W3C home > Mailing lists > Public > public-automotive@w3.org > April 2020

User centric access control model

From: Ulf Bjorkengren <ulfbjorkengren@geotab.com>
Date: Mon, 20 Apr 2020 09:20:44 +0200
Message-ID: <CAHfMbK-681GK0g9+F80YrBNHvwsZBs0JODv9uZo5+vCyQ0yx0Q@mail.gmail.com>
To: public-automotive <public-automotive@w3.org>
In our last meeting in the access control discussion we focussed on the
authentication step, and the different entities that could be involved in
this step -  users, apps, devices, and maybe more.
I think Magnus G called this a potential rabbit hole, and I agree.
What about if we say that there must always be a user "at the backend" of
all these use cases, other entities can act as proxies for this user under
the condition that they can prove that?
So at the AGT server, when an entity makes a request for an Access Grant
token, it either is a user, or another entity bringing proof of being a
proxy for a user, e. g. a signed token containing user identity. This token
has then been acquired earlier, by a here non-specified process.
In a model like this there are only "user-specific" RBAC roles as apps,
devices, etc are all proxies for a user. Which has the benefit that it
should simplify the definition of roles.
The proxy identity should also be in the credential they use to prove their
trustworthiness, but they are not otherwise "challenged" to prove it. A
verifier should be able to link back to the user through data in the token
if there is a need for stronger verification.
I believe something like this could save us from the rabbit hole, and
provide a security level that is on par with other parts of our access
control model.

BR
Ulf

-- 
Ulf Bjorkengren
*Geotab*
Senior Connectivity Strategist | Ph. D.
Mobile +45 53562142
Visit www.geotab.com
Received on Monday, 20 April 2020 07:20:29 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 April 2020 07:20:30 UTC