oneM2M Logo transparent 196x130

Standards for M2M and the Internet of Things

Shane HE Bio

Shane He

Dr. Shane HE is a standardization professional specialist at Nokia (Bell Labs & CTO). She is concentrating on IoT standardization and vertical industries, her interests include 5G, IoT/M2M architecture, lightweight protocols, information models and applications, as well as verticals (Industrial IoT, Smart Cities, Automotive).

She participates in several M2M/IoT industry standards bodies, especially in oneM2M, ITU-T and ETSI. She is currently serving as the Chair of oneM2M Requirements & Domain Models (RDM) Working Group. She is also actively involved in ITU-T SG20 as the Rapporteur of Q3/20 (IoT Architectures, management, protocols and QoS).

oneM2M Industry Day in India

TR-0057 Data Collection Principles - ACP

Access Control Policy

  • Access Control Policies (ACPs) are used by the CSE to control access to the resources.

  • The resources are always linked to Access Control Policies. ACPs are shared between several resources

  • Access Control Policies contain the rules (Privileges) defining:

    • WHO can access the Resource (e.g. Identifiers of authorized AE/CSE).

    • For WHAT operation (CREATE / RETRIEVE / UPDATE / DELETE…).

    • Under WHICH contextual circumstances (Time, Location, IP address).

  • ACPs are represented by <accessControlPolicy> resources.

    • Comprised of attributes privileges and selfPrivileges that represent a set of access control rules for entities.


<accessControlPolicy> resource content:




  • acr = « Access Control Rule »

  • acor = « Access Control Originators »

  • acop = « Access Control Operations »


Operation Code

Combinations of these values are specified by adding them together. For example the value 5 is interpreted as "CREATE and UPDATE".

  • CREATE 1


  • UPDATE 4

  • DELETE 8

  • NOTIFY 16




acp example


  • Common attribute accessControlPolicyIDs link resources that are not <accessControlPolicy> resources to <accessControlPolicy> resources.

    • All resources are accessible only if the privileges from the ACP grants it.

    • All resources have an associated accessControlPolicyIDs attribute, either explicitly or implicitly.

    ACP verificationDiscovery example

TR-0057 Data Collection Principles - Container


  • Container for data instances is represented by the <container> resource.

    • Data storage used to share information with other entities and track data.

  • <container> resource has no associated content.

    • Only attributes and child resources are available.

    • Actual data/content is stored in <contentInstance> child resource.

  • <container>  is the only resource allowed to have recursive child resources.

    • <container> resource can have other <container> as  child resources.

    • useful for representing hierarchical data structure.

     containerExample of resources tree


TR-0057 Data Collection Principles - Subscription and Notification

Subscription and Notification

  • Events generated by resources can be received using the <subscription> resource.

  • The <subscription> resource contains subscription information for its "subscribed-to" resource.

    • <subscription> resource is a child resource of the "subscribed-to" resource.

  • The originator (resource subscriber) has RETRIEVE privileges to the "subscribed-to" resource in order to create the <subscription> resource.

  • Notification policies specified in the attributes can be applied to the <subscription>.

    • Specify which, when, and how notifications are sent.

    • Example: batchNotify – receive batches of notification rather than one at a time.



Subcription and notification example

Subscribe to oneM2M News Please enter your name and email address, then click on submit.
Alternatively, you can send an email from your preferred email application with a blank subject to with subscribe oneM2M_News in the message body.

Subscribe to oneM2M News

Your Name(*)
Please let us know your name.

Your Email(*)
Please let us know your email address.