- From: Ulf Bjorkengren <ulfbjorkengren@geotab.com>
- Date: Mon, 20 Apr 2020 09:20:44 +0200
- To: public-automotive <public-automotive@w3.org>
- Message-ID: <CAHfMbK-681GK0g9+F80YrBNHvwsZBs0JODv9uZo5+vCyQ0yx0Q@mail.gmail.com>
In our last meeting in the access control discussion we focussed on the authentication step, and the different entities that could be involved in this step - users, apps, devices, and maybe more. I think Magnus G called this a potential rabbit hole, and I agree. What about if we say that there must always be a user "at the backend" of all these use cases, other entities can act as proxies for this user under the condition that they can prove that? So at the AGT server, when an entity makes a request for an Access Grant token, it either is a user, or another entity bringing proof of being a proxy for a user, e. g. a signed token containing user identity. This token has then been acquired earlier, by a here non-specified process. In a model like this there are only "user-specific" RBAC roles as apps, devices, etc are all proxies for a user. Which has the benefit that it should simplify the definition of roles. The proxy identity should also be in the credential they use to prove their trustworthiness, but they are not otherwise "challenged" to prove it. A verifier should be able to link back to the user through data in the token if there is a need for stronger verification. I believe something like this could save us from the rabbit hole, and provide a security level that is on par with other parts of our access control model. BR Ulf -- Ulf Bjorkengren *Geotab* Senior Connectivity Strategist | Ph. D. Mobile +45 53562142 Visit www.geotab.com
Received on Monday, 20 April 2020 07:20:29 UTC