New take on RBAC from Ulf Bjorkengren on 2020-05-27 (public-automotive@w3.org from May 2020)

From: Ulf Bjorkengren <ulfbjorkengren@geotab.com>
Date: Wed, 27 May 2020 15:24:21 +0200
To: public-automotive <public-automotive@w3.org>
Message-ID: <CAHfMbK-mnRk=wBYkQrSe32t_jnd_dxkXfNaTVGsMkqb8J8kn+w@mail.gmail.com>

Hi,

thinking about the access control task led me back to the thoughts of
including RBAC in the model, which I think has a merit to it.
As we stumbled onto some rabbit holes and other obstacles in our previous
attempt, below you find an attempt to try to steer around these obstacles.
I am not claiming that it is a complete model down to the lowest detail
level, but maybe with some further thought it can enable the use of an RBAC
model, which I think would be an improvement.
''i hope we can find a slot to discuss it in today's virtual f2f meeting.

BR
Ulf

RBAC model with a “combi-role” definition.

The combi-role consists of three role-components:
User
Application
Device

The following is the basic sets of defined roles for each component.
User roles
OEM (60)
Dealer (50)
Independent (40)
Owner (30)
Driver (20)
Passenger (10)
Undefined (0)
Application
OEM (12)
Third party (6)
Undefined (0)
Device
Vehicle (12)
Nomadic (8)
Cloud (4)
Undefined (0)
The combi-role is coded into a 16-bit integer where the 6 MSB are used to
assign User roles, the 4 LSB are used to assign Device roles, and the 4
bits in between are used to assign Application roles. The values to
represent each role component are shown within the parentheses above.
So as an example the encoded combi-role value for User=OEM,
Application=Third party, Device = Cloud would be:
60*256 + 6*16 + 4 = 15460
The negotiation for which combi-role that a requesting client is assigned
is a part of the communication between the client and the AGT server. The
client requests a combi-role, and depending on the request the server may
subject the client to different authentication mechanisms, e. g.
challenge-response, certificate verification, MAC address check, proximity
check, etc.
The combi-role can be used to map pre-defined access profiles to client
requests for scope of access to the VSS tree. This may also be reflected in
what parts of the VSS tree that is returned on a getmetadata request.
The model supports additions of  further combi-roles as there are many
unused encoded values. This will work seamlessly in the local ecosystem,
but is likely to be incompatible with other OEM ecosystems.
This model supports both a hierarchical and non-hierarchical role model.
The encoded combi-role values may be tied to nodes in the VSS tree as a
means of declaring the access scope.

-- 
Ulf Bjorkengren
*Geotab*
Senior Connectivity Strategist | Ph. D.
Mobile +45 53562142
Visit www.geotab.com

Received on Wednesday, 27 May 2020 13:23:47 UTC