Access Control & Data Rights for the Industrial Internet

From IIW
Access Control & Data Rights for the Industrial Internet
Wednesday 5E

Convener: Dario Amiri

Notes-taker(s): Dario Amiri

Tags for the session - technology discussed/ideas considered

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

High level summary:

  • No best practices or standards for solving common use cases in II access control.
  • OAuth/UMA not sufficient on their own.
  • Some problems are generic enough that there might be common answers.

How can you access control hierarchies of resources?

  • Carry ids and coarse grained privileges in scopes.
  • Export standards for permissions and policies to UMA aunthz serverXACML for central management?

How can you access control event streams by time of ownership (e.g. previous owner of a device can only see event stream during his period of ownership)?

  • Many use case examples - no best practices or standards

How can you inject environment claims into the authz decision?

  • Data correlation and pattern analysis
  • JWS as a carrier of environment claims

Entitlement requests – Asks the question: “what are all of the resources I can access” rather than “can I access this particular resource”.

  • No good patterns or standards for entitlements request at the REST level

There might be useful information for these use cases in the body of work produced by the IETF constrained device working group COAP & ACE.

Dario Amiri Principal Software Architect GE Digital