OCF 2.0 Clarify 10 parts on Section 7 SecWG CR2473. Legal Disclaimer
|
|
- Gabriella Hoover
- 5 years ago
- Views:
Transcription
1 Template version: 1.0 page 1 OCF 2.0 Clarify 10 parts on Section 7 SecWG CR2473 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY FOUNDATION. THIS DRAFT DOCUMENT MAY NOT BE RELIED UPON FOR ANY PURPOSE OTHER THAN REVIEW OF THE CURRENT STATE OF THE DEVELOPMENT OF THIS DRAFT DOCUMENT. THE OPEN CONNECTIVITY FOUNDATION AND ITS MEMBERS RESERVE THE RIGHT WITHOUT NOTICE TO YOU TO CHANGE ANY OR ALL PORTIONS HEREOF, DELETE PORTIONS HEREOF, MAKE ADDITIONS HERETO, DISCARD THIS DRAFT DOCUMENT IN ITS ENTIRETY OR OTHERWISE MODIFY THIS DRAFT DOCUMENT AT ANY TIME. YOU SHOULD NOT AND MAY NOT RELY UPON THIS DRAFT DOCUMENT IN ANY WAY, INCLUDING BUT NOT LIMITED TO THE DEVELOPMENT OF ANY PRODUCTS OR SERVICES. IMPLEMENTATION OF THIS DRAFT DOCUMENT IS DONE AT YOUR OWN RISK AMEND AND IT IS NOT SUBJECT TO ANY LICENSING GRANTS OR COMMITMENTS UNDER THE OPEN CONNECTIVITY FOUNDATION INTELLECTUAL PROPERTY RIGHTS POLICY OR OTHERWISE. IN CONSIDERATION OF THE OPEN CONNECTIVITY FOUNDATION GRANTING YOU ACCESS TO THIS DRAFT DOCUMENT, YOU DO HEREBY WAIVE ANY AND ALL CLAIMS ASSOCIATED HEREWITH INCLUDING BUT NOT LIMITED TO THOSE CLAIMS DISCUSSED BELOW, AS WELL AS CLAIMS OF DETRIMENTAL RELIANCE. The OCF logo is a trademark of Open Connectivity Foundation, Inc. in the United States or other countries. *Other names and brands may be claimed as the property of others. Copyright 2018 Open Connectivity Foundation, Inc. All rights reserved. Copying or other form of reproduction and/or distribution of these works are strictly prohibited.
2 Template version: 1.0 page 2 ****** Paste the Change Request content here ****** **Change 1: ** 3.2 Acronyms a nd Abbreviations OC Owner Credential OCSP Online Certificate Status Protocol OBT Onboarding Tool OCF See section , OCF Core Specification. OID Object Identifier OTM Owner Transfer Method OWASP Open Web Application Security Project. See OOB out-of-band 7. Se curity Provisioning **Change 2: ** Device Identity for Devices with UAID Table 1 Acronyms and abbreviations For identifying and protecting Devices, the Platform Secure Execution Environment (SEE) may opt to generate new Dynamic Public Key Pair (DPKP) for each Device it is hosting, or it may opt to simply use the same public key credentials embedded by manufacturer; Embedded Platform Credential (EPC). In either case, the Platform SEE will use its Random Number Generator (RNG) to create a device identity called UAID for each Device. The UAID is generated using either EPC only or the combination of DPKP and EPC if both are available. When both are available, the Platform shall use both key pairs to generate the UAID as described in this section. The Device ID is formed from the device s public keys and associated OCF Cipher Suite. The Device ID is formed by: 3) From DPKP, extract the value of the public key. The value should correspond to the v alue o f subjectpublickey defined in SubjectPublicKeyInfo. In the following we refer to this as DPK Validation of UAID To be able to use the newly generated Device ID (UAID) and public key pair (DPKP), the device Platform shall use the embedded private key (corresponding to manufacturer embedded public key and certificate) to sign a token vouching for the fact that it (the Platform) has in fact generated the DPKP and UAID and thus deferring the liability of the use of the DPKP to the new device owner. This also allows the ecosystem to extend the trust from manufacturer certificate to a device issued certificate for use in the new DPKP and UAID. The degree of trust is in dependent of the level of hardening of the device SEE. Dev_Token=Info, Signature(hash(info)) Signature algorithm=ecdsa (can be same algorithm as that in EPC or that possible for DPKP) Hash algorithm=sha256 Info=UAID <Platform ID> UAID_generation_data validity
3 Template version: 1.0 page 3 UAID_generation_data=data passed to the hash algorithm used to generate UAID. Validity=validity period in days (how long the token will be valid) **Change 3: ** 7.2 De vice Ownership This is an informative section. Devices are logical entities that are security endpoints that have an identity that is authenticable using cryptographic credentials. A Device is un-owned when it is first initialized. Establishing device ownership is a process by which the device asserts its identity to an OBT and the OBT asserts its identity to the device. This exchange results in the device changing its ownership state, thereby preventing a different OBT from asserting administrative control over the device. **Change 4: ** 7.3 De vice Ownership Transfer Methods SharedKey Credential Calculation - M essage is a concatenation of the following: Dox mtype string for the current onboarding method (e.g. "oic.sec.doxm.jw ") See "Section OCF defined OTMs for specific DoxmTypes" O w ner ID is a UUID identifying the device owner identifier and the device that maintains Share dkey. Use raw bytes as specified in RFC4122 section Device ID is new device s UUID Device ID **Change 5: ** Use raw bytes as specified in RFC4122 section Certificate Credential Generation All OTMs included in this document are considered optional. Each vendor is required to choose and implement at least one of the OTMs specified in this specification. The OCF, does however, anticipate vendor-specific approaches will ex ist. Should the vendor wish to have interoperability between a vendor-specific OTM and OBTs from other vendors, the vendor must work directly with OBT vendors to ensure interoperability. Notwithstanding, standardization of OTMs is the preferred approach. In such cases, a set of guidelines is provided below to help vendors in designing vendor-specific OTMs. (See Section 7.3.7).
4 Template version: 1.0 page 4 **Change 6: ** Esta blishing Owner Credentials Once the OBT and the new Device have authenticated and established an encrypted connection using one of the defined OTM methods. Owner credentials may consist of certificates signed by the OBT or other authority, user network access information, provisioning functions, shared keys, or Kerberos tickets. The OBT might then provision the new Device with additional credentials for Device management and Device-to-Device communications. These credentials may consist of certificates with signatures, UAID based on the Device public key, PSK, etc. The steps for establishing Device's owner credentials (OC) are detailed below: 1) The OBT shall establish the Device ID and Device owner uuid - Figure 19 2) The OBT then establishes Device s OC - Figure 20. This can be either: a) Sym metric credential - Figure 21 b) Asymmetric credential - Figure 22 3) Configure Device services - Figure 23 4) Configure Device for peer to peer interaction - Figure 24 Figure 1 - Asymmetric Owner Credential Provisioning Sequence
5 Template version: 1.0 page 5 Figure 2 - Configure Device Services
6 Template version: 1.0 page 6 Figure 3 - Provision New Device for Peer to Peer Interaction Sequence
7 Template version: 1.0 page 7 **Change 7: ** 13.7 Provisioning Status Resource Property Title Propert y Name Value Type Value Rule Mand atory Access Mode Device State Description Current Mode cm oic.sec.dpmtype bitmask Yes R RESET Serv er shall set to 0000,0001 RW RFOTM Should be set by DOXS after successful OTM to 00xx,xx10. RW RW R RFPRO RFNOP Set by CMS, AMS, DOXS after successful authentication Set by CMS, AMS, DOXS after successful authentication SRESET Serv er shall set to XXXX,XX01 Table 2 Properties of the oic.r.pstat Resource
8 Template version: 1.0 page 8 **Change 8: ** 7.4 Provisioning Provisioning Flows Client-directed Provisioning Figure 4 Example of Client-directed provisioning
9 Template version: 1.0 page 9 Step Description 1 Discover Devices that are owned and support Client-directed provisioning. 2 The /oic/sec/doxm Resource identifies the Device and its owned status. 3 Provisioning Tool(PT) obtains the new Device s provisioning status found in /oic/sec/pstat Resource 4 The pstat Resource describes the types of provisioning m odes supported and which is currently configured. A Device m anufacturer should set a default current operational mode (om ). If the O m isn t configured for Client-directed provisioning, its om value can be changed. Change state to Ready-for-Provisioning. cm is set to provision credentials. 5-6 PT instantiates the /oic/sec/cred Resource. It contains credentials for the provisioned services and other Devices 7-8 cm is set to provision ACLs PT instantiates /oic/sec/acl Resources. 11 The new Device provisioning status mode is updated to reflect that ACLs have been configured. (Ready-for-Normal-Operation state) 12 The secure session is closed. Table 3 Ste ps describing Client -directed provisioning **Change 9: **
10 Template version: 1.0 page Server-directed Provisioning Figure 5 Example of Server-directed provisioning using a single provisioning service
11 Template version: 1.0 page 11 Step Description 1 The new Device verifies it is owned. 2 The new Device verifies it is in self-provisioning mode. 3 The new Device verifies its target provisioning state is fully provisioned. 4 The new Device verifies its current provisioning state requires provisioning. 5 The new Device initiates a secure session with the provisioning tool using the /oic/sec/doxm. DevO wner value to open a TLS connection using SharedKey. 6 The new Device updates Cm to reflect provisioning of security services. 7-8 The new Devices gets the /oic/sec/cred Resources. It contains credentials for the provisioned services and other Devices. 9 The new Device updates Cm to reflect provisioning of credential Resources The new Device gets the /oic/sec/acl Resources. 12 The new Device updates Cm to reflect provisioning of ACL Resources. 13 The secure session is closed. Table 4 Steps for Server-directed provisioning using a single provisioning service
12 Template version: 1.0 page 12 **Change 10: **
13 Template version: 1.0 page Se rver-directed Provisioning Involving Multiple Support Services Figure 6 Example of Server-directed provisioning involving multiple support services
14 Template version: 1.0 page 14 Step Description 1 The new Device verifies it is owned. 2 The new Device verifies it is in self-provisioning mode. 3 The new Device verifies its target provisioning state is fully provisioned. 4 The new Device verifies its current provisioning state requires provisioning. 5 The new Device initiates a secure session with the provisioning tool using the /oic/sec/doxm. DevO wner value to open a TLS connection using SharedKey. 6-7 The new Device gets credentials Resource for the provisioned services and other Devices 8 The new Device updates Cm to reflect provisioning of support services. 9 The new Device closes the DTLS session with the provisioning tool. 10 The new Device finds the CMS from the /oic/sec/cred Resource, rowneruuid Property and opens a DTLS connection. The new device finds the credential to use from the /oic/sec/cred Resource The new Device requests additional credentials that are needed for interaction with other devices. 13 The new Device updates Cm to reflect provisioning of credential Resources. 14 The DTLS connection is closed. 15 The new Device finds the ACL provisioning and management service from the /oic/sec/acl2 Resource, rowneruuid Property and opens a DTLS connection. The new device finds the ACL to use from the /oic/sec/acl2 Resource The new Device gets ACL Resources that it will use to enforce access to local Resources The new Device should get SACL Resources immediately or in response to a subsequent Device Resource request The new Device should also get a list of Resources that should consult an Access Manager for m aking the access control decision. 22 The new Device updates Cm to reflect provisioning of ACL Resources. 23 The DTLS connection is closed. Table 5 Steps for Server-directed provisioning involving multiple support services
OCF 2.3 RBSTG: Bridging Security Editorial Cleanup Sec WG CR Legal Disclaimer
Template version: 1.2 page 1 2.3 RBSTG: Bridging Security Editorial Cleanup Sec WG CR 2685 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY
More informationOCF Cleveland release Device Management SVR part security firmware update - Security WG CR Legal Disclaimer
Template version: 1.2 page 1 OCF Cleveland release Device Management SVR part security firmware update - Security WG CR 2453 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN
More informationOCF 2.0 Clarify OCF CPLAttributes Extension, Section X, add Security OIDs, remove credid, update security profiles - Security WG CR 2529/2549
Template version: 1.2 page 1 OCF 2.0 Clarify OCF CPLAttributes Extension, Section 9.3.2.1.X, add Security OIDs, remove credid, update security profiles - Security WG CR 2529/2549 Legal Disclaimer THIS
More informationOCF Security Specification
OCF Security Specification VERSION 1.3.0 November 2017 CONTACT admin@openconnectivity.org Copyright Open Connectivity Foundation, Inc. 2016-2017. All Rights Reserved. 1 LEGAL DISCLAIMER 2 3 4 5 6 7 8 9
More informationOIC SECURITY SPECIFICATION V1.1.1
1 2 OIC SECURITY SPECIFICATION V1.1.1 Open Connectivity Foundation (OCF) admin@openconnectivity.org Copyright Open Connectivity Foundation, Inc. 2017. All rights Reserved 0 3 4 5 6 7 8 9 10 11 12 13 14
More informationOCF 2.0 Semantic Tagging ATG CR1970. Legal Disclaimer
Template version: 1.0 page 1 OCF 2.0 Semantic Tagging ATG CR1970 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY FOUNDATION. THIS DRAFT DOCUMENT
More informationOCF Core Specification Extension
OCF Core Specification Extension OCF Cloud VERSION 2.0 March 2018 CONTACT admin@openconnectivity.org Copyright Open Connectivity Foundation, Inc. 2018. All Rights Reserved. 2 3 4 5 6 7 8 9 10 11 12 13
More informationOCF 2.0 Constrained Device Support OIC 1.1 Core Technology WG CR Legal Disclaimer
Template version: 1.2 page 1 OCF 2.0 Constrained Device Support OIC 1.1 Core Technology WG CR 2413 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY
More informationOCF 2.3 New Resources for Gas Consumption DMWG CR Legal Disclaimer
Template version: 1.2 page 1 OCF 2.3 New Resources for Gas Consumption DMWG CR 2675 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY FOUNDATION.
More informationUsing EAP-TLS with TLS 1.3 draft-mattsson-eap-tls IETF 101, EMU, MAR John Mattsson, MOHIT sethi
Using EAP-TLS with TLS 1.3 draft-mattsson-eap-tls13-02 IETF 101, EMU, MAR 19 2018 John Mattsson, MOHIT sethi draft-mattsson-eap-tls13 EAP-TLS is widely supported for authentication in Wi-Fi. EAP-TLS is
More informationCredential Management for Internet of Things Devices
Credential Management for Internet of Things Devices Internet Protocol for Smart Objects (IPSO) Alliance Editors: Hannes Tschofenig, ARM Limited Ned Smith, Intel Contributors: Mark Baugher, Consultant
More informationSecurity Guide Release 4.0
[1]Oracle Communications Session Monitor Security Guide Release 4.0 E89197-01 November 2017 Oracle Communications Session Monitor Security Guide, Release 4.0 E89197-01 Copyright 2017, Oracle and/or its
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationTizen/Artik IoT Lecture Chapter 16. IoTivity Provisioning Manager
1 Tizen/Artik IoT Lecture Chapter. IoTivity Provisioning Manager Sungkyunkwan University Contents Provisioning Manager Roles Architecture Ownership Transfer Method Just Work Discovery and Set Ownership
More informationDIGITALSIGN - CERTIFICADORA DIGITAL, SA.
DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS
More informationEnhanced Serial Peripheral Interface (espi) ECN
Enhanced Serial Peripheral Interface (espi) ECN Engineering Change Notice TITLE Clarify OOB packet payload DATE 10 January 2014 AFFECTED DOCUMENT espi Base Specification Rev 0.75 DISCLOSURE RESTRICTIONS
More informationProvisioning IoT with Web NFC. Zoltan Kis Intel
Provisioning IoT with Web NFC Zoltan Kis (@zolkis), Intel Background JavaScript APIs for IoTivity, Soletta W3C Web NFC editor Web access to hardware Earlier: Network management (DSL) Mesh radio networks
More informationNimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]
Nimsoft Service Desk Single Sign-On Configuration Guide [assign the version number for your book] Legal Notices Copyright 2012, CA. All rights reserved. Warranty The material contained in this document
More informationIoTivity Provisioning Manager Design Specification v0.1d
IoTivity Provisioning Manager Design Specification v0.1d Contributing Authors (alphabetical order): Ashwini Kumar Chul Lee Randeep Singh Sandeep Sharma WooChul Shim 1 Table of Contents Background... 3
More informationOpenFlow Trademark Policy
Introduction OpenFlow Trademark Policy This document outlines the Open Networking Foundation s ( ONF ) policy for the trademarks and graphic logos that we use to identify the OpenFlow specification and
More informationBring Your Own Device. Peter Silva Technical Marketing Manager
Bring Your Own Device Peter Silva Technical Marketing Manager Bring-Your-Own-Device (BYOD) Personal devices for business apps Why implement BYOD? Increase employee satisfaction, productivity Reduce mobile
More informationCertification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive
Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Asseco Data Systems S.A. Podolska Street 21 81-321 Gdynia, Poland Certum - Powszechne
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 15945 First edition 2002-02-01 Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de l'information
More informationOCF Specification Introduction and Overview. June 2018
OCF Specification Introduction and Overview June 2018 Table of Contents Summary of OCF2.0 additions/improvements with respect to OCF1.3 Technical Principles for an Internet of Things Ecosystem Introduction
More informationDRAFT REVISIONS BR DOMAIN VALIDATION
DRAFT REVISIONS BR 3.2.2.4 DOMAIN VALIDATION (Feb. 15, 2016) Summary of changes The primary purpose of this change is to replace Domain Validation item 7 "Using any other method of confirmation which has
More informationAN12120 A71CH for electronic anticounterfeit protection
Document information Info Keywords Abstract Content Security IC, IoT, Product support package, Secure cloud connection, Anti-counterfeit, Cryptographic authentication. This document describes how the A71CH
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationSSL Certificates Certificate Policy (CP)
SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full
More informationAVEVA Global. Release 12.0.SP6 WCF. User Bulletin
AVEVA Global Release 12.0.SP6 WCF User Bulletin Disclaimer Information of a technical nature, and particulars of the product and its use, is given by AVEVA Solutions Limited and its subsidiaries without
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation June 2014 Public Legal disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue
More informationOctober 14, SAML 2 Quick Start Guide
October 14, 2017 Copyright 2013, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and
More informationOracle Utilities Opower Solution Extension Partner SSO
Oracle Utilities Opower Solution Extension Partner SSO Integration Guide E84763-01 Last Updated: Friday, January 05, 2018 Oracle Utilities Opower Solution Extension Partner SSO Integration Guide Copyright
More informationEntrust WAP Server Certificate Relying Party Agreement
Entrust WAP Server Certificate Relying Party Agreement The WAP/WTLS specification v1.1 does not provide a means for certificate revocation checking. The following Relying Party Agreement" provides further
More informationInternet Engineering Task Force. Intended status: Standards Track. December 26, 2018
Internet Engineering Task Force Internet-Draft Intended status: Standards Track Expires: June 29, 2019 H. Wang, Ed. Y. Yang X. Kang Huawei International Pte. Ltd. December 26, 2018 Using Identity as Raw
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationIBM UrbanCode Cloud Services Security Version 3.0 Revised 12/16/2016. IBM UrbanCode Cloud Services Security
IBM UrbanCode Cloud Services Security 1 Before you use this information and the product it supports, read the information in "Notices" on page 10. Copyright International Business Machines Corporation
More informationETSI TS V1.1.1 ( )
TS 119 144-4 V1.1.1 (2016-06) TECHNICAL SPECIFICATION Electronic Signatures and Infrastructures (ESI); PAdES digital signatures - Testing Conformance and Interoperability; Part 4: Testing Conformance of
More informationSymantec Managed PKI. Integration Guide for AirWatch MDM Solution
Symantec Managed PKI Integration Guide for AirWatch MDM Solution ii Symantec Managed PKI Integration Guide for AirWatch MDM Solution The software described in this book is furnished under a license agreement
More informationCERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement
CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement Welcome to Certified Mail Envelopes and Certified Mail Labels web sites (the Site ) a website, trademark and business name owned and operated
More informationThis Specification is provided for future development work within onem2m only. The Partners accept no liability for any use of this Specification.
This Specification is provided for future development work within onem2m only. The Partners accept no liability for any use of this Specification. The present document has not been subject to any approval
More informationInteroperability Solutions Guide for Oracle Web Services Manager 12c (12.2.1)
[1]Oracle Fusion Middleware Interoperability Solutions Guide for Oracle Web Services Manager 12c (12.2.1) E57783-01 October 2015 Documentation for software developers that describes how to implement the
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationonem2m-ts-0008-coap Protocol Binding-V CoAP Protocol Binding Technical Specification
1 2 3 Document Number Document Name: O NEM2M T ECHNICAL SPECIFICATION onem2m-ts-0008-coap Protocol Binding-V-0.5.0 CoAP Protocol Binding Technical Specification Date: 2014-08-01 Abstract: The specification
More informationDell One Identity Cloud Access Manager 8.0. Overview
Dell One Identity Cloud Access Manager 8.0 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under
More informationTCG Compliance TNC IF-MAP Metadata for Network Security Compliance Test Plan
TCG Compliance TNC IF-MAP Metadata for Network Security Compliance Test Plan 0 Revision 11 10 March 2011 Published Contact: admin@trustedcomputinggroup.org Copyright TCG 2006-2011 Copyright 2006-2011 Trusted
More informationTrustworthy user authentication, authorization, data integrity AND consent management
RapidQube Solutions Trustworthy user authentication, authorization, data integrity AND consent management I D E N T I T Y A N D A CC E S S M A N A G E M E N T S O L U T I O N RapidQube Solutions 2 IDENTITY
More informationMERIDIANSOUNDINGBOARD.COM TERMS AND CONDITIONS
MERIDIANSOUNDINGBOARD.COM TERMS AND CONDITIONS Introduction This document sets forth the terms and conditions ("Terms and Conditions") governing your use of the MeridianHealth.com Web site ("Web Site")
More informationLOGO LICENSE AGREEMENT(S) CERTIPORT AND IC³
LOGO LICENSE AGREEMENT(S) CERTIPORT AND IC³ EXHIBIT B-2 LICENSEE: Address: Attention: Phone: Fax: Email: Account #: CERTIPORT LOGO LICENSE AGREEMENT Authorized Testing Centers This Logo License Agreement
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationPKI is Alive and Well: The Symantec Managed PKI Service
PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions
More informationSecure Development Guide
Secure Development Guide Oracle Health Sciences InForm 6.1.1 Part number: E72493-01 Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
More informationIdentity Federation Requirements
Identity Federation Requirements By: Technical Editing Author: Stephen Skordinski Version: 1.001 Published: September 26, 2012 Document Change History for Technical Documents Template Version Number Version
More informationCIP Security Pull Model from the Implementation Standpoint
CIP Security Pull Model from the Implementation Standpoint Jack Visoky Security Architect and Sr. Project Engineer Rockwell Automation Joakim Wiberg Team Manager Technology and Platforms HMS Industrial
More informationONEM2M TECHNICAL SPECIFICATION
Document Number Document Name: ONEM2M TECHNICAL SPECIFICATION TS-0008- V-1.3.2 CoAP Protocol Binding Date: Abstract: 2016-February-29 The specification will cover the protocol specific part of communication
More informationOracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017
Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E87635-01 November 2017 Copyright 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013 Table of Contents 1. Introduction... 5 1.1. Trademarks... 5
More informationOCF SPECIFICATION INTRODUCTION AND OVERVIEW. November 2017
OCF SPECIFICATION INTRODUCTION AND OVERVIEW November 2017 Table of Contents Technical Principles for an Internet of Things Ecosystem Introduction to the Open Connectivity Foundation OCF Specification Overview
More informationConfiguring Client Keystore for Web Services
Configuration Guide SAP Information Collaboration Hub for Life Sciences Document Version: 1.1 Released to Customer Date: Non-SAP Backend System on SAP Information Collaboration Hub for Life Sciences Typographic
More informationVSP16. Venafi Security Professional 16 Course 04 April 2016
VSP16 Venafi Security Professional 16 Course 04 April 2016 VSP16 Prerequisites Course intended for: IT Professionals who interact with Digital Certificates Also appropriate for: Enterprise Security Officers
More informationActivIdentity ActivID Card Management System and Juniper Secure Access. Integration Handbook
ActivIdentity ActivID Card Management System and Juniper Secure Access Integration Handbook Document Version 2.0 Released May 2, 2012 ActivIdentity ActivID Card Management System and Juniper Secure Access
More informationDatapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record
1 2 3 Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record 5 White boxes show the access points for different kinds of security. That s what we will
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto and/or its subsidiaries who shall have and keep the
More informationSDLC INTELLECTUAL PROPERTY POLICY
SDLC INTELLECTUAL PROPERTY POLICY Last Revised: 11/14/17 1. Introduction. This Intellectual Property Policy ( Policy ) governs intellectual property rights of the SDL Consortium ( SDLC ) and its Members
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.18 Effective Date: August 16, 2017 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationOracle Communications WebRTC Session Controller
Oracle Communications WebRTC Session Controller Security Guide Release 7.0 E40975-01 November 2013 Oracle Communications WebRTC Session Controller Security Guide, Release 7.0 E40975-01 Copyright 2013,
More informationOCF 2.3 Bridging Spec Framework CRs BTG CRs 2614, 2615, & Legal Disclaimer
Template version: 1.2 page 1 OCF 2.3 Bridging Spec Framework CRs BTG CRs 2614, 2615, & 2666 Legal Disclaimer THIS IS A DRAFT SPECIFICATIO DOCUMET OL AD HAS OT BEE ADOPTED B THE OPE COECTIVIT FOUDATIO.
More informationHome-Based Authentication User Experience Guidelines for TV Everywhere
Home-Based Authentication User Experience Guidelines for TV Everywhere OATC TV Everywhere Usability Working Group September 23, 2015 Version 1.0 ABSTRACT Home-based authentication (HBA) is a TV Everywhere
More informationInternet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)
Internet Engineering Task Force (IETF) M. Salter Request for Comments: 6460 National Security Agency Obsoletes: 5430 R. Housley Category: Informational Vigil Security ISSN: 2070-1721 January 2012 Abstract
More informationThe Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation
The Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation Solutions Blueprint January 2015 Order Number: 330880-002US INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More informationAPP NOTES Onsight Rugged Smart Camera Wireless Network Configuration
APP NOTES Onsight Rugged Smart Camera Wireless Network Configuration July 2016 Table of Contents 1. Overview... 4 1.1 Onsight Setup Wizard... 4 1.2 Onsight Wireless Manual Setup... 4 1.3 Hotspot Login...
More informationEXBO e-signing Automated for scanned invoices
EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationFIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module
FIPS 140-2 Security Policy for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module Hardware Version: 88i8925, 88i8922, 88i8945, and 88i8946 Firmware Version: Solaris2-FIPS-FW-V1.0 Document Version:
More informationIoT security based on the DPK platform
Zz S E C U M O B I. WHITE PAPER IoT security based on the DPK platform Powered by Ethereum David Khoury Elie Kfoury ABSTRACT Public key distribution remains one of the main security weaknesses in many
More informationRed Hat OpenStack Platform 10 Product Guide
Red Hat OpenStack Platform 10 Product Guide Overview of Red Hat OpenStack Platform OpenStack Team Red Hat OpenStack Platform 10 Product Guide Overview of Red Hat OpenStack Platform OpenStack Team rhos-docs@redhat.com
More informationRequest for Comments: 5422 Category: Informational H. Zhou Cisco Systems March 2009
Network Working Group Request for Comments: 5422 Category: Informational N. Cam-Winget D. McGrew J. Salowey H. Zhou Cisco Systems March 2009 Dynamic Provisioning Using Flexible Authentication via Secure
More informationLinux Founda+on Collabora+on Summit: OIC Security. Ned Smith Intel
Linux Founda+on Collabora+on Summit: OIC Security Ned Smith Intel 1 IoT A Metaphor for Pelagic Compu+ng What do I mean by pelagic compu;ng? Other Controller Larval slipper lobster riding on salp chain*
More informationApril Understanding Federated Single Sign-On (SSO) Process
April 2013 Understanding Federated Single Sign-On (SSO) Process Understanding Federated Single Sign-On Process (SSO) Disclaimer The following is intended to outline our general product direction. It is
More informationFunding University Inc. Terms of Service
Funding University Inc. Terms of Service None of the information contained in Funding University's website constitutes a recommendation, solicitation or offer by Funding University or its affiliates to
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide Using SafeNet Authentication Service as an Identity Provider for SonicWALL Secure Remote Access All information herein is either public information or is
More informationNICC ND 1635 V 1.1.1( )
ND 1635 V 1.1.1(2008-06) Document NGN Interconnect: Media Path Technical Specification Network Interoperability Consultative Committee, Ofcom, 2a Southwark Bridge Road, London, SE1 9HA. 2 ND 1635 V 1.1.1(2008-06)
More informationAdvanced Access Content System (AACS) Signed CSS Book
Advanced Access Content System (AACS) Signed CSS Book Intel Corporation International Business Machines Corporation Microsoft Corporation Panasonic Corporation Sony Corporation Toshiba Corporation The
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationTLS. RFC2246: The TLS Protocol. (c) A. Mariën -
TLS RFC2246: The TLS Protocol What does it achieve? Confidentiality and integrity of the communication Server authentication Eventually: client authentication What is does not do Protect the server Protect
More informationAvira Certification Authority Policy
Avira Certification Authority Policy Version: 1.0 Status: Draft Updated: 2010-03-09 Copyright: Avira GmbH Author: omas Merkel Introduction is document describes the Certification Policy (CP) of Avira Certification
More informationSecurity Authentication and Authorization What s New in security in QlikView 11. Fredrik Lautrup Ralph Senseny
Security Authentication and Authorization What s New in security in QlikView 11 Fredrik Lautrup Ralph Senseny Legal Disclaimer This Presentation contains forward-looking statements, including, but not
More informationApple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Version 4.0 Effective Date: September 18, 2013 Table of Contents
More informationSAP IoT Application Enablement Best Practices Authorization Guide
SAP IoT Application Enablement Best Practices Authorization Guide TABLE OF CONTENTS 1 INITIAL TENANT SETUP... 3 1.1 Configure Trust... 3 1.1.1 Technical Background... 6 1.2 Establish Trust... 6 1.3 Set
More informationHA240 SAP HANA 2.0 SPS02
HA240 SAP HANA 2.0 SPS02 - Authorizations, Scenarios & Security Requirements. COURSE OUTLINE Course Version: 14 Course Duration: 2 Day(s) SAP Copyrights and Trademarks 2018 SAP SE or an SAP affiliate
More informationSMKI Code of Connection
SMKI Code of Connection DCC Public Page 1 of 12 Contents 1 Connection Mechanism... 4 1.1 Browser Policy... 4 2 SMKI Services interfaces... 5 2.1 SMKI Services interfaces via DCC Gateway Connection... 5
More informationTERMS & CONDITIONS. Complied with GDPR rules and regulation CONDITIONS OF USE PROPRIETARY RIGHTS AND ACCEPTABLE USE OF CONTENT
TERMS & CONDITIONS www.karnevalkings.com (the "Site") is a website and online service owned and operated by the ViisTek Media group of companies (collectively known as "Karnevalkings.com", "we," "group",
More informationVersion 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM
Version 9 Release 0 IBM i2 Analyst's Notebook Premium Configuration IBM Note Before using this information and the product it supports, read the information in Notices on page 11. This edition applies
More information