scope:

Overview and Scope

This service is offered by a Security Console (SC). The Security Console offers a user interface for administration of access control on security-aware UPnP devices. [See DeviceSecurity:1 for a description of the actions used in the creation and editing of Access Control Lists (ACLs) and in taking security ownership of Devices.] As a device the Security Console is self-owned. If it has any access controlled actions, then those are to be administered by the human user and not by some other Security Console. Therefore, a Security Console does not need to include a DeviceSecurity service. It does have a certificate cache, but it is an outgoing cache, rather than an incoming cache.

A network built of the user's own components with no connection to anything outside the user's personal domain and with no control points belonging to anyone other than the user ever attached to the network would not require the features of UPnP Security. Network isolation would already have achieved a level of physical security. We are concerned in UPnP Security with networks in which more than the user's own Control Points are present on the physical network and able to reach the user's Devices with control messages. These situations can include:

use of wireless, power-line networking or cable modem without a firewall, allowing an attacker to join the network without the user's knowledge or permission

shared infrastructure networks, such as a college dorm or a condominium building wired for Ethernet as one network segment serving more than one person's residence

households of multiple adults or teens, in which each individual wants to establish a private security domain, in addition to any domain of devices or control points shared among them, while using a shared network domain

connections to the Internet via devices or services that create single network segments of multiple subscribers as a side effect of offering network connectivity (such as some cable modems and some ISP connections)

households in which guests might bring mobile devices or control points into the network temporarily

In such networks of intentional or accidental sharing, one cannot rely on physical network security to protect devices or on discovery methods (e.g., multicast SSDP) to compile a list of "My Devices" or "My Control Points". This leaves it up to the user manually to select from physically accessible devices and control points, choosing those of interest to that user. One primary function of the SC is to enable the user to make that selection. This process requires two operations that were not anticipated in the original design of UPnP:

discovery of control points; and

naming of devices and control points on a per-user basis.

The actions provided in this service allow the SC to perform those two functions.

In addition, the sharing of devices across security domains sometimes calls for the use of authorization certificates, as described in sections 1.1.3 and 3.3. This service provides actions for the delivery of such certificates (or certificate chains) (see 2.5.3) and for the revocation (via renewal) of certificates (see 2.5.4).