1、Information technology Open Connectivity Foundation(OCF)SpecificationPart 12:CloudsecurityspecificationTechnologies de linformation Specification de la Fondation pour la connectivit ouverte(Fondation OCF)Partie 12:Spcification de la scurit du nuageINTERNATIONAL STANDARDISO/IEC 30118-12First edition
2、2021-10Reference number ISO/IEC 30118-12:2021(E)ISO/IEC 2021iiISO/IEC 30118-12:2021(E)COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2021All rights reserved.Unless otherwise specified,or required in the context of its implementation,no part of this publication may be reproduced or utilized otherwise in any fo
3、rm or by any means,electronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCP 401 Ch.de Blandonn
4、et 8CH-1214 Vernier,GenevaPhone:+41 22 749 01 11Email:copyrightiso.orgWebsite:www.iso.orgPublished in Switzerland ISO/IEC 2021 All rights reserved ISO/IEC 30118-12:2021(E)ISO/IEC 2021 All rights reserved iii Contents Page Foreword.v Introduction.vi 1 Scope.1 2 Normative references.1 3 Terms,definiti
5、ons and abbreviated terms.2 3.1 Terms and definitions.2 3.2 Abbreviated terms.2 4 Document conventions and organization.3 4.1 Conventions.3 4.2 Notation.3 4.3 Data types.4 5 Security overview.4 5.1 Preamble.4 5.2 OCF Cloud architecture alignment with ISO IEC 17789.4 5.3 Device provisioning for OCF C
6、loud and Device registration overview.5 5.4 Credential overview.5 6 Device provisioning for OCF Cloud.5 6.1 OCF Cloud provisioning general.5 6.2 Device provisioning by Mediator.6 7 Device authentication with OCF Cloud.8 7.1 Device authentication with OCF Cloud general.8 7.2 Device connection with th
7、e OCF Cloud.8 7.3 Security considerations.9 8 Message integrity and confidentiality.10 8.1 OCF Cloud session semantics.10 8.2 Cipher suites for OCF Cloud Credentials.10 9 Security Resources.10 9.1 Account Resource.10 9.2 Account Session Resource.12 9.3 Account Token Refresh Resource.13 10 Security h
8、ardening guidelines.14 10.1 Security hardening guidelines general.14 Annex A(normative)Resource Type definitions.15 A.1 List of Resource Type definitions.15 A.2 Account Token.15 A.2.1 Introduction.15 A.2.2 Well-known URI.15 A.2.3 Resource type.15 A.2.4 OpenAPI 2.0 definition.15 A.2.5 Property defini
9、tion.18 A.2.6 CRUDN behaviour.19 A.3 Session.20 A.3.1 Introduction.20 A.3.2 Well-known URI.20 ISO/IEC 30118-12:2021(E)iv ISO/IEC 2021 All rights reserved A.3.3 Resource type.20 A.3.4 OpenAPI 2.0 definition.20 A.3.5 Property definition.22 A.3.6 CRUDN behaviour.23 A.4 Token Refresh.23 A.4.1 Introducti
10、on.23 A.4.2 Well-known URI.23 A.4.3 Resource type.23 A.4.4 OpenAPI 2.0 definition.24 A.4.5 Property definition.26 A.4.6 CRUDN behaviour.27 ISO/IEC 30118-12:2021(E)ISO/IEC 2021 All rights reserved v Foreword ISO(the International Organization for Standardization)and IEC(the International Electrotechn
11、ical Commission)form the specialized system for worldwide standardization.National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activ
12、ity.ISO and IEC technical committees collaborate in fields of mutual interest.Other international organizations,governmental and non-governmental,in liaison with ISO and IEC,also take part in the work.The procedures used to develop this document and those intended for its further maintenance are des
13、cribed in the ISO/IEC Directives,Part 1.In particular,the different approval criteria needed for the different types of document should be noted(see www.iso.org/directives or www.iec.ch/members_experts/refdocs).Attention is drawn to the possibility that some of the elements of this document may be t
14、he subject of patent rights.ISO and IEC shall not be held responsible for identifying any or all such patent rights.Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received(see www.iso.org/patent
15、s)or the IEC list of patent declarations received(see patents.iec.ch).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation of the voluntary nature of standards,the meaning of ISO specific terms and expression
16、s related to conformity assessment,as well as information about ISOs adherence to the World Trade Organization(WTO)principles in the Technical Barriers to Trade(TBT),see www.iso.org/iso/foreword.html.In the IEC,see www.iec.ch/understanding-standards.This document was prepared by the Open Connectivity Foundation(OCF)(as OCF Cloud Security Specification,version 2.2.0)and drafted in accordance with its editorial rules.It was adopted,under the JTC 1 PAS procedure,by Joint Technical Committee ISO/IEC
