Hi, Frank asked me to send his use case to the list as he is not available this and next week. Best Ingo Use case: "Object IdM managed appliance and servicing registration, authentication, and authorization" Discussion
From a business and security perspective, major features of self-servicing appliances need to provide transparent identification and seamless authentication of the appliance to web services and transparent identification and seamless authentication of web services to the appliance on behalf of the owner of the appliance and on behalf of the service team without additional owner or service team intervention. Pre-requisites: A user has purchased a household appliance (e.g. air condition, refrigerator, washing machine, etc.) including a subscription for self-servicing. Appliance is registered on an Object IdP by its owner, manufacturer, vendor service team or on its own(?). The servicing web service is registered on an Object IdP by its owner, manufacturer, vendor service team or on its own(?) Service processes The diagnostics application in the appliance realizes / analyzes the malfunctioning of a part or the changing values (e.g temperature, pressure, etc.). The m2m device in the appliance initiates an alarming call/message to the web service. So as to access the web service and get an access, based on the communication roles and security roles, the appliance starts an authentication on the Object-IdP. Based on its identity and credentials the appliance receive an access token from the IdP and use the token to grant access to the servicing web-service to assure its identity in order to book an additional remote diagnostic or a service technician and ensure thereby misuse of servicing or vice versa avoid a compromise of the appliance. Requirements and open issues The Object IdP shall support the management of appliance registration, authentication authorization. The Object IdP shall support the management of web service registration, authentication authorization. The Object IdP shall support the management of token validation What is the identity of the appliance? Who is the owner of the appliance identity? How identity representation (addresses, serial numbers...) can be matched/mapped to the "actual" Identity of Things? And what is the "actual" Identity of Things? (e.g. GS1 claims the be the IoT namespace)