Skip to content

6.6 LWM2M Object Security

6.6.1 Introduction

OMA-LWM2M and oneM2M Access Control Policies shall collaborate in order to assure the interworked resources are accessible according to the oneM2M Authorisation Procedure specified in clause 11.3.4 (M2M Authorization Procedure) of oneM2M TS-0001 [2] and clause 7 (Authorization) of oneM2M TS-0003 [5].

6.6.2 LWM2M Interworking Access Control Policy

The oneM2M Access Control Policy mechanisms specified in clause 7 of oneM2M TS-0003 [5], shall be used to check and validate the parameters of a request message against the ACPs (<accessControlPolicy> resources) which have been assigned to the accessed resource.

In order to assure a proper LWM2M Interworking with oneM2M, the IPE shall setup the hosting CSE by:

  1. providing a mandatory set of <accessControlPolicy> (ACPs) resources
  2. assigning a proper set of ACPs to the accessControlPolicyIDs attribute of each <container> resource allocated during the CSE registration phase (clause 6.3 LWM2M Object Discovery)

The process for provisioning the IPE in order to perform such a setup is described in clause 6.6.3 "IPE and Object Security provisioning" of the present document.

In addition, the Access Control Policy mechanisms specified in clause 7 of oneM2M TS-0003 [5] are fully applicable in this LWM2M interworking context.

6.6.3 IPE and Object Security provisioning

In order to provide oneM2M information specified in the clause 6.6.2 (set of <accessControlPolicy> (ACPs) resources, assignment of accessControlPolicyIDs), the LWM2M IPE shall be supplied by information such as:

  • a list of oneM2M originators and their associated Access Control Rules likely to be exercised on the Hosting CSE resources
  • a list of oneM2M originators likely to contact the LWM2M Clients with the associated set of authorized operations

In combining such an information with the Access Control Policy specified in a given LWM2M Client (clause 6.8 LWM2M Client Provisioning) the LWM2M IPE shall be able to provide to the Hosting CSE, the oneM2M Access Control Policy materials needed for properly registering LWM2M Objects representation. In the current release of this Specification, this procedure of how the Access Control Policy materials are provided is implementation specific.