DOCSLIB.ORG

Cablelabs Specification

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cablelabs Specification CableLabs® Specifications Online Content Access Authentication and Authorization Interface 1.0 Specification CL-SP-AUTH1.0-C01-160616 CLOSED Notice This OLCA specification is the result of a cooperative effort undertaken at the direction of Cable Television Laboratories, Inc. for the benefit of the cable industry and its customers. This document may contain references to other documents not owned or controlled by CableLabs. Use and understanding of this document may require access to such other documents. Designing, manufacturing, distributing, using, selling, or servicing products, or providing services, based on this document may require intellectual property licenses from third parties for technology referenced in this document. Neither CableLabs nor any member company is responsible to any party for any liability of any nature whatsoever resulting from or arising out of use or reliance upon this document, or any document referenced herein. This document is furnished on an "AS IS" basis and neither CableLabs nor its members provides any representation or warranty, express or implied, regarding the accuracy, completeness, noninfringement, or fitness for a particular purpose of this document, or any document referenced herein. Cable Television Laboratories, Inc., 2010-2016 CL-SP-AUTH1.0-C01-160616 Online Content Access Document Status Sheet Document Control Number: CL-SP-AUTH1.0-C01-160616 Document Title: Authentication and Authorization Interface 1.0 Specification Revision History: I01 - Released 10/24/2010 I02 - Released 03/24/2011 I03 – Released 01/18/2012 I04 - Released 06/21/2012 C01 - Released 06/16/2016 Date: June 16, 2016 Status: Work in Draft Issued Closed Progress Distribution Restrictions: Author Only CL/Member CL/ Member/ Public Vendor Key to Document Status Codes: Work in Progress An incomplete document, designed to guide discussion and generate feedback that may include several alternative requirements for consideration. Draft A document in specification format considered largely complete, but lacking review by Members and vendors. Drafts are susceptible to substantial change during the review process. Issued A stable document, which has undergone rigorous member and vendor review and is suitable for product design and development, cross-vendor interoperability, and for certification testing. Closed A static document, reviewed, tested, validated, and closed to further engineering change requests to the specification through CableLabs. Trademarks CableCARD™, CableHome®, CableLabs®, CableNET®, CableOffice™, CablePC™, DCAS™, DOCSIS®, DPoE™, EBIF™, eDOCSIS™, EuroDOCSIS™, EuroPacketCable™, Go2BroadbandSM, M- Card™, M-CMTS™, OCAP™, OpenCable™, PacketCable™, PCMM™, PeerConnect™, and tru2way® are marks of Cable Television Laboratories, Inc. All other marks are the property of their respective owners ii CableLabs 6/16/16 Authentication and Authorization Interface 1.0 Specification CL-SP-AUTH1.0-C01-160616 Contents 1 INTRODUCTION ............................................................................................................................................... 1 1.1 Overview ....................................................................................................................................................... 1 1.2 Principal Objectives ....................................................................................................................................... 1 1.3 Scope ............................................................................................................................................................. 2 1.3.1 Actors ..................................................................................................................................................... 3 1.3.2 Roles ...................................................................................................................................................... 3 1.3.3 Subscriber .............................................................................................................................................. 3 1.3.4 Actor/Role Mappings ............................................................................................................................. 4 1.3.5 User Experience Task Flow ................................................................................................................... 5 1.4 Requirements (Conformance Notation) ......................................................................................................... 7 2 REFERENCES .................................................................................................................................................... 8 2.1 Normative References.................................................................................................................................... 8 2.2 Informative References .................................................................................................................................. 8 2.3 Reference Acquisition.................................................................................................................................... 8 3 TERMS AND DEFINITIONS ............................................................................................................................ 9 4 ABBREVIATIONS, ACRONYMS, SYMBOLS ............................................................................................. 11 5 ONLINE CONTENT ACCESS SCENARIOS ................................................................................................ 13 5.1 Scenario 1 .................................................................................................................................................... 13 5.1.1 Actors and Roles .................................................................................................................................. 13 5.1.2 Architecture ......................................................................................................................................... 14 5.1.3 Pre-conditions ...................................................................................................................................... 15 5.1.4 Use Cases ............................................................................................................................................ 15 5.2 Scenario 2 .................................................................................................................................................... 17 5.2.1 Actors and Roles .................................................................................................................................. 17 5.2.2 Architecture ......................................................................................................................................... 17 5.2.3 Pre-conditions ...................................................................................................................................... 18 5.2.4 Use Cases ............................................................................................................................................ 19 5.3 Scenario 3 .................................................................................................................................................... 20 5.3.1 Actors and Roles .................................................................................................................................. 20 5.3.2 Architecture ......................................................................................................................................... 21 5.3.3 Pre-conditions ...................................................................................................................................... 22 5.3.4 Use Cases ............................................................................................................................................ 23 5.4 Scenario 4 .................................................................................................................................................... 24 5.4.1 Actors and Roles .................................................................................................................................. 24 5.4.2 Architecture ......................................................................................................................................... 25 5.4.3 Pre-conditions ...................................................................................................................................... 26 5.4.4 Use Cases ............................................................................................................................................ 26 6 AUTHENTICATION REQUIREMENTS ...................................................................................................... 28 6.1 Overview ..................................................................................................................................................... 28 6.2 Authentication Architecture ......................................................................................................................... 28 6.3 Assumptions ................................................................................................................................................ 29 6.4 System Security requirements ....................................................................................................................
Load more

Recommended publications
  • Realization of the System for Access Management and Identity Federation with Use of Service Mojeid and the Product Dirx Access
    MASARYKOVA UNIVERZITA FAKULTA}w¡¢£¤¥¦§¨ INFORMATIKY !"#$%&'()+,-./012345<yA| Realization of the system for access management and identity federation with use of service mojeID and the product DirX Access. DIPLOMA THESIS Jakub Šebök Brno, Autumn 2014 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Jakub Šebök Advisor: RNDr. JUDr. Vladimír Šmíd, CSc. ii Acknowledgement I would like to thank firstly to my technical consultant Filip Höfer for his guidance. Secondly I thank to Mr. Šmíd for his advice about methodology and formal formatting of the thesis. And lastly I would like to thank all who survived by my side and cheered me up espe- cially during last months before the deadline. These are namely my mom, my girlfriend, Anton Gierlti, Matej Chrenko, Buddha and Bill Cosby. Thank you all again for enormous support. iii Abstract The aim of this thesis is implementation of a client program on the side of DirX Access which cooperates with the Czech identity provider mojeID. This cooperation consists of authenticating users by third party authority such that their credentials can be used for further processing in access management mechanism of DirX Access. iv Keywords security, SSO, OpenID, policies, RBAC, identity, mojeID, access man- agement, authentication, authorization v Contents 1 Introduction ............................3 2 Internet Security and Terminology ..............5 2.1 Identity ............................5 2.2 Identity Provider and Relying Party ...........6 2.3 Claims vs.
    [Show full text]
  • Trusted Computing Or Distributed Trust Management?
    Trusted computing or distributed trust management? Michele Tomaiuolo Dipartimento di Ingegneria dell’Informazione Università di Parma Via Usberti, 181/A – 43100 Parma – Italy [email protected] Abstract Nowadays, in contrast with centralized or hierarchical certification authorities and directory of names, other solutions are gaining momentum. Federation of already deployed security systems is considered the key to build global security infrastructures. In this field, trust management systems can play an important role, being based on a totally distributed architecture. The idea of distributed trust management can be confronted with the concept of trusted computing. Though having a confusingly similar denomination, the different interpretation of trust in these systems drives to divergent consequences with respect to system architectures and access policies, but also to law, ethics, politics. While trusted computing systems assure copyright holders and media producers that the hosting system will respect the access restrictions they defined, trust management systems, instead, allow users to grant trust to other users or software agents for accessing local resources. Keywords Data security, Security Management, Authentication, Authorization, Intellectual Property Rights, Information Access, Digital Books, Multimedia, Web Technologies Introduction A number of architectures and systems are being proposed as a ground for improved interoperability among diverse systems, mainly exploiting the idea of service-oriented architecture. Yet, some issues remain open. In fact, composition of services requires some delegation of goals and duties among partners. But these delegations cannot come into effect, if they’re not associated with a corresponding delegation of privileges, needed to access some resources and complete delegated tasks, or achieve desired goals.
    [Show full text]
  • OASIS Response to NSTC Request for Feedback on Standard Practices
    OASIS RESPONSE TO NSTC REQUEST FOR FEEDBACK ON STANDARDS PRACTICES OASIS (Organization for the Advancement of Structured Information Standards) is pleased to respond to the request from the National Science and Technology Council's Sub-Committee on Standards published at 75 FR 76397 (2010), and extended by 76 FR 3877 (2011), for feedback and observations regarding the effectiveness of Federal agencies' participation in the development and implementation of standards and conformity assessment activities and programs. We have advised our own members about the Federal Register inquiry, in case they wish to respond. Of course, their opinions are their own, and this response does not represent the views of any members, but only the observations of OASIS professional staff. I. RESPONDENT'S BACKGROUND OASIS is one of the largest and oldest global open data standards consortia, founded in 1993 as SGML Open. OASIS has over 5000 active participants representing about 600 member organizations and individual members in over 80 countries. We host widely-used standards in multiple fields including • cybersecurity & access control (such as WS-Security, SAML, XACML, KMIP, DSS & XSPA) [/1], • office documents and smart semantic documents (such as OpenDocument, DITA, DocBook & CMIS) [/2], and • electronic commerce (including SOA and web services, such as BPEL, ebXML, WS-ReliableMessaging & the WS-Transaction standards) [/3] among other areas. Various specific vertical industries also fulfill their open standards requirements by initiating OASIS projects, resulting in mission-specific standards such as • UBL and Business Document Exchange (for e-procurement) [/4], • CAP and EDML (for emergency first-responder notifications) [/5], and • LegalXML (for electronic court filing data)[/6].
    [Show full text]
  • Sociotal Creating a Socially Aware Citizen-Centric Internet of Things
    Ref. Ares(2017)3187879 - 26/06/2017 Specific Targeted Research Projects (STReP) SocIoTal Creating a socially aware citizen-centric Internet of Things FP7 Contract Number: 609112 WP1 – Socially-aware citizen centric architecture and community APIs Deliverable report Contractual date of delivery:31/08/2016 Actual submission date: 31/08/2016 Deliverable ID: D1.2.2 Deliverable Title: Final version of SocIoTal Architecture Responsible beneficiary: UNIS Contributing beneficiaries: UNIS, CEA, UC, CRS4, DNET, UMU Start Date of the Project: 1 September 2013 Duration: 36 Months Revision: 1 Dissemination Level: Public PROPRIETARY RIGHTS STATEMENT This document contains information, which is proprietary to the SOCIOTAL Consortium. Neither this document nor the information contained herein shall be used, duplicated or communicated by any means to any third party, in whole or in parts, except with prior written consent of the SOCIOTAL consortium. FP7 Contract Number: 609112 Deliverable report – WP1 / T1.2/D1.2.1 Document ID: D1.2.1 Document Information Document ID: D1.2.2 Version: Final 1.0 Version Date: 31 August 2016 Authors: Colin O’Reilly (UNIS), Ignacio Elicegui (UC), Carmen Lopez (UC), Luis Sanchez (UC), Jose Luis Hernández, Jorge Bernabé (UMU), Alberto Serra (CRS4), Nenad Gligoric, Srdjan Krco (DNET), Christine Hennebert (CEA), Alexandre MACABIES (CEA), Niklas Palaghias (UNIS) Security: Public Approvals Name Organization Date Visa Project Management K. MOESSNER UNIS Team Internal Reviewer Colin O’Reilly UNIS 24/08/2016 Internal Reviewer Srdjan
    [Show full text]
  • Russell County
    PRSRT STD U.S. POSTAGE PO Box 80 PAID Jamestown, KY 42629-0080 SOMERSET, KY PERMIT NO. 299 NATIONAL PROGRAMMING COSTS INCREASE FOR 2021, DUO BROADBAND EXPLORING OPTIONS FOR OUR CUSTOMERS Dear Valued TV Subscriber: Unfortunately, even during the current COVID-19 crisis, national television programmers (such as ESPN, TNT, USA, Discovery Channel, Comedy Central and others) along with FOX, NBC, CBS, and ABC TV affiliate stations have once again announced rate increases for 2021 to satellite operators and cable providers like DUO Broadband. Please refer to the inside pages for rates effective February 1, 2021. OUR RATE INCREASES REFLECTS ONLY THE COST INCREASES FROM PROGRAMMERS, BROADCASTERS and OPERATIONS IN ORDER TO PROVIDE SERVICES. We understand your frustration with these annual cost increases, especially during these trying times. We are frustrated as well. That is why we are exploring expanded options that offer you more choice and more affordable plans. In the meantime, DUO Broadband will continue to provide local weather, regional news broadcasts and fan favorite sports programs like the UK Wildcats, U of L Cardinals, and WKU Hilltoppers. We appreciate your business in 2020, and will continue to offer the high-quality programming you demand along with reliable local service that you expect from us to back it up. As always, we are available by phone or in person at the local customer center to discuss how DUO Broadband can best serve you in 2021. Sincerely, DUO Broadband (270) 343-3131 2021 Russell HFC, IPTV & Fiber PRIVACY NOTICE The Federal Cable Communications purpose of offering and rendering cable information that we collect and maintain Policy Act of 1984 contains certain television service and other services to you.
    [Show full text]
  • First Experiences Using XACML for Access Control in Distributed Systems
    First Experiences Using XACML for Access Control in Distributed Systems M. Lorch', S. Procto9, R. Lepro3, D. Kafura', S. Shah' ' Department of Computer Science, Virginia Tech Sun Microsystems Laboratories NASA Ames Research Center Abstract Authorization systems today are increasingly complex. They span domains of administration, rely on many different authentication sources, and manage permissions that can be as complex as the system itself. Worse still, while there are many standards that define authentication mechanisms, the standards that address authorization are less well defined and tend to work only within homogeneous systems. This paper presents XACML, a standard access control language, as one component of a distributed and inter-operable authorization framework. Several emerging systems which incorporate XACML are discussed. These discussions illustrate how authorization can be deployed in distributed, decentralized systems. Finally, some new and future topics are presented to show where this work is heading and how it will help connect the general components of an authorization system. 1. Introduction In modem systems, security is a critical feature. Beyond providing strong protection, security systems must also be flexible and promote inter-operability between domains of trust. However, flexibility can come at the price of simplicity and manageability, especially in the complex realm of authorization. Thus, the authorization components of a secure system must be able to work together across domains, but must be manageable to maintain their collaborative value. Authorization determines whether or not a given action, for example reading a file or logging into a server, is allowed. This is typically, though not always, achieved by authenticating a user and then using their locally assigned attributes or rights to make access decisions according to locally defined policies.
    [Show full text]
  • Tru2way™ Platform for Bidirectional Cable Communication Launches
    October 27, 2008 Tru2way™ Platform for Bidirectional Cable Communication Launches Comcast Corporation and Panasonic have announced the first deployment of Tru2way™ bidirectional digital cable technology. Tru2way was developed by CableLabs based on the OpenCable™ specification and is a Java-based open application platform. It is being promoted as a digital CableCARD™ system that enables two- way communication between a digital-cable-ready TV set or other device and a cable operator’s head end to provide viewers with a rich interactive experience. According to a statement from Panasonic, “the technology creates a common software platform that will enable cable companies, consumer electronics companies, content developers, network programmers and others to extend interactivity to the TV set and other kinds of devices.” On October 15, 2008, Comcast activated the technology on its cable systems in Chicago and Denver. Panasonic HDTV sets with tru2way capability were also made available at selected retail outlets in these areas. The new Panasonic 42” and 50” Viera sets have built-in tru2way CableCARD slots enabling consumers to receive the cable electronic program guide and access two-way digital cable programming, like video on demand, pay-per-view, and other services, without a cable operator-supplied set-top box. To see the announcement from Panasonic and Comcast click here. Another announcement, from the Consumer Electronics Association, is available here. The advantage of the bidirectional cable card for consumers is that it removes the need for another set- top device around the TV and potentially reduces the equipment fee cable operators charge to lease their set-top components.
    [Show full text]
  • When Mobile TV Meets the Internet and Social Networking by Marie-Jo
    The Future of Mobile TV: When Mobile TV meets the Internet and Social Networking By Marie-José Montpetit, Natalie Klym, and Emmanuel Blain 1 Introduction Over the last few years, online video services and telco IPTV have rocked the traditional model of television. As content delivery moves to an all-IP platform, connecting old and new providers to a growing array of increasingly personal and multi-purpose devices over fixed and mobile networks, the TV experience has become extremely versatile. Mobile TV is not immune to these upheavals, and is itself a disruptive force. In fact, it will soon make little sense to think of mobile TV as distinct from TV in general. Rather, it will be an integral part of an increasingly rich TV experience. This chapter provides a vision for the future of mobile TV as it evolves from standalone to integrated service. This shift will be examined in context of the more general transformation of television, with a focus on the recent integration of social networking. Our vision will thus build towards community-based approaches that harness the power of individuals, from their technologies to their behaviors. We begin by redefining mobile TV, and then give a brief overview of the key trends related to the television infrastructure and industry landscape. From there, we outline the mobile TV ecosystem of content, connections, and devices in more detail, and then demonstrate the growing importance of service features in this new environment, particularly in terms of integrating mobile and social TV. We would like to point out up front that many of the scenarios described in the paper are fraught with issues related to usability, technical difficulties, business models, and/or legalities.
    [Show full text]
  • Emergency Management Standards
    Emergency Management Standards HL7 WGM International Council May 2019 Elysa Jones, Chair OASIS Emergency Management Technical Committee Emergency Interoperability Member Section [email protected] Agenda ▪ What is OASIS ▪ Joint work with HL7 - Tracking emergency patients - Hospital availability 2 Internationally recognized ▪ EU classifies OASIS as “one of the top three ICT consortia”. ▪ EU Regulation 1025/2012 allows OASIS specs to be referenced in public procurement ▪ OASIS is permanent member of EC’s European Multi-Stakeholder Platform on ICT Standardization ▪ OASIS TC Process is ANSI-accredited. 3 Established presence, Current agenda ▪ Nonprofit consortium ▪ Founded 1993 ▪ Global 5,000+ participants 600+ orgs & individuals in 100+ countries ▪ Home of 70+ Technical Committees ▪ Broad portfolio of standards: security, privacy, Cloud, M2M, IoT, content technologies, energy, eGov, legal, emergency management, finance, Big Data, healthcare, + other areas identified by members 4 OASIS → de jure OASIS Standard Also Approved As: Advanced Message Queuing Protocol (AMQP) ISO/IEC 19464 ebXML Collaborative Partner Profile Agreement ISO 15000-1 ebXML Messaging Service Specification ISO 15000-2 ebXML Registry Information Model ISO 15000-3 ebXML Registry Services Specification ISO 15000-4 Security Assertion Markup Language (SAML) ITU-T Rec. X.1141 Extensible Access Control Markup Language (XACML) ITU-T Rec. X.1142 OpenDocument Format (ODF) ISO/IEC 26300 Common Alerting Protocol (CAP) ITU-T Rec. X.1303 Computer Graphics Metafile (WebCGM) W3C WebCGM
    [Show full text]
  • American Broadcasting Company from Wikipedia, the Free Encyclopedia Jump To: Navigation, Search for the Australian TV Network, See Australian Broadcasting Corporation
    Scholarship applications are invited for Wiki Conference India being held from 18- <="" 20 November, 2011 in Mumbai. Apply here. Last date for application is August 15, > 2011. American Broadcasting Company From Wikipedia, the free encyclopedia Jump to: navigation, search For the Australian TV network, see Australian Broadcasting Corporation. For the Philippine TV network, see Associated Broadcasting Company. For the former British ITV contractor, see Associated British Corporation. American Broadcasting Company (ABC) Radio Network Type Television Network "America's Branding Broadcasting Company" Country United States Availability National Slogan Start Here Owner Independent (divested from NBC, 1943–1953) United Paramount Theatres (1953– 1965) Independent (1965–1985) Capital Cities Communications (1985–1996) The Walt Disney Company (1997– present) Edward Noble Robert Iger Anne Sweeney Key people David Westin Paul Lee George Bodenheimer October 12, 1943 (Radio) Launch date April 19, 1948 (Television) Former NBC Blue names Network Picture 480i (16:9 SDTV) format 720p (HDTV) Official abc.go.com Website The American Broadcasting Company (ABC) is an American commercial broadcasting television network. Created in 1943 from the former NBC Blue radio network, ABC is owned by The Walt Disney Company and is part of Disney-ABC Television Group. Its first broadcast on television was in 1948. As one of the Big Three television networks, its programming has contributed to American popular culture. Corporate headquarters is in the Upper West Side of Manhattan in New York City,[1] while programming offices are in Burbank, California adjacent to the Walt Disney Studios and the corporate headquarters of The Walt Disney Company. The formal name of the operation is American Broadcasting Companies, Inc., and that name appears on copyright notices for its in-house network productions and on all official documents of the company, including paychecks and contracts.
    [Show full text]
  • INFRASTRUCTURE CAPABILTIES SUPPORTING CABLE's NATIONAL PLATFORM James Mumma, Sr. Director of Video Product Development, Comcas
    INFRASTRUCTURE CAPABILTIES SUPPORTING CABLE’S NATIONAL PLATFORM James Mumma, Sr. Director of Video Product Development, Comcast Cable Doug Jones, Chief Architect, BigBand Networks Abstract Capability to dynamically add or drop individual PIDs associated with bound One of the major initiatives for the cable programs; industry is the introduction of functionality Protocol interfaces to manage the giving subscribers opportunities to interact manipulations of identifiers associated with applications and services through their with bound programs; televisions. Doing so will enhance viewing Interoperability between the HFC experiences, usher in new revenue resource management system and the PID opportunities and provide competitive insertion function to account for the differentiation to satellite broadcasters and additional bandwidth used on a QAM as the telephone companies. bound applications are managed; An overall control mechanism to The ETV and the tru2way family of coordinate the management of bound specifications available at CableLabs applications with programmers, both describe how applications can be bound to national and local. programming allowing cable to deliver a national platform for advertising and other With a proper management framework services. While there are industry bound applications will provide both a specifications for delivering bound platform for national services as well as applications to a set-top box, there are no personalized services. The ETV and OCAP specifications defined on the infrastructure toolset provides for a plethora of services, but capabilities needed to manage these bound the management and control architecture applications. This paper proposes a technical needs to be designed in order to achieve the architecture and capabilities that can be used full potential for innovation of which it is to manage and deliver bound applications (in capable.
    [Show full text]
  • Implementation Experiences on IHE XUA and BPPC1 December 5, 2006
    Implementation Experiences On IHE XUA and BPPC1 December 5, 2006 Tuncay Namlı and Asuman Dogac Software Research and Development Center Middle East Technical University Ankara, Turkey The most up-to-date version of this document is available from http://www.srdc.metu.edu.tr/publications 1 This work is supported in part by the European Commission, eHealth Unit (http://ec.europa.eu/information_society/activities/health/index_en.htm) through the 027074 Saphire Project (http://www.srdc.metu.edu.tr/webpage/projects/saphire/) and by the Scientific and Technical Research Council of Turkey (TUBITAK) through the Project No. EEEAG 105E133. LIST OF FIGURES.......................................................................................................................................2 LIST OF ACRONYMS.................................................................................................................................3 1 OVERVIEW.........................................................................................................................................3 2 EXECUTIVE SUMMARY .................................................................................................................4 3 THE IMPLEMENTATION SCENARIO..........................................................................................5 4 TRUST MODEL..................................................................................................................................7 4.1 TRUST MODEL IN AN AFFINITY DOMAIN.......................................................................................7
    [Show full text]