Enabler Release Definition for Application Layer Security Common Functions

Similar documents
Enabler Release Definition for Parlay Service Access

Security Common Functions Architecture

Enabler Release Definition for Converged Personal Network Service

Enabler Release Definition for LPP Extensions (LPPe)

Enabler Release Definition for Rich Communication Centre

SOAP bindings for Call Notification

Enabler Release Definition for LPP Extensions (LPPe)

Lightweight Machine to Machine Architecture

Reference Release Definition for Parlay/OSA(Open Service Access) In OMA Service Environment (PIOSE)

Enabler Release Definition for Standard Transcoding Interface

Enabler Release Definition for Smartcard-Web-Server

Lightweight Machine to Machine Architecture

Enabler Release Definition for MMS

Standardized Connectivity Management Objects HTTP Proxy Parameters For use with OMA Device Management

OMA Push Management Object

Parlay Service Access Architecture

Point-to-Multipoint Push Requirements

NGSI Common Definitions

Enabler Validation Plan for the RESTful Network API for OMA Push

Lightweight M2M Event Log Object (LwM2M Object EventLog)

OMA Management Object for MMS

Client Side Content Screening Framework Architecture

OMA Management Object for Mobile_

Enabler Test Specification for Device Management

Enabler Test Specification for Device Management

Standardized Connectivity Management Objects 3GPP Circuit-Switched Data Bearer Parameters For use with OMA Device Management

Client Profile of OMA Device Management v1.3

Enabler Test Specification for RCS Conformance

Standardized Connectivity Management Objects WAP Proxy Parameters For use with OMA Device Management

OMA Device Management Tree and Description Serialization

Mobile Search Framework Architecture

Presence SIMPLE Architecture

Enabler Release Definition for Mobile Location Protocol (MLP) Candidate Version Mar 2004

OMA-ETS-DL-OTA-v1_ a Page 1 (24)

IM XDM Specification. Candidate Version Aug Open Mobile Alliance OMA-TS-IM_XDM-V1_ C

Software Component Management Object

Continues the Technical Activities Originated in the SyncML Initiative

Lightweight Machine to Machine Requirements

White Paper on M2M Device Classification

Class Conformance Requirements

OMA PoC Endorsement of OMA IM TS

RESTful Network API for Notification Channel

RESTful bindings for Parlay X Web Services - Payment

Charging Data. Candidate Version Jul Open Mobile Alliance OMA-DDS-Charging_Data-V1_ C

Software Component Management Object

Push Security Requirements

Firmware Update Management Object

Software and Application Control Management Object

Enabler Test Specification for Device Management

Parlay Service Access Requirements

OneAPI Profile of RESTful Network APIs

Software Component Management Object (SCOMO)

RESTful Network API for Chat

OMA PoC Document Management

RESTful Network API for Zonal Presence

Location in SIP/IP core Architecture Approved Version Jan 2012

PoC XDM Specification

OneAPI Profile of RESTful Network APIs

OMA Offline Charging Interface

Enabler Test Specification for Device Management

Management Objects for ZigBee Devices

White Paper on UAProf Best Practices Guide

CPM Interworking Function

Push using SIP. Candidate Version Apr Open Mobile Alliance OMA-TS-SIP_Push-V1_ C

XML Document Management (XDM) Specification

OMA Device Management Bootstrap

Cache Operation. Version 31-Jul Wireless Application Protocol WAP-175-CacheOp a

WAP-Sync-Spec. Data Synchronisation Specification Version 30-May Wireless Application Protocol WAP-234-SYNC a

Enabler Test Specification (Interoperability) for MMS 1.3 Candidate Version 15 Jun 2006

RESTful Network API for Third Party Call

XML Document Management (XDM) Specification

Enabler Test Specification for RCS Conformance

Provisioning Smartcard

OMA PoC Document Management

OMA Device Management Bootstrap

Generic Open Terminal API Framework (GotAPI)

Specification Information Note

[OMA-Template-Spec I]

Scalable Vector Graphics (SVG) for the Mobile Domain

WAP General Formats Document WAP-188-WAPGenFormats Version 10-Jul-2001

Location in SIP/IP core Specification Candidate Version Aug 2010

SyncML OBEX Binding. Candidate Version Apr Open Mobile Alliance OMA-TS-SyncML_OBEXBinding-V1_ C

Generic Open Terminal API Framework (GotAPI)

Push using SIP. Approved Version Aug Open Mobile Alliance OMA-TS-SIP_Push-V1_ A

Enabler Test Report Smartcard Web Server v1.0. OMA TestFest (January 2008) Version 1st February 2008

General Service Subscription Management Technical Specification

OMA Offline Charging Interface

Multimedia Messaging Service Architecture Overview

Smartcard-Web-Server. Approved Version Sep Open Mobile Alliance OMA-TS-Smartcard_Web_Server-V1_1_ A

Presence SIMPLE Data Specification

XML Document Management (XDM) Specification

RESTful Network API for Short Messaging

Specification Change Document

OMA Device Management Standardized Objects

Converged Personal Network Service Requirements

ETSI TS V (201

OMA Device Management Protocol

NGSI Context Management

ETSI TS V (201

Wireless Profiled HTTP

Transcription:

Enabler Release Definition for Application Layer Security Common Functions Candidate Version 1.1 30 Nov 2010 Open Mobile Alliance OMA-ERELD-SEC_CF-V1_1-20101130-C

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 2 (13) Use of this document is subject to all of the terms and conditions of the Use Agreement located at http://www.openmobilealliance.org/useagreement.html. Unless this document is clearly designated as an approved specification, this document is a work in process, is not an approved Open Mobile Alliance specification, and is subject to revision or removal without notice. You may use this document or any part of the document for internal or educational purposes only, provided you do not modify, edit or take out of context the information in this document in any manner. Information contained in this document may be used, at your sole risk, for any purposes. You may not use this document in any other manner without the prior written permission of the Open Mobile Alliance. The Open Mobile Alliance authorizes you to copy this document, provided that you retain all copyright and other proprietary notices contained in the original materials on any copies of the materials and that you comply strictly with these terms. This copyright permission does not constitute an endorsement of the products or services. The Open Mobile Alliance assumes no responsibility for errors or omissions in this document. Each Open Mobile Alliance member has agreed to use reasonable endeavors to inform the Open Mobile Alliance in a timely manner of Essential IPR as it becomes aware that the Essential IPR is related to the prepared or published specification. However, the members do not have an obligation to conduct IPR searches. The declared Essential IPR is publicly available to members and non-members of the Open Mobile Alliance and may be found on the OMA IPR Declarations list at http://www.openmobilealliance.org/ipr.html. The Open Mobile Alliance has not conducted an independent IPR review of this document and the information contained herein, and makes no representations or warranties regarding third party IPR, including without limitation patents, copyrights or trade secret rights. This document may contain inventions for which you must obtain licenses from third parties before making, using or selling the inventions. Defined terms above are set forth in the schedule to the Open Mobile Alliance Application Form. NO REPRESENTATIONS OR WARRANTIES (WHETHER EXPRESS OR IMPLIED) ARE MADE BY THE OPEN MOBILE ALLIANCE OR ANY OPEN MOBILE ALLIANCE MEMBER OR ITS AFFILIATES REGARDING ANY OF THE IPR S REPRESENTED ON THE OMA IPR DECLARATIONS LIST, INCLUDING, BUT NOT LIMITED TO THE ACCURACY, COMPLETENESS, VALIDITY OR RELEVANCE OF THE INFORMATION OR WHETHER OR NOT SUCH RIGHTS ARE ESSENTIAL OR NON-ESSENTIAL. THE OPEN MOBILE ALLIANCE IS NOT LIABLE FOR AND HEREBY DISCLAIMS ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE USE OF DOCUMENTS AND THE INFORMATION CONTAINED IN THE DOCUMENTS. Used with the permission of the Open Mobile Alliance Ltd. Under the terms set forth above.

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 3 (13) Contents 1. SCOPE... 4 2. REFERENCES... 5 2.1 NORMATIVE REFERENCES... 5 2.2 INFORMATIVE REFERENCES... 5 3. TERMINOLOGY AND CONVENTIONS... 6 3.1 CONVENTIONS... 6 3.2 DEFINITIONS... 6 3.3 ABBREVIATIONS... 6 4. RELEASE VERSION OVERVIEW... 7 4.1 VERSION 1.0 FUNCTIONALITY... 7 4.2 VERSION 1.1 FUNCTIONALITY... 7 5. DOCUMENT LISTING FOR SEC_CF... 8 6. OMNA CONSIDERATIONS... 9 7. CONFORMANCE REQUIREMENTS NOTATION DETAILS... 10 8. ERDEF FOR SEC_CF CLIENT REQUIREMENTS... 11 9. ERDEF FOR SEC_CF SERVER REQUIREMENTS... 12 APPENDIX A. CHANGE HISTORY (INFORMATIVE)... 13 A.1 APPROVED VERSION 1.0 HISTORY... 13 A.2 DRAFT/CANDIDATE VERSION 1.1 HISTORY... 13 Tables Table 1: Listing of Documents in SEC_CF Enabler... 8 Table 2: ERDEF for SEC_CF Client-side Requirements... 11 Table 3: ERDEF for SEC_CF Server-side Requirements... 12

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 4 (13) 1. Scope The scope of this document is limited to the Enabler Release Definition of Application Layer Security Common Functions (SEC_CF) according to OMA Release process and the Enabler Release specification baseline listed in section Error! Reference source not found..

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 5 (13) 2. References 2.1 Normative References [OMNA] Open Mobile Naming Authority, URL: http://www.openmobilealliance.org/tech/omna.aspx [RFC793] Transmission Control Protocol, IETF, RFC 793, J. Postel, September 1981, URL:http://www.ietf.org/rfc/rfc793.txt [RFC2119] Key words for use in RFCs to Indicate Requirement Levels, S. Bradner, March 1997, URL:http://www.ietf.org/rfc/rfc2119.txt [SCRRULES] 2.2 Informative References SCR Rules and Procedures, Open Mobile Alliance, OMA-ORG- SCR_Rules_and_Procedures, URL:http://www.openmobilealliance.org/ [OMADICT] Dictionary for OMA Specifications, Version 2.8, Open Mobile Alliance, OMA-ORG-Dictionary-V2_8, URL:http://www.openmobilealliance.org/

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 6 (13) 3. Terminology and Conventions 3.1 Conventions The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in [RFC2119]. All sections and appendixes, except Scope, Release Version Overview and Conformance Requirements Notation Details, are normative, unless they are explicitly indicated to be informative. The formal notation convention used in sections 8 and 9 to formally express the structure and internal dependencies between specifications in the Enabler Release specification baseline is detailed in [SCRRULES]. 3.2 Definitions Enabler Release Minimum Functionality Description Collection of specifications that combined together form an enabler for a service area, e.g. a download enabler, a browsing enabler, a messaging enabler, a location enabler, etc. The specifications that are forming an enabler should combined fulfil a number of related market requirements. Description of the guaranteed features and functionality that will be enabled by implementing the minimum mandatory part of the Enabler Release. 3.3 Abbreviations ERDEF ERELD GBA IPsec KMC OMA OSG SEC_CF TCP TLS Enabler Requirement Definition Enabler Release Definition Generic Bootstrapping Architecture IP Security Key Management Center Open Mobile Alliance OMA Security Gateway Security Common Functions Transmission Control Protocol Transport Layer Security

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 7 (13) 4. Release Version Overview Security Common Functions (SEC_CF) aims at providing a common security architecture for OMA Enablers. The common security architecture provides a common way to implement security functionality for OMA Enablers in a flexible way and it is adaptable to the requirements of different enabler deployment scenarios. Ultimately, it should be possible for all types of OMA enablers to use this architecture to provide security. 4.1 Version 1.0 Functionality This version of the SEC_CF aims to provide security functionality for OMA Enablers that are based on a Client-Server operational model and operate over TCP [RFC793] as the transport protocol. A Client-Server operational model in the SEC_CF context requires a functional entity denoted Security Agent (SECA), requesting services from an application server. Security Agents are generally implemented on a mobile terminal whereas the application server is likely to be the part of an OMA Enabler such as location servers, charging elements, etc. that resides in a fixed network. SEC_CF defines another functional entity, OMA security gateway (OSG), which can be integrated into other entities (e.g. mobile terminal, application server, etc) of the OMA Enabler architecture to provide security services to resources that are connected to it. The OSG MAY provide DoS protection. As an implementation option, the functional entity Key Management Center (KMC) is introduced to provide key management support to the OSG (in Home or Visited domains) and key management to the Security Agent. KMC can also be integrated into the OSG. The interfaces defined between SEC_CF functional entities can be implemented using industry standard security protocols. In some cases SEC_CF functional entities might be integrated into the enablers own functional entities to avoid creating new interfaces and simplify the solution. SEC_CF defines several security functions such as authentication, confidentiality protection and integrity protection to be reused by other OMA enablers. Security considerations for each security function are detailed in the relevant SEC_CF technical specifications. The SEC_CF architecture also permits various deployment models to reflect the current established deployment models (Home domain only, visited domain, etc) of service providers. In a summary, OMA SEC_CF 1.0 Enabler supports for the following functionality. Support for OMA Enablers that are based on a Client-Server operational model Support for OMA Enablers over TCP protocol GBA Profile TLS/PSK-TLS Profile SEC-CERT Management Object (MO) 4.2 Version 1.1 Functionality OMA SEC_CF 1.1 Enabler supports for the following additional functionality. Support for OMA Push services Support for OMA Enablers over SIP protocol Support for OMA Enablers over UDP protocol Support for Delegated Authentication for Web Services

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 8 (13) 5. Document Listing for SEC_CF This section is normative. Doc Ref Permanent Document Reference Description Requirement Document [SEC_CF_RD] OMA-RD-SEC_CF-V1_1-20101130-C Requirement Document for SEC_CF Enabler Architecture Document [SEC_CF_AD] OMA-AD-SEC_CF-V1_1-20101130-C Architecture Document for SEC_CF Enabler Technical Specifications [TLS_Profile] [GBA_Profile] [IPsec_Profile] [Delegated_Authn_Profile] Supporting Files OMA-TS-TLS_Profile-V1_1-20101130-C OMA-TS-GBA_Profile-V1_1-20101130-C OMA-TS-IPSec_Profile-V1_1-20101130-C OMA-TS- Delegated_Authentication_Profile- V1_1-20101130-C Specification that defines an OMA profile of TLS, DTLS and related IETF specifications. The profling amounts to stating which features, in referenced specifications, that must or should be supported. Specification that defines an OMA profile of GBA, as defined by 3GPP and 3GPP2. GBA specifies how operator controlled smart cards can be used to bootstrap a short term security association between a client and a server. The profling amounts to stating which features, in referenced specifications, that must or should be supported. Specification that defines an OMA profile of IPsec and related IETF specifications. The profling amounts to stating which features, in referenced specifications, that must or should be supported. Specificaton that defines an OMA profile of existing mechanisms related to delegated authentication for web service to provide SSO experience for users during accessing web services as well as to allow users to control their public identifiers on the web. [SEC_CERT_MO] [SEC_CERT_DDF] [SEC_CF_GBA_XSD] OMA-DDS-SEC_CERT_MO- V1_0-20080902-A OMA-SUP-MO_SEC_CERT-V1_0-20080902-A OMA-SUP-XSD_seccf_gba-V1_1-20101130-C Table 1: Listing of Documents in SEC_CF Enabler Using the OMA DM protocol and its data formats, this data definition specification defines Management Objects required for management of security properties (SEC CERT Mos). To be used as one option to initialize a device in context of the SEC_CF enabler, or in other contexts. DDF for the MO in [SEC_CERT_MO]. Working file in Schema directory: file: SEC_CERT_MO-v1_0.ddf path: http://www.openmobilealliance.org/tech/omna/dm-mo/ XML Schema for GBA in OMA Security Common Functions (SEC_CF) Working file in Schema directory: file: seccf_gba-v1_1.xsd path: http://www.openmobilealliance.org/tech/profiles/

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 9 (13) 6. OMNA Considerations 6.1 Namespace The SEC CF enabler introduces the following namespace in the seccf domain. Note that in order to maintain compatibility between minor versions of the same major version, only the major version is reflected in the namespace identifier. Further note that subsequent minor versions of the same XML schema (e.g. 1.2) will be registered against the same namespace identifier. Description Registered URN Schema Links GBA profile urn:oma:xml:seccf:gba:1 http://www.openmobilealliance.org/tech/profiles/seccf_gba-v1_1.xsd 6.2 GBA Protocol Identifier SEC CF declares the following GBA Protocol Identifier registered in [OMNA]. Protocol Description Octet String Specification References OMA Enabler Usage SIP Digest 0x03, 0x00, 0x00, 0x00, 0x03 SIP RFC3261 SEC CF V1.1

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 10 (13) 7. Conformance Requirements Notation Details This section is informative The tables in following chapters use the following notation: Item: Feature/Application: Requirement: Entry in this column MUST be a valid ScrItem according to [SCRRULES]. Entry in this column SHOULD be a short descriptive label to the Item in question. Expression in the column MUST be a valid TerminalExpression according to [SCRRULES] and it MUST accurately reflect the architectural requirement of the Item in question.

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 11 (13) 8. ERDEF for SEC_CF Client Requirements This section is normative. Item Feature / Application Requirement OMA-ERDEF-SEC_CF-C-001-M SEC_CF Client [TLS]: MCF OMA-ERDEF-SEC_CF-C-002-O SEC_CF Client [GBA_Profile]: OCF OMA-ERDEF-SEC_CF-C-003-O SEC_CF Client [SEC_CERT_MO]: OCF OMA-ERDEF-SEC_CF-C-004-O SEC_CF Client [Ipsec_Profile]: OCF OMA-ERDEF-SEC_CF-C-005-O SEC_CF Client [Delegated_Authn_Profile]: OCF Table 2: ERDEF for SEC_CF Client-side Requirements

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 12 (13) 9. ERDEF for SEC_CF Server Requirements This section is normative. Item Feature / Application Requirement OMA-ERDEF-SEC_CF-S-001-M SEC_CF Server [TLS]: MSF OMA-ERDEF-SEC_CF-S-002-O SEC_CF Server [GBA_Profile]: OSF OMA-ERDEF-SEC_CF-S-003-O SEC_CF Server [SEC_CERT_MO]: OSF OMA-ERDEF-SEC_CF-S-004-O SEC_CF Server [Ipsec_Profile]: OSF OMA-ERDEF-SEC_CF-S-005-O SEC_CF Server [Delegated_Authn_Profile]: OSF Table 3: ERDEF for SEC_CF Server-side Requirements

OMA-ERELD-SEC_CF-V1_1-20101130-C Page 13 (13) Appendix A. Change History (Informative) A.1 Approved Version 1.0 History Approved versions: OMA-ERELD-SEC_CF-V1_0 Reference Date Description 02 Sep 2008 Status changed to Approved by TP OMA-TP-2008-0321-INP_SEC_CF_V1_0_ERP_for_Final_Approval A.2 Draft/Candidate Version 1.1 History Document Identifier Date Sections Description Draft Versions: 07 Sep 2009 All Initial baseline for RD review OMA-ERELD-SEC_CF-V1_1 21 Oct 2009 2.2, 4.2, 5 To incorporate agreed CRs which address comments from RD formal review Candidate Version: OMA-ERELD-SEC_CF-V1_1 Draft Versions: OMA-ERELD-SEC_CF-V1_1 04 Nov 2009 5, A.2 Editorial corrections: Styles Document Listing Contents with tables Removal of empty App B 08 Dec 2009 All Status changed to Candidate by TP: OMA-TP-2009-0543-INP_SEC_CF_V1_1_RD_for_Candidate_Approval 06 Jan 2010 All Editorial changes: 2010 template Document listing updated 08 Jan 2010 5 Document listing updated 09 Mar 2010 5 Document listing updated Candidate Version: OMA-ERELD-SEC_CF-V1_1 Draft Versions: OMA-ERELD-SEC_CF-V1_1 Candidate Version: OMA-ERELD-SEC_CF-V1_1 30 Mar 2010 All Status changed to Candidate by TP: OMA-TP-2010-0127-INP_SEC_CF_V1_1_AD_for_Candidate_approval 01 Sep 2010 All OMA-ARC-SEC-2010-0072R02-CR_OMNA_Considerations OMA-ARC-SEC-2010-0083-CR_SEC_CF1.1_ERELD 03 Oct 2010 5, 6 04 Oct 2010 5 A.2 OMA-ARC-SEC-2010-0089-CR_ERELD_XSD_SUP_schema_update OMA-ARC-SEC-2010-0101-CR_Adding_GBA_XSD_to_ERELD Document listing updated Editorial fix: History table 29 Oct 2010 3.3, 4.2 OMA-ARC-SEC-2010-0110-CR_CONR_SEC_CF1.1_ERELD_J001_J002 Document listing updated in clause 5 03 Nov 2010 5 Document listing updated 30 Nov 2010 All Status changed by TP: OMA-TP-2010-0472-INP_SEC_CF_V1_1_ERP_for_Candidate_Approval

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback