From:	owner-onem2m_mas@LIST.ONEM2M.ORG on behalf of Carey, Timothy 
(Timothy) [timothy.carey@ALCATEL-LUCENT.COM]
Sent:	Wednesday, February 12, 2014 9:27 PM
To:	Ennesser Francois; oneM2M_MAS@list.oneM2M.org; 
oneM2M_SEC@LIST.ONEM2M.ORG
Subject:	RE: OMA-BBF-oneM2M Collaboration: Clarification of the meaning of 
different and segregated security environments

Francois,

I like it:)

When interacting with the the M2M Service Layer, Access Control Management functions in the DM 
Server shall apply the principle of least privileges.

What to others think?

From: Ennesser Francois [mailto:Francois.Ennesser@gemalto.com]  
Sent: Wednesday, February 12, 2014 9:11 AM 
To: Carey, Timothy (Timothy); oneM2M_MAS@list.oneM2M.org; oneM2M_SEC@LIST.ONEM2M.ORG 
Subject: RE: OMA-BBF-oneM2M Collaboration: Clarification of the meaning of different and segregated 
security environments

Hello Tim and all,

Again it is a matter of mapping the words used in the requirements to commonly understood 
definitions.

Maybe , Access Control management functions in the DM Server shall apply the principle of least 
privileges ?

Best Regards,

Francois

From: owner-onem2m_mas@list.onem2m.org [mailto:owner-onem2m_mas@list.onem2m.org] On Behalf 
Of Carey, Timothy (Timothy) 
Sent: mardi 28 janvier 2014 18:21 
To: oneM2M_MAS@list.oneM2M.org; oneM2M_SEC@LIST.ONEM2M.ORG 
Subject: OMA-BBF-oneM2M Collaboration: Clarification of the meaning of different and segregated security 
environments

Security Experts Again.:)

During the OMA-BBF-oneM2M adhoc call on 1/27, we were discussing security requirements between 
the M2M Service Layer and DM Server (ms interface).


When we were discussing the Access Control Management requirements between the M2M Service 
Layer and DM Server we decided it was best if we used the principle of least privilege.

That said we were trying to craft a requirement that stated this principle. 

We thought we would seek out your expert advice on this.

I has a brief exchange with William Lupton and I think we can start with a requirement that looks like:

When interacting with the the M2M Service Layer, the DM Server shall utilize the principle of least privilege for 
the elements of Access Management Control functions.


Anyway  something to start the discussion with; any input would be appreciated.

BR,
Tim

 
This message and any attachments are intended solely for the addressees and may contain confidential 
information. Any unauthorized use or disclosure, either whole or partial, is prohibited. 
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed 
or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. 
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender 
will not be liable for damages caused by a transmitted virus
