7.17 Security Solutions
7.17.1 Introduction
This clauses in the section of the present document contains information on how to map the security specific management resources from TS-0022 [8] to managed objects and parameters as defined in the TR-181 [6] data model or the Remote Procedure Calls (RPCs) in TR-069 [4].
7.17.2 Resource [authenticationProfile]
The Resource [authenticationProfile] represents configuration information regarding establishing mutually-authenticated secure communications. The security principal using this configuration information can be a CSE or AE or the Managed ADN/ASN/MN acting as security principal on behalf of AEs on the Node, see clause 7.1.4 of TS0022 [8].
The Resource [authenticationProfile] is a multi-instance Resource where each instance of the Resource shall map to an instance of Device.X_oneM2M_org_SecuritySolution.AuthenticationProfile.{i} object.
The AuthenticationRule instance shall be created using the Add Object RPC of TR-069 [4].
The AuthenticationRule instance shall be deleted using the Delete Object RPC of TR-069 [4].
The information of a AuthenticationProfile instance shall be retrieved using the GetParameterValues RPC of TR-069 [4].
The information of a AuthenticationProfile instance shall be updated using the SetParameterValues RPC of TR-069 [4].
Table 7.17.2-1: Resource [authenticationProfile]
| Attribute Name of [authenticationProfile] | Parameters of Device.X_oneM2M_org_SecuritySolution.AuthenticationProfile.{i} |
|---|---|
| SUID | SUID |
| TLSCiphersuites | TLSCiphersuites |
| symmKeyID | SymmetricKeyID |
| symmKeyValue | SymmetricKeyValue |
| MAFKeyRegLabels | MAFKeyRegLabels |
| MAFKeyRegDuration | MAFKeyRegDuration |
| mycertFingerprint | MyCert (reference) |
| rawPubKeyID | RawPubKeyID |
| mgmtLink [trustAnchorCred] | TrustAnchorCredentials (list of references) |
The parameter MyCert is a TR-069 reference parameter that references a row in the Device.Security.Certificate table where the value of the mycertFingerprint attribute matches the value of a Device.Security.Certficate.{i}.X_oneM2M_org_Fingerprint parameter. The X_oneM2M_org_Fingerprint parameter shall be a unique key for the Device.Security.Certificate table.
The parameter TrustAnchorCredentials is a list of TR-069 reference parameter where each entry in the list references a row in the Device.X_oneM2M_org_SecuritySolution.TrustAnchorCredential table.
7.17.3 Resource [trustAnchorCred]
The Resource [trustAnchorCred] represents configuration information regarding certificates provided by certificate authorities used be managed entities to authenticate peer endpoints, see clause 7.1.6 of TS-0022 [8].
The Resource [trustAnchorCred] is a multi-instance Resource where each instance of the Resource shall map to an instance of Device.X_oneM2M_org_SecuritySolution.TrustAnchorCredential.{i} object.
The TrustAnchorCredential instance shall be created using the Add Object RPC of TR-069 [4].
The TrustAnchorCredential instance shall be deleted using the Delete Object RPC of TR-069 [4].
The information of a TrustAnchorCredential instance shall be retrieved using the GetParameterValues RPC of TR-069 [4].
The information of a TrustAnchorCredential instance shall be updated using the SetParameterValues RPC of TR-069 [4].
Table 7.17.3-1: Resource [trustAnchorCred]
| Attribute Name of [trustAnchorCred] | Parameters of Device.X_oneM2M_org_SecuritySolution.TrustAnchorCredential.{i} |
|---|---|
| certFingerprint | Fingerprint |
| URI | RemoteTrustStore |
7.17.4 Resource [myCertFileCred]
The Resource [myCertFileCred] represents configuration information regarding certificates presented by the managed entity to remote entities for the establishment of secure communications, see clause 7.1.5 of TS-0022 [8].
The Resource [myCertFileCred] is a multi-instance Resource where each instance of the Resource shall map to an instance of Device.Security.Certificate.{i} object.
The Certificate instance shall be created either using the Download RPC of TR-069 [4] or via an out-of-band mechanism.
The Certificate instance shall be deleted using the Download RPC of TR-069 [4] or via an out-of-band mechanism.
The information of a Certificate instance shall be retrieved using the GetParameterValues RPC of TR-069 [4].
The information of a Certificate instance shall be updated using the SetParameterValues RPC of TR-069 [4].
Table 7.17.4-1: Resource [myCertFileCred]
| Attribute Name of [myCertFileCred] | Parameters of Device.Security.Credential.{i} |
|---|---|
| SUIDs | X_oneM2M_org_SUIDs |
| myCertFileFormat | X_oneM2M_org_Format |
| myCertFileContent | The certificate is downloaded as part of the Download RPC of TR-069 |
The parameter AuthenticationProfile is a TR-069 reference parameter that references a row in the Device.X_oneM2M_org_SecuritySolution.AuthenticationProfile table where the value of the mycertFingerprint attribute matches the value of a Device.Security.Certficate.{i}.X_oneM2M_org_Fingerprint parameter. The X_oneM2M_org_Fingerprint parameter shall be a unique key for the Device.Security.Certificate table.
7.17.5 Resource [MAFClientRegCfg]
The Resource [MAFClientRegCfg] represents configuration information that permits a MAF client to register with a MAF, see clause 7.1.7 of TS-0022 [8].
The Resource [MAFClientRegCfg] is a multi-instance Resource where each instance of the Resource shall map to an instance of Device.X_oneM2M_org_SecuritySolution.MAFClientRegistration.{i} object.
The MAFClientRegistration instance shall be created using the Add Object RPC of TR-069 [4].
The MAFClientRegistration instance shall be deleted using the Delete Object RPC of TR-069 [4].
The information of a MAFClientRegistration instance shall be retrieved using the GetParameterValues RPC of TR-069 [4].
The information of a MAFClientRegistration instance shall be updated using the SetParameterValues RPC of TR-069 [4].
Table 7.17.5-1: Resource [MAFClientRegCfg]
| Attribute Name of [MAFClientRegCfg] | Parameters of Device.X_oneM2M_org_SecuritySolution.MAFClientRegistration.{i} |
|---|---|
| mgmtLink [authenticationProfile\ | AuthenticationProfile (TR-069 reference parameter that references a row in the Device.X_oneM2M_org_SecuritySolution.AuthenticationProfile table) |
| fqdn | FQDN |
| adminFQDN | AdminFQDN |
| httpPort | HTTPPort |
| coapPort | CoAPPort |
| websocketPort | WebsocketPort |
| expirationTime | ExpirationTimeStamp |
Editor note: Correct mgmtLink row above( -> [authenticationProfile] )
7.17.6 Resource [MEFClientRegCfg]
The Resource [MEFClientRegCfg] represents configuration information that permits a MEF client to register with a MEF, see clause 7.1.8 of TS-0022 [8].
The Resource [MEFClientRegCfg] is a multi-instance Resource where each instance of the Resource shall map to an instance of Device.X_oneM2M_org_SecuritySolution.MEFClientRegistration.{i} object.
The MEFClientRegistration instance shall be created using the Add Object RPC of TR-069 [4].
The MEFClientRegistration instance shall be deleted using the Delete Object RPC of TR-069 [4].
The information of a MEFClientRegistration instance shall be retrieved using the GetParameterValues RPC of TR069 [4].
The information of a MEFClientRegistration instance shall be updated using the SetParameterValues RPC of TR069 [4].
Table 7.17.6-1: Resource [MEFClientRegCfg]
| Attribute Name of [MEFClientRegCfg] | Parameters of Device.X_oneM2M_org_SecuritySolution.MEFClientRegistration.{i} |
|---|---|
| mgmtLink [authenticationProfile\ | AuthenticationProfile (TR-069 reference parameter that references a row in the Device.X_oneM2M_org_SecuritySolution.AuthenticationProfile table) |
| fqdn | FQDN |
| adminFQDN | AdminFQDN |
| httpPort | HTTPPort |
| coapPort | CoAPPort |
| websocketPort | WebsocketPort |
| expirationTime | ExpirationTimeStamp |
Editor note: Correct mgmtLink row above( -> [authenticationProfile] )