IRM in the Wild
Use/Business Cases Explored
Principles | Migration | IoT | Connected Road to/from Car | DNS | Block Chain (e.g., OneName, NameCoin) | Distributed Hashes | Promise Theory | Ontology | ||
---|---|---|---|---|---|---|---|---|---|---|
SalesForce | Strong Device Identity (SDID) - Low Computing Power | SDID - High Computing Power | ||||||||
Is there a role for a Relationship Manager? | Yes | Yes | Yes | Yes | Yes | yes (basically, this is the role of the ontology engine here) | ||||
Scalable | FULLY | PARTIAL Reality of IoT Raw device data stream, vs. identity (asset token) | FULLY Has to be | FULLY Has to be | PARTIAL Yes - Road handles multiple cars but traffic and road usage is applied | FULLY v4, v6 | FULLY | ABOX instances, wip TBOX rules | ||
Actionable | PARTIAL | FULLY By the nature of the of the asset token and platform | PARTIAL
| FULLY
| FULLY | FULLY IANA, Registration | PARTIAL | FULLY Defined in TBox | ||
(Im)Mutable | PARTIAL | FULLY Depends on info available from the device | PARTIAL | FULLY | Push - TBD | FULLY Immutable/Proxy/Forwarding | FULLY | FULLY TBox ->'Reasoner' ->ABox | ||
Contextual | FULLY | FULLY Depends on constraints of the device Nothing that excludes this | FULLY | FULLY | FULLY | FULLY Actually provides context | PARTIAL | FULLY TBox ->'Reasoner' ->ABox | ||
Transferrable (Delegation) | NONE | PARTIAL As token of "agency" Need to re-mint token (new JWT) | PARTIAL In terms of Ownership NOT Identity Change (Change vs. Transfer) | PARTIAL In terms of Ownership NOT Identity Change (Change vs. Transfer) | NONE - Today PARTIAL - in the Future - when automated vehicles are on the roads | FULLY Bought, Forwarded | FULLY | FULLY Ontology referentials | ||
Provable | PARTIAL | FULLY If HoK (signed JWT via JOSE) | PARTIAL Requires gateway | FULLY | FULLY | FULLY w/HTTPS DNSSEC | FULLY | FULLY Ontology referentials | ||
Acknowledgable | PARTIAL | FULLY Allows it to be assigned, you can show this | PARTIAL As capable as the device is | FULLY | FULLY | FULLY NMAP, other | FULLY | FULLY Ontology referentials | ||
Revocable | PARTIAL | FULLY Delete the token, there is an endpoint for access token status | NONE | FULLY | FULLY | PARTIAL | FULLY (although challenging for the right-to-be-forgotten) | FULLY Ontology referentials | ||
Constrainable | PARTIAL | PARTIAL From the device perspective - not referring to back-end | PARTIAL Difficult to add constraints - limited options | FULLY | PARTIAL | FULLY Subnets, Domains, etc. | FULLY | FULLY Ontology referentials TBox ->'Reasoner' ->ABox |
Architecture Notions
Notion | Notes/Comments |
---|---|
Scope it/ Profile | |
Bounded for use/links to the real world | SAML, UMA? |
Are components a viable approach? | OAuth/JWTs OpenID Connect |
At the IdP layer as backend or data store, "contextual identity store" | Can't change the apps Hack the IdP Hack the manager be it the IdP or the AS Is it a rule generator? "Contextual claims compiler" Co-opt the IdP |
Human Understandable | |
Are there simplifying assumptions? | |
IRM provides the context for AuthZ? | |
Build up the attributes from IdP in order to meet need for a claim | |
Semantic aspects | |
Autonomous | |
Distributed Ledgers |