subject:	RE: OMA-BBF-oneM2M Collaboration: Clarification of the meaning of 
different and segregated security environments

Francois,

Yes we mean that one DM Service may use LDAP in a different domain than the oneM2M Service 
Layer.


I think the second proposal might be best:

The DM Server shall be capable of supporting different security protocols and security 
contexts/domains.

What do people think of that requirement?


BR,
Tim
From: Ennesser Francois [mailto:Francois.Ennesser@gemalto.com]  
Sent: Wednesday, February 12, 2014 9:06 AM 
To: Carey, Timothy (Timothy); oneM2M_MAS@list.oneM2M.org; oneM2M_SEC@LIST.ONEM2M.ORG 
Subject: RE: OMA-BBF-oneM2M Collaboration: Clarification of the meaning of different and segregated 
security environments

Hello Tim,

Sorry for not having answered your questions earlier.

I see no conflict in your interpretation and its application to a DM server, considering that DM servers 
could be seen as special applications by an M2M system.

Regarding your proposed rewording, we need to make sure that all used terms are clearly understood 
(defined similarly) by all partners.
Is it your intention to mean:
> The DM server shall be capable of supporting multiple security context (or domains) in parallel 
Or for example:
> DM servers may support different security protocols (and security contexts/domains) ?

Thanks,

Francois

From: owner-onem2m_mas@list.onem2m.org [mailto:owner-onem2m_mas@list.onem2m.org] On Behalf 
Of Carey, Timothy (Timothy) 
Sent: mardi 28 janvier 2014 18:07 
To: oneM2M_MAS@list.oneM2M.org; oneM2M_SEC@LIST.ONEM2M.ORG 
Subject: OMA-BBF-oneM2M Collaboration: Clarification of the meaning of different and segregated security 
environments

Security Experts:)

During the OMA-BBF-oneM2M adhoc call on 1/27, we were discussing security requirements between 
the M2M Service Layer and DM Server (ms interface).

We were using several of the oneM2M Security requirements as a basis for this discussion.

One of the requirements:
	SER-024: The M2M System shall enable M2M Applications to use different and 
segregated security environments. 

I took to mean that we would want the ability, at least when security the session between the M2M 
Service Layer and DM Server for the 

DM Server to use different security domains and protocols (e.g., LDAP, Diameter).

Stating as:
	The DM Server shall be capable of using different and segregated security environments. 


I probably got this wrong so any clarification and help crafting a requirement would be great.

Thanks!

Tim

 
This message and any attachments are intended solely for the addressees and may contain confidential 
information. Any unauthorized use or disclosure, either whole or partial, is prohibited. 
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed 
or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. 
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender 
will not be liable for damages caused by a transmitted virus
