7 Security Aspects

Authentication and Transport Layer Security can be established when the oneM2M entity which hosts the WebSocket Server can be addressed with the wss URI scheme. When using the wss URI scheme, one of the Security Association Establishment Frameworks (SAEF) as defined in oneM2M TS-0003 [4] shall be applied to provide mutually authenticated Transport Layer Security between the communicating entities prior to sending the WebSocket client handshake.

The SAEF is accomplished by successful completion of a TLS handshake procedure before the client sends its opening handshake message. The details of SAEF and possibly required Remote Security Provisioning Frameworks are specified in oneM2M TS-0003 [4].

In special deployment scenarios, e.g. when the communicating oneM2M entities using WebSocket binding are located in a secure environment and/or implemented on the same device, Transport Layer Security may not be required. In such scenarios unsecured WebSocket communication addressed with the ws URI scheme may be adequate.