IRM in the Wild

A Look At IRM in the Wild

The following table is a working document which reflects the various "IRM in the Wild" use cases the IRM WG is discussing and how each applies to the IRM Principles as they are currently defined.


 

Use/Business Cases Explored

PrinciplesMigrationIoTConnected Road to/from CarDNS

Block Chain

(e.g., OneName, NameCoin)
Distributed HashesPromise TheoryOntology
  SalesForceStrong Device Identity (SDID) - Low Computing PowerSDID - High Computing Power      
Is there a role for a Relationship Manager?YesYesYesYesYes    yes (basically, this is the role of the ontology engine here)
ScalableFULLY

PARTIAL

Reality of IoT

Raw device data stream, vs. identity (asset token)

FULLY

Has to be

FULLY

Has to be

PARTIAL

Yes - Road handles multiple cars but traffic and road usage is applied

FULLY

v4, v6

FULLY

  

ABOX instances, wip

TBOX rules

ActionablePARTIAL

FULLY

By the nature of the of the asset token and platform

PARTIAL

 

FULLY

 

FULLY

FULLY

IANA, Registration

PARTIAL

  

FULLY

Defined in TBox

(Im)MutablePARTIAL

FULLY

Depends on info available from the device

PARTIAL

FULLY

Push - TBD

FULLY

Immutable/Proxy/Forwarding

FULLY

  

FULLY

TBox ->'Reasoner' ->ABox
ContextualFULLY

FULLY

Depends on constraints of the device

Nothing that excludes this

FULLYFULLYFULLY

FULLY

Actually provides context

PARTIAL

  

FULLY

TBox ->'Reasoner' ->ABox
Transferrable (Delegation)NONE

PARTIAL

As token of "agency"

Need to re-mint token (new JWT)

PARTIAL

In terms of Ownership NOT Identity Change (Change vs. Transfer)

PARTIAL

In terms of Ownership NOT Identity Change (Change vs. Transfer)

NONE - Today

PARTIAL - in the Future - when automated vehicles are on the roads

FULLY

Bought, Forwarded

FULLY

  

FULLY

Ontology referentials
ProvablePARTIAL

FULLY

If HoK (signed JWT via JOSE)

PARTIAL

Requires gateway

FULLYFULLY

FULLY

w/HTTPS DNSSEC

FULLY

  

FULLY

Ontology referentials
AcknowledgablePARTIAL

FULLY

Allows it to be assigned, you can show this

PARTIAL

As capable as the device is

FULLYFULLY

FULLY

NMAP, other

FULLY

  

FULLY

Ontology referentials
RevocablePARTIAL

FULLY

Delete the token, there is an endpoint for access token status

NONEFULLYFULLYPARTIAL

FULLY

(although challenging for the right-to-be-forgotten)

  

FULLY

Ontology referentials
ConstrainablePARTIAL

PARTIAL

From the device perspective - not referring to back-end

PARTIAL

Difficult to add constraints - limited options

FULLYPARTIAL

FULLY

Subnets, Domains, etc.

FULLY

  

FULLY

Ontology referentials

TBox ->'Reasoner' ->ABox


 

Architecture Notions

NotionNotes/Comments
Scope it/ Profile 
Bounded for use/links to the real worldSAML, UMA?
Are components a viable approach?

OAuth/JWTs

OpenID Connect

At the IdP layer as backend or data store, "contextual identity store"

Can't change the apps

Hack the IdP

Hack the manager be it the IdP or the AS

Is it a rule generator?

"Contextual claims compiler"

Co-opt the IdP

Human Understandable

 
Are there simplifying assumptions? 
IRM provides the context for AuthZ? 
Build up the attributes from IdP in order to meet need for a claim 
Semantic aspects 
Autonomous 
Distributed Ledgers