Access Control & Data Rights for the Industrial Internet
- Access Control & Data Rights for the Industrial Internet
- Wednesday 5E
Convener: Dario Amiri
Notes-taker(s): Dario Amiri
- Tags for the session - technology discussed/ideas considered
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
High level summary:
- No best practices or standards for solving common use cases in II access control.
- OAuth/UMA not sufficient on their own.
- Some problems are generic enough that there might be common answers.
How can you access control hierarchies of resources?
- Carry ids and coarse grained privileges in scopes.
- Export standards for permissions and policies to UMA aunthz serverXACML for central management?
How can you access control event streams by time of ownership (e.g. previous owner of a device can only see event stream during his period of ownership)?
- Many use case examples - no best practices or standards
How can you inject environment claims into the authz decision?
- Data correlation and pattern analysis
- JWS as a carrier of environment claims
Entitlement requests – Asks the question: “what are all of the resources I can access” rather than “can I access this particular resource”.
- No good patterns or standards for entitlements request at the REST level
There might be useful information for these use cases in the body of work produced by the IETF constrained device working group COAP & ACE.
Dario Amiri Principal Software Architect GE Digital